Rise of Cyber Threats in the Financial Sector

While plans, systems and processes have been put in place over the last few year to protect businesses, people and data, cyber criminals are still exploiting COVID-19 related vulnerabilities, within the finance industry, at full force. Often for every penny they have.

‘Cyber threats will continue to grow into 2022. That much is clear. Financial organisations have already either tackled significant cyber-attacks, will tackle one in the very near future, or may be a target of one currently but are simply unaware of the fact.’

Feras Tappuni, CEO, SecurityHQ

According to the Financial Times, ‘More than one in four UK cyber-attacks [are now] related to Covid-19.’ On a global scale, these types of attacks and threats connected to COVID-19 are vast, and can range from email phishing scams, VPN attacks due to remote working, social media campaigns, false advertisement, to direct attacks on entire financial organisations.

Malicious Domains & Fraud within the Financial Sector

Fraud related to COVID-19 in the form of fake emails, advertisements and social media campaigns containing malicious domains, are still abundant, even years on from the first outbreak. At the beginning of the pandemic, Interpol reported a ‘considerable number of registered domains on the internet that contain the terms: “coronavirus”, “corona-virus”, “covid19” and “covid-19”. While some are legitimate websites, cybercriminals are still creating thousands of new sites every day to carry out spam campaigns, phishing or to spread malware.’

According to CityMatters, the very first report of fraudulent Corona related malware was received on the 9th of February, with 20 more reports made that month. In the time between the 1st and the 13th of March, losses grew to over £970,000. Infact, less than a month after the virus became popular knowledge, on the 20th of March the City of London Police reported an ‘increase by 400%’ of Corona virus related reports. Years on and reports are still growing.

And it’s not just in finance. Take the World Health Organisation (WHO) as an example. In April 2020, ‘450 active WHO email addresses and passwords were leaked online along with thousands belonging to others working on the novel coronavirus response.’ This was achieved when bad actors created emails impersonating the organisations and sent a mass email campaign out to members of the public asking for donations towards what looked like a legitimate COVID-19 response fund. This, of course, was fraudulent, and the links within the emails were malicious.

WHO’s Chief Information Officer, Bernardo Mariano, reported that ‘Ensuring the security of health information for Member States and the privacy of users interacting with us a priority for WHO at all times, but also particularly during the COVID-19 pandemic. We are grateful for the alerts we receive from Member States and the private sector. We are all in this fight together’.

Malware and Phishing within the Financial Sector

Often fraud and malicious domains go hand in hand with malware and phishing campaigns. You rarely get one without the other.

According to Interpol, ‘Cybercriminals are taking advantage of the widespread global communications on the coronavirus to mask their activities. Malware, spyware and Trojans have been found embedded. Spam emails are also tricking users into clicking on links which download malware to their computers or mobile devices.’

To offer bogus financial support, many support networks have been the common targets of these phishing attacks. HMRC has even been made the subject of a phishing campaign in which customers and viewers were offered a job retention scheme involving fraudulent tax refunds to protect against COVID-19. HMRC have asked those who received such emails to report them, and not to open any links within. The breach utilised many different formats to distribute the false information, including emails, social media, refund companies, WhatsApp, phone calls, texts, and SMS. What made these documents so convincing, was the fact that they were formatted and presented almost identically to the real thing. It would take a sharp eye to spot a real from the fake.

For hackers, phishing scams are relatively easy, quick to deploy, and rely on public fears and confusion to pressure the reader to click on a malicious link. This threat is not going to reduce any time soon. Which is why people need to stay informed.

‘It’s critical that the government focuses on building the right defences to prepare for and thwart attacks that threaten the resilience of government infrastructure’

Paul Farrell, general manager IBM Ireland on The Irish Times site.

What’s Next and How to Mitigate Against Threats

1. To know about other threats, including ransomware and internal threats in the financial industry, read Why the Finance Industry Needs to Get Real About Security.
2. For a more in-depth look, download our Whitepaper on the ‘Financial Sector Threat Landscape’ to explore the current threat landscape, the techniques criminals use to bypass financial security controls, an analysis of the five greatest threats to financial organisations and recommendations on how to improve security and safeguard data.
3. Learn how services, including Vulnerability Management, can be used to Visualise and understand malicious or anomalous activity. Analyse, prioritise and respond to threats in rapid time. Safeguard your data, people and processes.