Positive Technologies analysed cyberthreats relevant to the financial sector and found that unique attacks on this industry doubled in Q3 2023, when compared to the same period last year.
Attackers primarily targeted the least secure organisations and their customers, most often with the help of malware, it shared.
The percentage of encryption malware in such incidents increased 3.5 times.
In addition, hackers are now more likely to exploit vulnerabilities in the network perimeter and compromise financial companies by attacking their supply chains.
The databases and credentials obtained in such attacks are sold on cybercriminal platforms. At the same time, financial institutions continue to be targeted by hacktivists.
In the first nine months of 2023, most attacks (35 per cent) involved malware, it found.
Encryption malware was used in 63 per cent of incidents, while a year earlier, it accounted for only 18 per cent.
The percentage of social engineering among the attack methods dropped from 47 per cent to 25 per cent. Positive Technologies attributes this to the growing popularity of other attack methods.
Analysts noticed a significant increase in incidents that exploited vulnerabilities on the network perimeter (32 per cent of cases).
There was also a significant percentage of incidents (22 per cent) where organisations were compromised via their supply chains. Oftentimes, open-source software was used in such incidents to distribute malicious code.
Positive Technologies believes that such attacks may increase in popularity in the next few years, given the widespread use of open-source software by companies.
Positive Technologies recommends that financial companies monitor the use of third-party components when developing their own software and check them for backdoors and vulnerabilities.
Data leaks continued to be the most common attack consequence, rising from 51 per cent to 64 per cent. Among all malicious ads in the dark web and on dedicated Telegram channels and chats, database-related messages accounted for 42 per cent.
In 43 per cent of them, files were distributed for free: this is how hackers tend to punish companies for refusing to pay ransom.
Ads selling fresh data and insider services amounted to 30 per cent. Half of the databases under analysis had a maximum price tag of one thousand dollars, with one data row selling for about five dollars.
Messages of database buyers accounted for 29 per cent.
Positive Technologies explained this high percentage by the fact that attackers are targeting specific organisations. In the financial sector, targeted attacks account for 98 per cent of all incidents.
About 40 per cent of the incidents involved disruptions in the availability of financial services, mostly caused by ransomware attacks. This malware type was used in 63 per cent of successful attacks. Some systems were shut down as a result of hacktivist attacks. Such incidents are typical for regions experiencing geopolitical tensions.
Artem Sychev, Advisor to CEO at Positive Technologies, highlighted the need for a centralised approach in addressing the growing cybersecurity challenges.
This approach should include a coordinated response to threats at the industry level, as well as an analysis of possible chains of events that could lead to fatal consequences.
To mitigate cyber threats, the financial sector is recommended to use up-to-date security tools, such as solutions for monitoring cybersecurity events and detecting incidents (MaxPatrol SIEM), endpoint security systems that protect against sophisticated and targeted attacks, effective vulnerability detection and management tools (MaxPatrol VM), fully automated result-driven cybersecurity solutions, and sandboxes that offer flexible customisation of virtual environments to facilitate analysis and detect threats in files and network traffic (PT Sandbox).