The finance industry is as exposed to ‘mass market’ attacks as any other organisation. But their greatest worry is probably the targeted attack, being more difficult to detect with attackers having specific system or set of information in mind which they wish to compromise. In terms of motivation we can imagine three broad aims;
- The financially motivated attacker who wishes to compromise systems to conduct theft or fraud electronically
- The espionage motivated attacker who wishes to steal information which may then be sold on to a third party
- The politically motivated attacker who may wish to compromise information or systems to achieve a goal shared within a group
The recently elevated threat level for financial institutions identified primarily in the US is demonstrating a new trend in which cyber criminals are using spam and phishing e-mails, keystroke loggers, and Remote Access Trojans (RAT) to compromise financial institution networks and obtain employee login credentials. The stolen credentials were used to initiate unauthorized wire transfers overseas. The attacks were primarily directed towards administrators of systems but also individual employees.
When we have looked at measuring the strength of association between industry and a targeted attack over e-mail, we find a strong association between the financial sector and targeted attacks.The implication of this is that the financial services industry is at high risk of being sent targeted attacks over email. These highly sophisticated and motivated attackers are the most difficult to defend against. There is a need to consider such attacks as spanning across the domains of IT security, fraud prevention and detection, and also information privacy. The targeting of individual employees is also highlighting the fact that processes and policies need to be reinforced and, if possible, automated, to avoid human error.
However, such attacks need not be successful if organisations implement a multi-layer approach to security, seeking to make it as difficult as possible for attackers to compromise systems. By remaining constantly vigilant, organisations can maximize the likelihood of rapidly detecting attacks in progress, in order to react, repel the attack and minimize harm.
For more information on the current threats, visit the Symantec Security response page.
