Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Finance Sector. Show all posts

Ransomware Gangs Target Weekends and Holidays for Maximum Impact

 


A new report by cybersecurity firm Semperis reveals that ransomware gangs are increasingly launching attacks during weekends and holidays when organisations are less equipped to respond. The study found that 86 percent of ransomware incidents occurred during off-peak times as companies often scale back their security operations centre (SOC) staffing. While most organisations claim to run 24/7 SOCs, 85% admit to reducing staff by up to half on weekends and holidays, leaving critical systems more exposed. According to Dan Lattimer, an area vice president at Semperis, many organisations cannot afford the high cost of maintaining full SOC coverage each day. He noted, for example, that some organisations assume they are less exposed to risk during weekends because fewer employees are online to fall prey to phishing attacks. Others perceive their exposure being low because they have never had a threat in the past, further reducing the monitoring effort.


Why Cybercriminals Prefer Off-Peak Hours

Attackers leverage these openings to elevate the chances of their success. Performing attacks during weekends or holidays gives them a relatively longer timeframe to conduct an operation secretly so they can encrypt files and steal sensitive information with little hope of interfering soon. According to Lattimer, this tactic increases the chances of receiving ransom money because the organisations are willing to regain control at any critical downtime.

The report also showed that finance and manufacturing were among the most often targeted sectors, with 78 percent and 75 percent of organisations in the respective sectors reporting attacks on weekends or holidays. Furthermore, 63 percent of respondents said the ransomware related to major corporate events such as mergers or layoffs, which often cause additional diversion for IT teams. 


Identity Security Lapses Continue

Another concerning result of the report is that too many companies feel too confident about their identity security. While 81% said to have sufficient defences against identity-related attacks, 83% experienced successful ransomware incidents in the past year. This discrepancy is largely due to lack of budget and resources to properly protect identity systems like AD, a part of core infrastructure.

Semperis noted that without proper funding for identity threat detection and response (ITDR), many organisations are leaving themselves open to attacks. Around 40% of companies either lacked the resources or were unsure about their ability to secure these systems. 


Takeaway

SEMPERIS 2024 RANSOMWARE HOLIDAY RISK REPORT states that businesses must immediately address the vulnerability of weekends. Strengthening cybersecurity measures over holidays, investing in such robust identity protection, and maintaining consistent monitoring can help mitigate such growing risks for organisations. Cybercrime has become so dynamic, and hence organisations must adapt constantly to stay one step ahead.



Is Bitcoin Changing? Big Shifts and What It Means for Us

 


On the financial front, traditional powerhouses like Grayscale, BlackRock, and Fidelity are diving into Bitcoin, earning them the moniker 'Bitcoin whales.' These heavyweights are injecting billions into the digital currency, holding a sizable chunk of the finite 21 million bitcoins available.

Out of the 19 million bitcoins currently in circulation, an estimated 3.5 million are lost, either due to forgotten digital wallet details or lingering criminal proceeds. Concerns arise over the 2.3 million bitcoins held by cryptocurrency exchanges, acting as crypto-banks, sparking debates about reliance on centralised systems.

Adding to the mystery are 'unknown whales,' individuals or entities owning over 10,000 bitcoins, accounting for roughly 8% of the total. The remaining 7% of bitcoins are yet to be mined, with the last one expected in 2140. Meanwhile, Satoshi Nakamoto, Bitcoin's enigmatic creator, sits on an estimated 1.1 million bitcoins, securing a spot among the world's wealthiest.

Regulated investment firms, given the green light by US financial authorities, are now in the game. Grayscale, BlackRock, and Fidelity collectively hold about 4.5% of all bitcoins, signalling a significant shift.

Law enforcement's involvement introduces another layer, with nearly 200,000 bitcoins awaiting auction from cyber-crime seizures. MicroStrategy and Tether emerge as noteworthy Bitcoin holders, with MicroStrategy leading as the single largest organisation owner, holding around 193,000 Bitcoins. Tether, recognized for its stablecoin, claims an estimated 67,000 bitcoins.

Publicly listed Bitcoin miners, including Marathon and Hut8, contribute significantly, holding around 40,000 bitcoins collectively. Well-known investors like the Winklevoss Twins, Tim Draper, and companies like Tesla and Block add further diversity to the landscape.

Approximately 10.5 million bitcoins are believed to be held by the general public, constituting roughly 50% of the existing supply. However, the actual number of individual Bitcoin owners remains a mystery.

Interestingly, the recent surge in Bitcoin's value is credited not to individual retail investors but to Bitcoin whales, including major banks. Analysts suggest that these influential entities are steering both the price and demand, reshaping the once peer-to-peer digital cash dynamics.

As big financial players gather more and more bitcoins, it's making us rethink what Bitcoin was supposed to be. Originally, it was all about being decentralised and not controlled by big institutions. Now, with these financial giants holding a lot of bitcoins, we're wondering where Bitcoin is headed and if it's staying true to its roots. The world of cryptocurrency is changing, and it's not just affecting digital money – it's making waves in a much bigger way.


Sekoia Reports: Latest in the Financial Sector Cyber Threat Landscape


France-based cybersecurity company Sekoia published a new report regarding the evolution in the financial sector threat landscape. 

Among the many cybersecurity issues, phishing attacks like QR code phishing were the ones that have seen a massive surge in the sector.

Also, the report noted that the finance sector is subject to attacks on the software supply chain. 

Phishing as a Service Massively Hits the Sector

Sekoia claims that in 2023, the phishing-as-a-service paradigm reached widespread use. Cybercriminals are selling phishing kits that comprise phishing pages that mimic various financial institutions, as well as kits designed to take over Microsoft and obtain login credentials for Microsoft 365, which businesses utilize to authenticate to multiple services.

One instance of such a threat is NakedPages PhaaS, that offers phishing pages for varied targets, among which are the financial institutions. With over 3,500 individuals, the threat actor maintains licenses and frequently posts updates on its Telegram channel.

In regards to the aforementioned number, Sekoia based strategic threat intelligence analyst, Livia Tibirna says “generally speaking, cybercrime actors tend to increase their audience, and so their visibility, by inviting users to join their public resources. Therefore, the users are potential (future) customers of the threat actors’ services. Yet, other type of users joining threat actors’ Telegram resources are cybersecurity experts monitoring the related threats.”

QR Code Phishing Campaigns are on the Rise/ Sekoia reports an upsurge in the quantity of QR code phishing, or quishing, activities. Attacks known as "quishing" include using QR codes to trick people into divulging personal information—like login passwords or bank account details.

The cybersecurity firm notes that QR code phishing will eventually increase due to its “effectiveness in evading detection and circumventing email protection solutions.”

According to Sekoia, the most popular kit in Q3 of 2023 is the Dadsec OTT phishing as a service platform, which includes quishing features. It has been noted in a number of extensive attack campaigns, specifically posing as financial institutions.

Multiple Supply Chain Risks

Attacks against the supply chain of open-source software increased by 200% between 2022 and 2023. Since open-source components are used in digital products or services by 94% of firms in the financial sector, the industry is susceptible to attacks that take advantage of supply chain compromises involving open-source software.

One of the examples is the Log4Shell vulnerability and its exploitation, that has targeted thousands of companies globally for financial benefits and espionage. 

There have also been reports of supply chain attacks that particularly target the banking industry, demonstrating the potential of certain threat actors to create complex attacks against the industry.

"It is highly likely that advanced threat actors will persist in explicitly targeting the software supply chain in the banking sector," according to Sekoia.

Financially Oriented Malware 

Sekoia also mentioned some of the financially oriented malware that are predominantly designed to steal financial data, like credit card information, banking credentials, crypto wallets and other critical data, like: 

Mobile Banking Trojans: Sekoia has expressed special concern about the growing number of Trojans associated with mobile banking, which more than doubled in 2022 compared to the previous year and is still growing in 2023. According to Sekoia, this is probably because more mobile devices are being used for financial services, and that malware makes it easier to get around two-factor authentication.

Spyware: According to Sekoia, the usage of spyware, which are malicious programs made to gather passwords, sensitive data, and keystrokes, has increased in bank fraud in 2023. One kind of Android malware is called SpyNote, and it has added targeting of banking applications to its list of features.

Ransomware: The finance industry is a prime target for ransomware; in the third quarter of 2023, it was the sector most affected. Ransom demands ranged from $180,000 to $40 million, and in many instances, they had severe physical repercussions.

According to Sekoia, well-known ransomware actors that use extortion to affect the financial industry, like BianLian, have changed to an exfiltration-based extortion strategy that does not encrypt the victims' systems or data. This action is probably taken to prevent widespread encryption issues during large-scale hacking operations.

Reduce Cyber Threat Risks

The financial sector is vulnerable to several security risks. Although BEC and phishing have been around for a while, they have become more sophisticated over time to continue to impact the industry and stay up with emerging technologies. Every employee of financial institutions needs to be trained to recognize potential fraud or phishing efforts. Additionally, they want to have a simple method for informing their IT staff of any unusual activities.

However, more indirect attacks have recently entered the chart, since threat actors have been targeting organizations through supply chain attacks. Specifically, before being implemented, open-source software utilized in goods or services needs to be thoroughly examined.