Cybercriminals have shifted from Wire Transfer fraud to targeting Market Data, according to a VMware report.

Cybercriminals have shifted from wire transfer fraud to targeting market data, and their ransomware continues to hit financial firms, according to a VMware report.

The target does not change, but the methods do. According to VMware’s latest Modern Bank Heists report, financial institutions have faced increasingly complex cyber threats in recent years, and cybercriminal gangs are constantly evolving. Indeed, while these groups originally specialized in wire transfer fraud, they are now targeting market strategies, taking over brokerage accounts and breaking into banks, this report says. for which VMware interviewed 130 CISOs and industry security leaders in various regions, including North America, Europe, Asia Pacific, Central and South America, and Africa.

His findings support the observations of other security experts. “Intelligence services, as part of their investigative mission to protect the nation’s payment systems and financial infrastructure, have seen an evolution and increase in complex cyber fraud,” said Jeremy Sheridan, former director US Secret Service Deputy. “The persistent flaw in the security of Internet-connected systems offers opportunities and a methodology,” he added.

Conti ransomware, among the most widespread
Ransomware continues to be a concern for businesses. And for good reason: 74% of security managers surveyed said they had suffered one or more attacks in the past year, and 63% said they had ended up paying a ransom. The Conti ransomware has proven to be the most prevalent. 63% of respondents acknowledge having experienced more “destructive attacks” in which cybercriminals destroy data and evidence of their intrusion, up 17% from last year. These attacks involve variants of malware that destroy, disrupt, or degrade victim systems by encrypting files, deleting data, destroying hard drives, interrupting connections, or executing malicious code.

Although 71% of survey respondents saw an increase in wire transfer fraud within their company, many said cybercriminals are now looking to access non-public market information. . Two out of three financial institutions (66%) have experienced attacks targeting data related to market strategies. The most targeted market strategies are long-term portfolio positions, confidential M&A information, and IPO filings,” said Tom Kellermann, chief cybersecurity strategy officer at VMware. “Modern market manipulation aligns with economic espionage and can be used to digitize insider trading,” he added.

Attacks on timestamping and via MSP partners on the rise
Additionally, security officials at 63% of financial institutions surveyed said they had experienced an increase in brokerage account takeovers, up from 41% last year. Attackers are increasingly using compromised login credentials to move freely around the network and access brokerage accounts. Survey respondents also said they had observed Chronos-type attacks, a term borrowed from the Greek god of time, which involve manipulating the timestamp of corporate actions. 77% of financial institutions reported Chronos attacks and 44% of these attacks targeted market positions. “Even if the extent of the damage caused by the Chronos attacks is not significant, the manipulation of the timestamp undermines security, integrity, trust in the financial sector,” Mr. Kellermann said. “Financial institutions need to closely monitor timestamps and ensure security teams are prepared to protect time integrity.”

So-called “island hopping” attacks have become one of the most threatening trends, with 60% of financial institutions surveyed having been victims of this type of attack, up 58% from last year. As part of these attacks, cybercriminals study the interdependencies of financial institutions to identify the managed service provider (MSP) used. They can thus target these companies to reach the targeted bank via Island Hopping. Another major concern in recent years has been that of cryptocurrency exchanges, with around 83% of respondents expressing concern about their security.

What means of defense for the CISOs of financial companies?
The report recommends several solutions for CISOs and security managers to defend against these attacks:

– Integrate NDR and EDR: Network Detection and Response (NDR) must integrate with Endpoint Detection & Response (EDR) to have continuous, real-time monitoring of systems and detection and analysis of potential threats.

– Apply micro-segmentation: restricting lateral movements by applying trust boundaries will improve detection.

– Deploy decoys: use deception technologies to deflect the intruder.

– Implement DevSecOps and API Security: Introduce security early in the application development lifecycle.

– Automate vulnerability management: prioritize risks to focus on high-risk vulnerabilities.

“Investments in API and workload security are needed, and there needs to be more dialogue between monitoring teams and information security teams to thwart the use of transaction information coming, also known as digital front running,” said the head of cybersecurity strategy at VMware. “The CISO must also report to the CEO and regularly inform the Board of Directors in order to ensure the fluidity of discussions and transparency”.

Newer Articles

• REvil Ransomware gang’s ‘Return’ raises concern
• Exhibition and Trade Shows Back with a Bang in a Post-Pandemic World
• How to convince venture capital funding for your startup?

Older Articles

• Zoom unveils its Revamped Whiteboard Tool
• Amazon creates a Fund for AI and Robotics in Logistics
• Apple releases Major free update to iMovie, its Video Editing Software