IBM: Financial services industry bombarded by malware, security threats
The financial services industry is the target of a whopping 65% more targeted cyber-attacks than the average business, according to security watchers at IBM’s X Force.
The number of financial services records breached skyrocketed 937% in 2016 to more than 200 million. Financial institutions were forced to defend against a 29 percent increase in the number of attacks from 2015, IBM stated.
+More on Network World: IBM: Tax-related spam up 6,000% since Dec.; Darkweb tactics net billions+
“While the financial services industry was targeted the most by cyber-attacks in 2016, data from the IBM X-Force Threat Intelligence Index shows it ranked third by industry for the number of breached records – likely due to investments in security practices,” IBM stated.
Some of the key points of the IBM report:
- Among the top five targeted industries—retail, healthcare, manufacturing, financial services, and information and communications—the 2017 IBM X-Force Threat Intelligence Index reveals that in 2016 the financial services industry experienced the highest level of threat from inadvertent actors. It’s useful to think of an inadvertent actor as a compromised system carrying out attacks without the user being aware of it. Often it happens when a desktop client is compromised via malicious email attachments, clickjacking or phishing, or vulnerable computer services that have been attacked from another internal networked system.
- In looking at ways the financial services sector was attacked in 2016, the report found that the industry was more affected by insider attacks (58%) than outsider attacks (42%).
- IBM X-Force found that some countries experienced a marked increase in financial cybercrime in 2016. Cybercriminals sharpened their focus on business bank accounts by using malware such as Dridex, Neverquest, GozNym and TrickBot to target business banking services.
- According to IBM, the number one attack vector, involving the use of malicious input data to attempt to control or disrupt a system, targeted 51% of the financial services clients monitored by IBM X-Force. That figure was notably higher than the cross-industry average of 42%. Command injections, which include operating system command injection (OS CMDi) and SQLi, belong in this category. OS CMDi is also known as “shell command injection,” after which the now infamous and widely prevalent.
- IBM X-Force researchers recently identified TrickBot malware campaigns targeting the less common brands in the industry, like private banks, wealth management, and high value account types, indicating this ambitious malware gang plans on attacking in new territory.
Check out these other hot stories: