Cybercriminals have evolved from hacking wire transfers to targeting market data, as ransomware continues to hit financial firms, says a new VMware report. Here's what to do about it. Ransomware plagues financial institutions as they face increasingly complex threats over previous years owing to the changing behavior of cybercriminal cartels, according to VMware’s latest Modern Bank Heists report.This has happened as the cybercrime cartels have evolved beyond wire transfer frauds to target market strategies, take over brokerage accounts, and island-hop into banks, according to the report. For the report, VMware surveyed 130 financial sector CISOs and security leaders from across different regions including North America, Europe, Asia Pacific, Central and South America, and Africa.Report findings were consistent with observations by other security experts. “The Secret Service, in its investigative capacity to protect the nation’s financial payment systems and financial infrastructure, has seen an evolution and increase in complex cyber-enabled fraud,” says Jeremy Sheridan, former assistant director at the US Secret Service. “The persistent, inadequate security of systems connected to the internet provides opportunity and methodology.” Conti ransomware reported as most prevalent Ransomware continues to plague companies, with 74% of the surveyed security leaders reporting that they experienced one or more attacks in the past year, and 63% saying they ended up paying ransom. Conti ransomware was found to be the most prevalent.Sixty-three percent of the respondents acknowledged experiencing an increase in “destructive attacks” in which cybercriminals destroy data and evidence of their intrusion. This was a 17% jump from the last year. These attacks involve malware variants that destroy, disrupt or degrade victim systems by taking actions such as encrypting files, deleting data, destroying hard drives, terminating connections, or executing malicious code. Although 71% of the survey participants noted increased wire transfer fraud in their organizations, many said that cybercriminals have moved on from activity related to wire transfers and access to capital, to targeting non-public market information. Two out of three (66%) financial institutions experienced attacks targeting data related to market strategies.“The market strategies that are most targeted are long-term portfolio positions, confidential merger and acquisition information, and IPO filings,” says Tom Kellermann, head of Cybersecurity Strategy at VMware. “Modern market manipulation aligns with economic espionage and can be used to digitize insider trading.”Additionally, security leaders in 63% of the financial institutions polled said they experienced an increase in brokerage account takeover, up from 41% last year. Attackers are increasingly leveraging compromised login credentials to move freely in the network and gain access to the brokerage accounts.Survey respondents also said they observed Chronos attacks, a term borrowed from the Greek god of time, which involve manipulating time stamps on security trades. Sixty-seven percent of financial institutions reported Chronos attacks and 44% of such attacks targeted market positions.“Although the damage radius of Chronos attacks isn’t large, manipulating time undermines safety, soundness, trust, and confidence in the financial sector,” says Kellermann. “Financial institutions need to keep a close eye on the clock and ensure that security teams are prepared to protect the integrity of time.”Island hopping has emerged as one of the most threatening attack trends and was reported as affecting 60% of the financial institutes polled, a 58% jump from the last year. In island hopping, cybercriminals study the interdependencies of financial institutions and understand which managed service provider (MSP) is used. This, in turn, allows them to target these organizations in order to island hop into the bank. Cryptocurrency exchanges have emerged as a bigger concern over the years and about 83% of respondents expressed concerns over their security.Top defenses for financial firm CISOsThe report has recommended a few top defenses for CISOs and security leaders to defend against these attacks:Integrating NDR with EDR: network detection and response (NDR) needs to integrate with endpoint detection response (EDR) for real-time, continuous monitoring of systems to detect and investigate potential threats.Apply micro segmentation: restrict lateral movement by enforcing trust boundaries will improve detection.Deploy decoys: utilize deception technology to divert the intruder.Implement DevSecOps and API security: introduce security early in the life cycle of application development.Automate vulnerability management: prioritize risk to focus on high-risk vulnerabilities.“Investments in API security and workload security are necessitated, and increased dialogue between the surveillance department and information security departments must occur to thwart digital front-running,” says Kellermann. “The CISO must also report to the CEO and regularly brief the Board in order to ensure a smooth flow of discussion and transparency.” Related content news Almost 50% organizations plan to reduce cybersecurity headcounts: Survey While organizations are realizing the need for knowledgeable teams to address unknown threats, they are also looking to reduce their security headcount and infrastructure spending. By Gagandeep Kaur Dec 06, 2023 4 mins IT Jobs Security Practices feature 20 years of Patch Tuesday: it’s time to look outside the Windows when fixing vulnerabilities After two decades of regular and indispensable updates, it’s clear that security teams need take a more holistic approach to applying fixes far beyond the Microsoft ecosystem. By Susan Bradley Dec 06, 2023 6 mins Patch Management Software Threat and Vulnerability Management Windows Security feature What should be in a company-wide policy on low-code/no-code development Low-code/no-code development could bridge the gulf of development backlogs that exists between great ideas and great execution of digital innovation. But not without security policies around areas like access control, code quality, and application vi By Ericka Chickowski Dec 06, 2023 15 mins Application Security Security Practices news analysis Cisco unveils AI-powered assistants to level up security defenses New AI-driven tools aim to simplify and bolster policies, alerts and prevention to reduce complexity when setting security policies and assess traffic without decryption. By Rosalyn Page Dec 05, 2023 5 mins Encryption Cloud Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe