Under-Equipped, Under Siege: Finance Industry Faces More Malware Attacks

Web-Application-Security-Assessment

From all our past articles, it is understandable that cyberattacks are taking a heavy toll on businesses.

But there is one particular threat that is more often associated with notable financial losses, even business bankruptcy, than any other form of attack — the “malware.” This dreadful threat has been here around since the early 1970s. 

Later on, between 2000 and 2010, there was a dramatic growth, both in the number and the speed at which these infections spread, hitting almost everyone across the globe, regardless of the industry. However, according to a 2019 report, 25 percent of all malware attacks are pointed at banks and other financial services organizations — more than any other sector.

As this is the case, businesses and IT leaders in the financial services domain need to stay up to date on the exact nature of the threat they are facing and formulate mitigation strategies accordingly. To help such people out, we are here with more details on the topic. 

Credit Card Companies – The Prime TargetsCredit Card Companies The-Prime Targets

Due to the bulky volumes of data and money that can be stolen, the attractiveness of financial institutions to cybercriminals isn’t surprising news!

According to several reports that lay out the most prevalent IT attacks and trends, financial services firms were seen to incur substantial year-over-year rises in the number of attacks, breaches, and thefts, with cases of compromised credit cards up by about 212 per cent. Also, a 129 per cent year-over-year rise in credential leaks and a 102 per cent rise from a year before in malicious applications, including fraudulent mobile banking apps, were observed. 

Do You Know Frauds Are Going Social?

There are Facebook groups for moms, dads, people who like photography, movies, politics…; so, why not for cybercriminals?!

Yes, they too have groups on social media!fb

As per a statement released by Cisco’s (CSCO) Talos security unit, there are 74 Facebook groups with over 385,000 members who “promised to carry out an array of questionable cyber dirty deeds, including the selling and trading of stolen bank/credit card information, the theft and sale of account credentials from a variety of sites, and email spamming tools and services”.

The Talos team found that the names of these groups (say, “Spam Professional”, “Spammer & Hacker Professional”,” Buy Cvv On THIS SHOP PAYMENT BY BTC” and “Facebook hack (Phishing)”) certainly gave away what was actually taking place inside.

And more surprisingly, Facebook had made it pretty simple for any malicious actors to locate these groups! As per its algorithm, Facebook takes note of any interest placed on its search function and then starts recommending related groups.

The Talos team tried to eliminate these illegal groups using Facebook’s reporting system, but this hadn’t worked well. So, they reached out to the site’s security team and got the majority of such groups taken down.

But, was that the end?

Never; some groups are still active, and of course new ones will continue to pop up. 

But Why Is This Happening?cyber security

Over the years, we are sure — most financial services had built up their cybersecurity portfolio.

Yet, why is this still happening?

As per our findings, it is mainly because many businesses hadn’t improved or updated their information security since the infrastructure is set up. They often believe that cybersecurity invested in by the organization some years ago is sufficient to resist any threats.

Some businesspeople stay apart from updating their security as they deem that cybersecurity migration to a modern tool or program might cause them too much of headaches.

With cyber attackers getting stronger with sophisticated weapons and attacking methods, all institutions should take heed of the fact that traditional endpoint and on-premise based tools aren’t adequate now to protect their data. We know several businesses still have confidence in the conventional password authentication method. But, time after time again with more cyber incidents, this is being proved to be an outdated method for securing sensitive data. 

So, What’s Next?PCI DSS

The upsurge in malware is a sharp indicator for companies to focus further on raising their security level and defending their systems. Governments and authorities had already launched various compliance standards to encourage businesses to establish cybersecurity governance and frameworks for consumer data privacy and protection. The Payment Card Industry Data Security Standard (PCI DSS) is one of them.

The standard has been in effect for over a decade, and most merchants had already accomplished PCI DSS compliance. 

Interested to know more about PCI DSS? Read “PCI DSS Compliance: What Does It Mean And Why Should I Care?”. 

Even though the primary purpose of the standard is to preserve the privacy and security of sensitive card data, most financial institutions face the problem of understanding this further, being a core technical subject.

Fortunately, Cybernetic Global Intelligence an accredited PCI DSS QSA Cybersecurity Company, has you covered. Get in touch at 1300 292 376 or drop a mail to Contact@cybernetic-gi.com, for assistance.

Post a Comment