When people think of threats to the financial sector, they imagine cartoonish bank robbers stealing cash in giant canvas bags with dollar bill signs printed on the front. Make no mistake, some of today’s great risks to the financial sector are cybersecurity threats and encryption attacks. Instances of attack have increasing globally by 238% since February 2020, with the attacks building momentum in both sophistication and level of damage.
The timeline would make it easy to blame this trend on the coronavirus pandemic, but there are other factors at play. A likely cause of the rise of attacks is how vulnerable and susceptible much of the financial sector is to cybersecurity attack.
An anonymous former hacker, who now has over 30 years of cybersecurity analysis expertise, has even noted that causing major damage is nowhere as hard as most would think. According to him, “you just need a few thousand dollars and a laptop and a couple of smart hackers to write some code and send something out”.
Is it really that easy to launch a large-scale cybersecurity attack, and if so, what can the financial sector do about it?
This hacker has made it clear that while many security experts are focused on the United States’ “nuclear arsenal being taken over movie-style”, the real potential target everyone should be focused on are the “major effects [a ransomware or cybersecurity attack could have] on the financial markets or potential impacts to things like electricity production facilities”.
He explains that this stems from a major weakness of the general security landscape, which is not being able to identify which systems would cause the most pain to have compromised. All of these machines should be protected by a machine identity. So finding weak or vulnerable machine identities is a great place to focus on to gain access. While white hat hackers work within to try to improve the great good, he explains that black hat hackers are “not bound by any kind of ethical code, willing to break the law, and is in it for his own purposes”.
These black hat hackers will stop at nothing to achieve their ends, and it’s up to every organization to ensure their network is secure from these attacks.
If this hacker-turned-cybersecurity-expert is correct, financial organizations must take immediate action towards improving the efficiency and strength of their security strategy. To do this, we must understand the precise nature of the threats they are up against.
Let’s review the top 5 encryption threats to financial services:
The extreme spike in apps and online platforms for digital banking have, unfortunately, widened the threat landscape within the financial services sector for threat actors. Organizations now have an unprecedented volume of complex data that must be protected, and cybercriminals are taking advantage of this.
Imperva Research Labs found that in January 2021 there were more than 870 million sensitive data attacks, more than the total number of attacks in the entirety of 2017! While it may be difficult to pinpoint, it is certain that many of these attacks misused encryption as part of the game plan. Organizations will have to dramatically pivot their data management strategies to account for this.
2. DDoS attacks
A Distributed Denial-of-Service Attack, or DDoS attack, is an attack that aims to overwhelm its target and surrounding infrastructure by flooding it with traffic until it is incapable of responding, and ultimately fails. The more RPS (requests per second) the attackers can send to the server, the more intense the attack. DDoS attacks can use the following tactics to target encrypted services:
Target the SSL/TLS handshake
Exploit SSL vulnerabilities
Target SSL/TLS service ports
Target an underlying service running over SSL/TLS
This type of attack is interesting in the financial services sector, as the aim to to turn banking platforms’ own customers against them. When a threat actor successfully shuts down a banking website to the point that the banking customers can’t access their information, that is incredible damaging. High volumes of frustrated customers are viable to submit negative social media comments and reviews, and or switch to a more reliable provider if it happens often enough.
There are several types of DDoS attacks that attack varying components of the network connection. It’s vital to understand them all in order to identify which you may be dealing with. A layered solution that implements black hole routing, rate limiting, and a web application firewall is the best approach to mitigating the DDoS attack without accidentally kicking out legitimate web traffic.
3. RDoS threats
A Ransom Denial of Service (RDoS) threat is an extortion-based DDoS attack, in which the perpetrator seeks payment from the victim to end or prevent the attack. These are particularly insidious and have risen in frequency since January 2021.
The pattern of a RDoS attack generally starts with the extortionist reaching out to the intended victim by email demanding bitcoin payment, threatening attack if the payment isn’t made by a certain deadline. According to the Boston Consulting Group, banks and other financial services are 300 times more likely to experience a RDoS attack in a year than any other industry. Tightly controlling encryption assets may make it easier to detect these types of attacks early enough to minimize damage.
4. Client-side attacks
A client-side attack is when a website user unintentionally downloads infected content that allows a threat actor to exploit the website. Exploitations can include intercepting user sessions, inserting hostile or inappropriate content, and targeting other users with phishing attacks. Within the financial sector, this often manifests at stealing payment information. Maintaining high encryption standards for these SSL/TLS sessions is critical in guaranteeing customer privacy.
Financial services websites are dealing with a higher volume of data and digital transactions than ever before, and they rely on third-party scripts that contain personal payment data, making them a bountiful target for cybercriminals. Unfortunately, most customers don’t find out that their credit card information has been compromised until after the criminals have taken advantage of them.
5. Supply chain attacks
Supply chain attacks have been increasing at an alarming rate, with some recent victims including Mimecast and a trusted Mongolian CA. A poorly protected supply chain is a popular and easy target for cybercriminals. Why are supply chain attacks growing in frequency?
The issue stems, at least in part, from the fact that many IT experts cannot agree on which team should own cybersecurity. Whether the responsibility for safeguarding the code signing process should fall on developers or security teams, the only wrong answer is to have no answer at all. If each group thinks somebody else is taking the reins in crafting an efficient and secure cybersecurity strategy, nothing will get done and the organization will be at serious risk.