Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

3/5/2019
10:45 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Survey: 160% Increase in Destructive Attacks Targeting Financial Institutions

Report reveals the cyber threats keeping financial CISOs awake at night, including Emotet, Steganography & Hidden Cobra.

READING, UK - 5th March 2019Carbon Black (NASDAQ: CBLK), a leader in cloud delivered, next-generation endpoint security, and Optiv Security, one of the world’s leading security solutions integrators, today released a threat report on the financial sector: Modern Bank Heists: The Bank Robbery Shifts to Cyberspace. The report found that 67% of financial organisations surveyed have reported an increase in cyberattacks over the past 12 months, while destructive attacks have increased 160% over the past year.

Click here to download the report: https://www.carbonblack.com/resources/threat-research/modern-bank-heists-the-bank-robbery-shifts-to-cyberspace/

“Financial institutions are grappling with some of the most sophisticated cyber crime syndicates,” said Tom Kellermann, the report’s author and Chief Cybersecurity Officer at Carbon Black. “Perhaps the most concerning indication from this report is the stark increase in destructive attacks, which are rarely conducted for financial gain. Rather, these attacks are launched to be punitive by destroying data. Cybercriminals have formed sophisticated approaches to gain access to confidential banking and financial information and organisations need to be aware of the impending threats.”

For the report, Carbon Black collaborated with Optiv Security to survey financial industry customers to uncover cyberattack trends seen by some of the world’s leading CISOs to better determine how today’s sophisticated cybercriminals are hiding behind invisibility cloaks to remain undetected.

Among the key findings from the report:

·         67% of surveyed financial organisations have reported an increase in cyberattacks over the past 12 months

·         79% of surveyed financial institutions said cybercriminals have become more sophisticated

·         26% of surveyed financial institutions were targeted by destructive attacks, a 160% increase over 2018

·         32% of surveyed financial institutions encountered island hopping through supply chain vendors and partners

·         21% of surveyed financial institutions experienced a watering hole attack, where sites are hijacked, and visitors are misled to malicious pages

“As threat actors continue to grow in sophistication and determination, it is imperative now more than ever for security leaders to evaluate their digital footprint from the perspective of the enemy,” said Bill Young, Vice President Threat Management, Optiv. “By using an inside-out approach to cybersecurity – starting with risk mitigation and building out from there with strategy, infrastructure rationalisation, operations optimisation and ongoing measurement – we believe financial institutions can close vulnerability gaps and respond to new threats in systematic ways. The time and cost involved in adopting a comprehensive inside-out cybersecurity approach to gain an understanding of threat actor intent, and employing offensive security policies to close security gaps, is a small price to pay.”

The report, available for download on Carbon Black’s website, takes a look at some of the key attack types financial institutions are encountering, including Emotet, steganography and Hidden Cobra.

Click here to download the report: https://www.carbonblack.com/resources/threat-research/modern-bank-heists-the-bank-robbery-shifts-to-cyberspace/

About Carbon Black

Carbon Black (NASDAQ: CBLK) is a leader in endpoint security dedicated to keeping the world safe from cyberattacks. The company’s big data and analytics platform, the CB Predictive Security Cloud (PSC), consolidates endpoint security and IT operations into an extensible cloud platform that prevents advanced threats, provides actionable insight and enables businesses of all sizes to simplify operations. By analysing billions of security events per day across the globe, Carbon Black has key insights into attackers’ behavior patterns, enabling customers to detect, respond to and stop emerging attacks.

More than 5,000 global customers, including 34 of the Fortune 100, trust Carbon Black to protect their organisations from cyberattacks. The company’s partner ecosystem features more than 500 MSSPs, VARs, distributors and technology integrations, as well as many of the world’s leading IR firms, who use Carbon Black’s technology in more than 500 breach investigations per year

Carbon Black and CB Predictive Security Cloud are registered trademarks or trademarks of Carbon Black, Inc. in the United States and/or other jurisdictions.

About Optiv Security

Optiv helps clients plan, build and run successful cyber security programs that achieve business objectives through our depth and breadth of cyber security offerings, extensive capabilities and proven expertise in cybersecurity, integration and cyber operational services. Optiv maintains premium partnerships with more than 350 of the leading cybersecurity technology manufacturers. For more information, visit http://www.optiv.com/

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
How Attackers Infiltrate the Supply Chain & What to Do About It
Shay Nahari, Head of Red-Team Services at CyberArk,  7/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-10101
PUBLISHED: 2019-07-18
OECMS v4.3.R60321 and v4.3 later is affected by: Cross Site Request Forgery (CSRF). The impact is: The victim clicks on adding an administrator account. The component is: admincp.php. The attack vector is: network connectivity. The fixed version is: v4.3.
CVE-2019-10102
PUBLISHED: 2019-07-18
MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affected by: Unauthenticated MySQL database password information disclosure. The impact is: MySQL database content disclosure (e.g. username, password). The component is: The API call in the function allowAction() in NewslettersControlle...
CVE-2019-10102
PUBLISHED: 2019-07-18
Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed sequence of network packets. The component is: detect.c (https://github.com/OISF/suric...
CVE-2019-13959
PUBLISHED: 2019-07-18
In Bento4 1.5.1-627, AP4_DataBuffer::SetDataSize does not handle reallocation failures, leading to a memory copy into a NULL pointer. This is different from CVE-2018-20186.
CVE-2019-13960
PUBLISHED: 2019-07-18
** DISPUTED ** In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. NOTE: the vendor's expectation, for use cases in which this memory usage would be a denial of service, ...