Cybercriminals have evolved from hacking wire transfers to targeting market data, as ransomware continues to hit financial firms, says a new VMware report. Here's what to do about it. Ransomware plagues financial institutions as they face increasingly complex threats over previous years owing to the changing behavior of cybercriminal cartels, according to VMware’s latest Modern Bank Heists report.This has happened as the cybercrime cartels have evolved beyond wire transfer frauds to target market strategies, take over brokerage accounts, and island-hop into banks, according to the report. For the report, VMware surveyed 130 financial sector CISOs and security leaders from across different regions including North America, Europe, Asia Pacific, Central and South America, and Africa.Report findings were consistent with observations by other security experts. “The Secret Service, in its investigative capacity to protect the nation’s financial payment systems and financial infrastructure, has seen an evolution and increase in complex cyber-enabled fraud,” says Jeremy Sheridan, former assistant director at the US Secret Service. “The persistent, inadequate security of systems connected to the internet provides opportunity and methodology.” Conti ransomware reported as most prevalent Ransomware continues to plague companies, with 74% of the surveyed security leaders reporting that they experienced one or more attacks in the past year, and 63% saying they ended up paying ransom. Conti ransomware was found to be the most prevalent.Sixty-three percent of the respondents acknowledged experiencing an increase in “destructive attacks” in which cybercriminals destroy data and evidence of their intrusion. This was a 17% jump from the last year. These attacks involve malware variants that destroy, disrupt or degrade victim systems by taking actions such as encrypting files, deleting data, destroying hard drives, terminating connections, or executing malicious code. Although 71% of the survey participants noted increased wire transfer fraud in their organizations, many said that cybercriminals have moved on from activity related to wire transfers and access to capital, to targeting non-public market information. Two out of three (66%) financial institutions experienced attacks targeting data related to market strategies.“The market strategies that are most targeted are long-term portfolio positions, confidential merger and acquisition information, and IPO filings,” says Tom Kellermann, head of Cybersecurity Strategy at VMware. “Modern market manipulation aligns with economic espionage and can be used to digitize insider trading.”Additionally, security leaders in 63% of the financial institutions polled said they experienced an increase in brokerage account takeover, up from 41% last year. Attackers are increasingly leveraging compromised login credentials to move freely in the network and gain access to the brokerage accounts.Survey respondents also said they observed Chronos attacks, a term borrowed from the Greek god of time, which involve manipulating time stamps on security trades. Sixty-seven percent of financial institutions reported Chronos attacks and 44% of such attacks targeted market positions.“Although the damage radius of Chronos attacks isn’t large, manipulating time undermines safety, soundness, trust, and confidence in the financial sector,” says Kellermann. “Financial institutions need to keep a close eye on the clock and ensure that security teams are prepared to protect the integrity of time.”Island hopping has emerged as one of the most threatening attack trends and was reported as affecting 60% of the financial institutes polled, a 58% jump from the last year. In island hopping, cybercriminals study the interdependencies of financial institutions and understand which managed service provider (MSP) is used. This, in turn, allows them to target these organizations in order to island hop into the bank. Cryptocurrency exchanges have emerged as a bigger concern over the years and about 83% of respondents expressed concerns over their security.Top defenses for financial firm CISOsThe report has recommended a few top defenses for CISOs and security leaders to defend against these attacks:Integrating NDR with EDR: network detection and response (NDR) needs to integrate with endpoint detection response (EDR) for real-time, continuous monitoring of systems to detect and investigate potential threats.Apply micro segmentation: restrict lateral movement by enforcing trust boundaries will improve detection.Deploy decoys: utilize deception technology to divert the intruder.Implement DevSecOps and API security: introduce security early in the life cycle of application development.Automate vulnerability management: prioritize risk to focus on high-risk vulnerabilities.“Investments in API security and workload security are necessitated, and increased dialogue between the surveillance department and information security departments must occur to thwart digital front-running,” says Kellermann. “The CISO must also report to the CEO and regularly brief the Board in order to ensure a smooth flow of discussion and transparency.” Related content news Google Chrome zero-day jumps onto CISA's known vulnerability list A serious security flaw in Google Chrome, which was discovered under active exploitation in the wild, is a new addition to the Cybersecurity and Infrastructure Agency’s Known Exploited vulnerabilities catalog. By Jon Gold Oct 03, 2023 3 mins Zero-day vulnerability brandpost The advantages and risks of large language models in the cloud Understanding the pros and cons of LLMs in the cloud is a step closer to optimized efficiency—but be mindful of security concerns along the way. By Daniel Prizmant, Senior Principal Researcher at Palo Alto Networks Oct 03, 2023 5 mins Cloud Security news Arm patches bugs in Mali GPUs that affect Android phones and Chromebooks The vulnerability with active exploitations allows local non-privileged users to access freed-up memory for staging new attacks. By Shweta Sharma Oct 03, 2023 3 mins Android Security Vulnerabilities news UK businesses face tightening cybersecurity budgets as incidents spike More than a quarter of UK organisations think their cybersecurity budget is inadequate to protect them from growing threats. By Michael Hill Oct 03, 2023 3 mins CSO and CISO Risk Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe