Financial Services Organizations Beware: Rising State-Sponsored APT Group Attacks
November 13th, 2018
Since the days of the Wild West, banks and financial institutions have come to realize that their main threats originate from crime groups. Today, even as crime has moved into cyberspace, most financial institutions still believe these crime groups are their primary adversaries, as well as believing that their threat landscape has remained the same. The main reason for this lies in a simple equation: crime groups like money, and banks have it. But over the past few years we have started to see a change in the landscape, as banks and financial institutions have become targets for state-sponsored APT groups.
These state-sponsored actors receive direction, funding, or technical assistance from a nation-state to advance that nation’s interests. Instead of being motivated by money, they prefer to steal, and exfiltrate, intellectual property, sensitive personally identifying information (PII), and military and financial secrets.
Before the Internet, it was extremely difficult for another country to attack banks or financial institutions. But as the cyberworld has emerged, it’s put the private sector within reach of nation-state attackers, and it’s changing the landscape for how companies must defend against these threats. In our recent report, The Rise of State-Sponsored Attacks Against Financial Services Organizations, we explore the reasons for such a shift, ranging from pure financial gains of common criminals to highly sophisticated and well-equipped APT groups and what they gain besides money.
The Rise of State-Sponsored APT Group Attacks
It’s not just governments that are feeling the disastrous effects of state-sponsored cyber warfare and crime. Recent discoveries have revealed the existence of, and details on, several government-sponsored hacking groups around the globe. While most state-sponsored APT groups target other governments and militaries for intelligence collection, in the last few years, we are starting to see more activity directed towards the financial sector. In fact, the financial sector is every bit as at risk, and often don’t have the same level of defenses in place that governments can afford.
Although banks and other financial institutions are private businesses, state-sponsored APT groups still see them as symbols that represent the country, and attacking them serves the interests of their sponsored country.
Attributing attacks to any specific group or state is very difficult, and usually based on allegation rather than proven evidence. Hacking groups are modular and separated into specialized divisions, with each department responsible for a different side of the operation. Security companies will come up with a name for groups and incidents, the groups don’t necessarily refer to themselves that way. No country has come forward and said “We did this, those are our guys”, with the exception of non-state sponsored groups and hacktivists.
As a result, the conclusions made by researchers come from correlations between the tools used, similar techniques and strategies, and analyzing digital footprints.
New Report: The Rise of State-Sponsored Attacks Against the Financial Services Industry
To read further about how State-Sponsored APT groups are targeting the Financial Services industry, download our research report. This report includes:
- An Overview of the Changing Threat Landscape for FSI Organizations
- Evidence of APT Group Linkage to the Russian FSB
- Timeline of Cybercrime and State-Sponsored Attacks Against Banks
- Anatomy of a State-Sponsored Cyber Attack
The Rise of State-Sponsored Cyber Attacks Against Financial Services Organizations
Andrey Yakovlev is a Security Researcher at IntSights, focused on intelligence hunting from the Russian Dark Web. He is an experienced professional with over 6 years of experience in the cyber security field. Andrey specializes in threat discovery, computer forensics and behavioral analysis of Trojans.
Stay up to Date!
Subscribe to the blog to stay up to date with all the latest industry news and updates from IntSights.