5 Ways Cybercriminals Attack Banks and Financial Institutions
June 20th, 2019
The banking and financial sector has long been one of the foremost targets of cyberattacks and fraud schemes. Threat actors know organizations in this industry hold substantial assets – both in terms of actual money and sensitive data. Security teams within these organizations have invested heavily in different hardware and software solutions alike to protect their networks and prevent data breaches or compromised systems. But their jobs are constantly made more challenging by their cunning adversaries, who adapt to security infrastructure and continually find new ways to circumvent the robust defense mechanisms in place.
Cybercriminals draw from a constantly expanding arsenal of tools, techniques, and procedures (TTPs) to exploit vulnerabilities cybersecurity teams may not even know exist. Hacking tools enable faster campaigns, social media and mobile devices provide new avenues to target customers, and data leaks from thousands of external sources cost organizations in the industry millions of dollars each year in fraud damages.
IntSights released a research report on the state of the cyber threat landscape facing the banking and financial services industry earlier this year. In our data, we found huge year-over-year increases in stolen credit cards, credential leaks, malicious applications and more that all impacted this industry. Here are five common methods cybercriminals use to carry out their attacks on banks and financial institutions – including one relatively new method that might have broader implications in the years to come.
1. Malware and Ransomware
Banks and financial services organizations were the targets of 25.7 percent of all malware attacks last year, more than any other industry. Threat actors frequently use Trojan viruses to infect targeted systems by opening backdoors to install malicious programs that extract sensitive information and data. They can then either use this information to carry out broader attacks on corporate networks, or sell it for a great profit on dark web black markets and forums.
Cybercriminals also use ransomware to hold banks hostage until they pay ransom fees. The attackers essentially execute a denial of service that can cost banks millions of dollars each day the attack continues. A bank cannot fully function while it is under a ransomware attack, since most of its key data is typically locked.
2. ATM Attacks
There are two primary ways ATM attacks are carried out: ATM malware and ATM card skimmers. In the case of the former, attackers inject a malicious executable into the switch application server of an ATM network to transmit fake messages that approve fraudulent withdrawal requests. Over 20 malware families have hit banks around the world since early 2018.
As for the latter attack type, hackers frequently install payment card skimmers on ATMs around the world. The attackers put a small device on an ATM’s card swipe mechanism. When customers swipe their cards through the skimmer, the device captures the card information, including the number, expiration date, and full name of the card holder. These attackers also place an undetectable camera on the ATM to record the PIN number the customer is entering.
3. SS7 Vulnerabilities
An emerging attack type was first publicly documented in February 2019, as a major United Kingdom-based bank fell victim to an attack on its SS7 protocol, which sends codes to customers via text messages to verify transactions. Cybercriminals exploited unknown flaws in SS7 to intercept these messages and empty some customers’ accounts. While only a small number of customers were allegedly affected, the implications are huge for security professionals going forward. If a secure verification network is vulnerable, it’s impossible to be sure that any company asset or protocol is completely safe.
4. Mobile Banking Attacks
Most banks and financial services organizations build mobile applications to give customers remote access to their assets. While such apps might appear to be secure on the surface, they are vulnerable to sophisticated cyberattacks because they lack the security features necessary to protect users. Cybercriminals design malware specifically for mobile apps knowing they can infiltrate the relatively simple security architecture. Some malware programs are built to steal banking credentials, lock personal files on mobile devices, and lock users’ screens to prevent them from accessing their devices; others are capable of using phishing techniques to garner credentials and automate bank transactions.
There are also a growing number of fraudulent banking apps on mobile app stores, particularly Google Play. There are many fake apps posing as legitimate apps offered by real banks, which makes it difficult for customers to differentiate between real and fake apps. Users are lured to download these fake apps that steal their bank account and credit card information.
5. DDoS Attacks
Distributed denial-of-service (DDoS) attacks are far more comprehensive – and devastating – than any of the above methods. They involve attacking a bank’s network, website, email systems, servers, data transfer and more to gain complete control of a corporate system. DDoS attacks can be crippling for businesses, as they either force executives to pay large ransom fees to regain control over their assets, or they lock down corporate functionalities and operations for long periods of time. This kind of attack can have disastrous implications for an organization’s brand reputation if it is successful.
Banks and financial organizations are particularly at risk of suffering cyberattacks, perpetual fraud, brand impersonation, and customer targeting due to the sensitive information they guard. Learn more about the state of the cyber threat landscape facing this industry – as well as how security teams can defend their organizations – by downloading the 2019 Banking & Financial Services Cyber Threat Landscape Report (April 2019).
Kevin Diffily is a Content Marketing Manager at IntSights. He strives to educate and engage with cybersecurity professionals, enabling them to make informed decisions to bolster their defense systems and protect their organizations. Kevin has a background in journalism, brand development, copywriting, and social media management. He received his B.A. in Communication from Curry College and his M.A. in Integrated Marketing Communication from Emerson College. He is a staunch proponent of gratuitous Oxford comma use.
Stay up to Date!
Subscribe to the blog to stay up to date with all the latest industry news and updates from IntSights.