Third annual report details how financial CISOs are battling ransomware, wire fraud transfer, island hopping, destructive attacks, and counter incident response
VMware, Inc. has released the third annual “Modern Bank Heists” report, produced by VMware Carbon Black. The report combines original VMware Carbon Black threat data analysis with annual survey results featuring responses from 25 leading financial institution CISOs.
“Financial institutions have long been targets for cybercrime syndicates,” said Tom Kellermann, head of security strategy, Security Business Unit, VMware. “Over the years, bank heists have escalated to virtual hostage situations where cybercrime groups and nation-states have attempted to commandeer digital transformation efforts. Now, as we address COVID-19’s impact on a global scale, it’s clear attackers are putting financial institutions directly in their crosshairs, according to our data.”
Among the key findings from the report:
Threat Data Analysis
- From the beginning of February to the end of April 2020, attacks targeting the financial sector have grown by 238%, according to VMware Carbon Black threat data.
- Ransomware attacks against the financial sector are up 9x from the beginning of February to the end of April 2020, according to VMware Carbon Black threat data.
- 27% of all cyberattacks to date in 2020 have targeted either the healthcare sector or the financial sector, according to VMware Carbon Black data.
Key Survey Results
- 80% of surveyed financial institutions reported an increase in cyberattacks over the past 12 months, a 13% increase over 2019.
- 82% of surveyed financial institutions said cybercriminals have become more sophisticated over the past 12 months.
- 64% of surveyed financial institutions reported increased attempts of wire fraud transfer over the past 12 months, a 17% increase over 2019.
- 33% of surveyed financial institutions said they’ve encountered an attack leveraging island hopping (an attack where supply chains and partners are commandeered to target the primary financial institution) over the past 12 months.
The full report, available for download here, takes a look at some of the key attack types financial institutions are encountering; how modern cybercriminals are evolving; what tactics, techniques and procedures (TTPs) are emerging; and how defenders can keep pace.