Study: Financial Firms Hit Hard By Targeted Attacks

A graphic shows threats targeting financial services organizations vs. non financial services focused attacks in purple. (Image courtesy of Websense/Raytheon.)
A graphic shows threats targeting financial industry organizations vs. non financial services focused attacks in purple. (Image courtesy of Websense/Raytheon.)

In-brief: A new report from the firm Websense finds that financial services firms are being hit hard by cyber attacks, including targeted attacks aimed at luring employees into installing malicious software on corporate networks.

Things are bad all over, but they may be worse for firms in the financial sector. A new report from the firm Websense finds that financial services firms are being hit hard by cyber attacks, including targeted attacks aimed at luring employees into installing malicious software on corporate networks.

Websense Labs (now part of Raytheon) said it observed a 300% increase in attacks on financial services firms relative to other industries, including a big share of so-called “lure” attacks that attempt to coax employees with sophisticated appeals and online traps. Financial services firms encounter far more security incidents than firms in other industries and a constantly shifting array of attacks, Websense said.

“Under constant barrage by cyber criminals, the number of attacks against the Finance sector dwarfs the average volume of attacks against other industries by a 3:1 ratio. Further, the sophistication and persistent nature of the attacks continues to challenge security professionals,” the report says.

Financial services firms are repositories of rich deposits of salable data that is of intense interest to both sophisticated and unsophisticated hackers, said  Carl Leonard, a Principal Security Analyst at WebSense Raytheon.

[Read more Security Ledger coverage of issues affecting financial firms.]

“Hackers are spending a huge amount of resources targeting financial services with a disproportionate amount of reconnaissance and lures,” he told Security Ledger. That includes frequent shifts in techniques used to compromise and maintain access to financial services networks, Leonard said. “In March, we saw most threats using some type of obfuscation, but that wasn’t as much an issue in April, when obfuscation was replaced with redirects,” he said.

That leaves financial services firms in a pinch: having to adjust to the new threats, analyze them and take steps to remediate them.

Employees of firms in the financial industry were far more likely to be the recipient of so-called “lures,” the early stages of targeted “phishing” attacks which Websense defines as links or e-mail encouraging someone to take an action. The use of “look-alike” domains designed to resemble the bank’s official web domain, or those of customers or partners was a common tactic in the attacks. And financial firms were far more likely to be attacked using malicious software – some of it tailored to financial firms or to specific targets.

“There are very particular complexities around the malware targeting (financial firms), said Leonard. Credential stealing malware, Trojan (back door) programs and other tools designed to maintain long-term access to compromised networks were common in the study of attacks on financial industry firms, Websense said.

Websense says that its researchers are working on identifying attacks earlier in the chain of compromises in order to limit the damage to customer networks. It says financial firms are among the most forward in sharing information with peers through ISACs (Information Sharing and Analysis Centers) and other forums. But they also face determined and well funded adversaries.

“The question is whether they can adjust quickly enough to mitigate the threats,” said Leonard.

Websense analyzed a range of financial firms, from small enterprise up to large, multinationals. Companies were based in Europe, North America and the Middle East and comprised a wide range of firms, from banks and brokerages to credit unions and insurance companies. Websense declined to say how many firms contributed data to its survey, though it claimed to have documented some four billion security incidents in 2014.

Leonard said financial firms are already moving to more risk-based approaches to security that are focused on protecting critical data, rather than making impenetrable networks. “Given the large numbers and complexity of attacks, you have to understand what will hurt the most and what is likely to happen,” he said.