The ZeroFox Intelligence team recently released their Quarterly Threat Landscape report and recommendations for the financial services industry. The report covered a broad look at common threat vectors, with a focus on external cybersecurity (activity between the corporate perimeter and the cybercriminals).
In this post, we’ll cover key takeaways from the report, including some of the most pertinent cyberthreats security pros face, specifically within the financial services sector. We will also cover how each finding factors into a healthy external cybersecurity program.
1. Social Engineering Campaigns are Evolving
Social engineering campaigns aren’t new, but they are increasing, complicated by an expanding attack surface. According to the ZeroFox Quarterly Threat Landscape Report, social engineering was one of the most frequently reported intrusion tactics leveraged against the financial sector in Q1 2022. However, rather than leveraging new technologies or practices to attack, bad actors simply evolved their phishing emails, smishing texts, and/or voice calls.
These phishing attacks contain the usual prompts in the financial services industry. For example, they may send a fraudulent alert to a banking customer with instructions to click a link to unlock their account, which either installs malware or brings them to a legitimate-looking portal which captures their login credentials. However, there is also an increase in the number of social engineering campaigns targeting those who may want to provide humanitarian aid for the ongoing conflict between Russia and Ukraine.
We anticipate these threats to remain, with possible increases over the next quarter. While user training and widespread communication about these threats is key to protecting employees and customers, it’s also critical to deploy external cybersecurity to monitor for these attacks before or during their deployment.
NOTE: social engineering campaigns were used in nearly every other type of threat, which underscores the importance of specifically monitoring for these threats. These threats play a major role in your organization even though they are coming from outside of your traditional security perimeter and evade traditional firewalls or other barriers.
2. Geopolitical Conflicts and Sanctions Create New Threats
As mentioned above, the increase in geopolitical conflicts, including the war between Russia and Ukraine, have given rise to evolving cyberthreats in the financial sector. These external threats can impact both inside the corporate structure by creating supply chain disruptions and outside of traditional IT awareness by targeting your investments and investors alike.
Russia established itself as the primary geopolitical concern in Q1 2022 for the financial sector, replacing China. Russia’s outsized role in commodity production and strategic location account for roughly 2% of global GDP. Western sanctions following Russia’s war in Ukraine forced most Western financial firms operating in Russia to withdraw. The outcome of Russia’s war in Ukraine threatens Russia’s entire USD 1 trillion balance sheet, of which USD 300 billion is in international money markets.
For the financial sector, it will become even more of a delicate balance. For example, maintaining global operations or investments in either country risks incurring the wrath of threat actors who may perceive business in a country to be a sign of support for a nation they see as their political enemy. As such should map out any supply chains and possible risks to their existing infrastructure.
3. Blockchain Threats are on an Upward Trajectory
Blockchain threats are not new, but they shouldn’t be ignored, especially as the use of cryptocurrency and non-fungible tokens (NFTs) grows. These cryptocurrencies and the ability to trade them are an important part of the external cyber ecosystem.
Previous quarters have seen a surge in the adoption of digital assets—such as cryptocurrency and NFTs—from businesses and consumers globally, reportedly rising almost 900 percent in 2021. With that came a rise in threat actor activity, seeking to conduct crypto theft by exploiting poor user security and vulnerabilities within blockchain mechanisms such as smart contracts.
As such, blockchain attacks in Q1 2022 continued on an upward trajectory in the form of hacks, scams, and social engineering campaigns. Reports indicate at least 80 malicious incidents occurred across different blockchains—an increase from 33 the previous year—particularly on decentralized finance (DeFi) exchanges and platforms. These attacks resulted in an estimated USD 1.3 billion in stolen assets.
As this technology evolves, best practices and recommendations are also evolving. Cryptocurrency and bitcoin are quickly becoming an international currency of the internet, and as such your cybersecurity tactics to protect these assets should change as well.
4. Malware Remains a Concern
Data breaches and malware make headlines because they impact businesses and consumers alike. Unfortunately, the proliferation of these tactics and attacks are expected to continue.
According to ZeroFox threat intelligence analysts, malware deployment across the landscape remained highly prevalent in Q1 2022 and the team expects that to continue given ease of acquisition and impact on end users. Although infection rates remained high, ZeroFox Intelligence observed no significant change in capability.
However, don’t let the lack of significant change in infection rates create complacency. Malware continues to be popular due to the low barrier for entry, with some “Malware-as-a-service” (MaaS) models offered for as little as USD 20.
Additionally, ZeroFox intelligence recently released a Flash Report detailing the resurgence of REvil, which may post a higher threat in the coming months. As mentioned earlier, geopolitical factors impact the prevalence of malware as well. Financial organizations are likely to face an increased threat from malware deployed by Russia, state-linked, and pro-Russian threat actors.
Although several steps should be taken to fight malware and data breaches, we recommend financial services businesses review obligations in different jurisdictions with regards to disclosure of breaches, particularly with the U.S. passing the Strengthening American Cybersecurity Act (the “Act”) into law in March 2022.
5. Initial Access Broker Threats are Decreasing
ZeroFox Intelligence assesses the threat to financial sector organizations from Initial Access Brokers (IABs) reduced in Q1 2022. Our team found that the number of posts selling access to compromised financial organizations’ networks fell in Q1 2022; a trend seen in multiple sectors. This bucks the upward trend over the previous year of threat actors increasingly purchasing initial access for a plethora of follow-on malicious targeting, such as ransomware delivery.
The fall in activity likely reflects limitations to the supply from IABs rather than a lack of demand from buyers. This may be explained in part by Russia’s invasion of Ukraine, with some IABs implicated in the conflict. The war may have also driven some IABs to seek more private or direct communication methods to sell illicit access. Disruption to underground marketplaces such as Raid Forums in Q1 2022, where access sales have appeared regularly, may also be a driver.
Given the upward trajectory over the last year and the ongoing conflict in Russia and Ukraine, there is a likelihood that disruption to IABs’ operations is only temporary. In fact, ZeroFox Intelligence anticipates that the threat to the financial sector from IABs will increase.
With that in mind, ZeroFox Intelligence recommends that the financial services industry proactively monitor for potential network access sales to obtain critical early warning for impending cyber attacks and identification of malicious actors, including insiders, meaning to harm their networks. Monitoring the dark web and external sources while also ensuring proper cybersecurity hygiene internally is crucial.
Download the Financial Services Quarterly Threat Landscape Report
Financial services remain a major target for threat actors. Understanding the external cybersecurity threat landscape can be difficult with so many things out of your control once you leave the corporate perimeter. Download the Quarterly Landscape Report to learn more in-depth analysis and recommendations from the ZeroFox Threat Intelligence team.