Banks get attacked four times more than other industries

Plu a third of all initial-stage reconnaissance attacks target financial institutions

Modern-day criminals are still following Willie Sutton's example of going after banks "because there's where the money is."

According to a new report from Websense Security Labs, the average number of attacks against financial services institutions is four times higher than that of companies in other industries.

In addition, a third of all initial-stage reconnaissance attacks target financial institutions, the company reported.

Criminals aren't just going after banks for their money, according to Carl Leonard, principal security analyst at Websense. They're also using banks as a vehicle to reach other victims.

For example, a compromised email account at a bank could allow hackers to leverage the trust that customers have in their bank to reach out to their business and retail customers.

According to Leonard, an email that originates from a real email account looks more realistic to security solutions than one with a spoofed return address.

Plus, if the hackers have access to previous emails, they can better impersonate bank employees.

"They're actually piggybacking on the reputation and trust inherent in that industry sector," said Leonard.

The top three malware threats that financial institutions faced during the first five months of the year were Rerdom, Vawtrack, and Geodo. In particular, the Geodo malware, with its own credential-stealing email worm, was seen 400 percent more often in finance than other industries.

However, attackers frequently switch up their attack methods, according to Websense. For example, there was a large spike in malicious redirection and obfuscation attacks in March. The more targeted short-term campaigns are accompanied by a constant barrage of low-level attacks designed to keep security teams distracted.

Typo-squatting also made a strong comeback this year, now in combination with email-based social engineering tactics, at an average cost of $130,000 per incident.

One of the most effective approaches is to register the .co domain. Other techniques include adding, deleting or transposing characters, or replacing characters with lookalikes such as the the number zero for the letter O.

Instead of waiting for a victim to accidentally stumble onto the fake sites, however, the criminals are using these domains to create email accounts that seem to belong to legitimate company employees.

"They're sending mail from those servers that they set up, to make it look more realistic," Leonard said. The emails are highly customized, and generally target C-level executives in an organization, he added.

But financial services were not the most targeted sector for these attacks, ranking behind manufacturing.

According to Leonard, the likely reason why manufacturing was a bigger target for these kinds of attacks is that the criminals are still in the testing stages.

"Malware authors have been testing this technique since the start of the year, adjusting focus from industry to industry," he said.

They're tweaking the initial payload, the realism of the typo domains, and adapting their techniques as they go along.

"They're experimenting with industries that are not their primary target," he said.

In addition to keeping an eye out for these sorts of attacks, Leonard suggested that banks increase their degree of cooperation with their peers, industry groups, and government agencies.

Join the CSO newsletter!

Error: Please check your email address.

Tags securityModeadvanced persistent threatsdata protectionwebsense

More about ModernWebsense

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Maria Korolov

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place