The average number of attacks against financial services institutions is four times higher than other industries Modern-day criminals are still following Willie Sutton’s example of going after banks “because there’s where the money is.”According to a new report from Websense Security Labs, the average number of attacks against financial services institutions is four times higher than that of companies in other industries.In addition, a third of all initial-stage reconnaissance attacks target financial institutions, the company reported.Criminals aren’t just going after banks for their money, according to Carl Leonard, principal security analyst at Websense. They’re also using banks as a vehicle to reach other victims. For example, a compromised email account at a bank could allow hackers to leverage the trust that customers have in their bank to reach out to their business and retail customers.According to Leonard, an email that originates from a real email account looks more realistic to security solutions than one with a spoofed return address. Plus, if the hackers have access to previous emails, they can better impersonate bank employees.“They’re actually piggybacking on the reputation and trust inherent in that industry sector,” said Leonard.The top three malware threats that financial institutions faced during the first five months of the year were Rerdom, Vawtrack, and Geodo. In particular, the Geodo malware, with its own credential-stealing email worm, was seen 400 percent more often in finance than other industries.However, attackers frequently switch up their attack methods, according to Websense. For example, there was a large spike in malicious redirection and obfuscation attacks in March. The more targeted short-term campaigns are accompanied by a constant barrage of low-level attacks designed to keep security teams distracted.Typo-squatting also made a strong comeback this year, now in combination with email-based social engineering tactics, at an average cost of $130,000 per incident.One of the most effective approaches is to register the .co domain. Other techniques include adding, deleting or transposing characters, or replacing characters with lookalikes such as the the number zero for the letter O. Instead of waiting for a victim to accidentally stumble onto the fake sites, however, the criminals are using these domains to create email accounts that seem to belong to legitimate company employees.“They’re sending mail from those servers that they set up, to make it look more realistic,” Leonard said. The emails are highly customized, and generally target C-level executives in an organization, he added.But financial services were not the most targeted sector for these attacks, ranking behind manufacturing.According to Leonard, the likely reason why manufacturing was a bigger target for these kinds of attacks is that the criminals are still in the testing stages. “Malware authors have been testing this technique since the start of the year, adjusting focus from industry to industry,” he said.They’re tweaking the initial payload, the realism of the typo domains, and adapting their techniques as they go along.“They’re experimenting with industries that are not their primary target,” he said.In addition to keeping an eye out for these sorts of attacks, Leonard suggested that banks increase their degree of cooperation with their peers, industry groups, and government agencies. Related content news Conti-linked ransomware takes in $107 million in ransoms: Report A ransomware campaign linked to the ostensibly defunct Conti malware group has targeted mostly US businesses, in a costly series of attacks. By Jon Gold Nov 30, 2023 4 mins Ransomware Malware Cybercrime news Okta confirms recent hack affected all customers within the affected system Contrary to its earlier analysis, Okta has confirmed that all of its customer support system users are affected by the recent security incident. By Shweta Sharma Nov 30, 2023 3 mins Data Breach news Top cybersecurity product news of the week New product and service announcements from Wiz, Palo Alto Networks, Sophos, SecureAuth, Kasada, Lacework, Cycode, and more. By CSO staff Nov 30, 2023 17 mins Generative AI Security feature How to maintain a solid cybersecurity posture during a natural disaster Fire, flood, eathquake, hurricane, tornado: natural disasters are becoming more prevalent and they’re a threat to cybersecurity that isn’t always on a company’s radar. Here are some ways to prepare for the worst. By James Careless Nov 30, 2023 8 mins Security Operations Center Data and Information Security Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe