Trustwave unveils key cyberthreats in financial services in their latest report, offering insights and defenses against enduring hazards.
The largest cyberthreats confronting financial services firms have been identified by cybersecurity and managed security services company Trustwave based on its most recent study.
The dangers and risks that are unique to the financial services sector are examined in the Trustwave paper, “2023 Financial Services Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies,” along with useful advice and countermeasures to fortify defences.
The company’s staff of forensic investigators, malware reversers, incident responders, security and penetration testers, ethical hackers, and security researchers is called Trustwave SpiderLabs. Trustwave SpiderLabs’ latest research exposes the strategies, tactics, and processes used by threat groups by documenting the attack flow that they employ. These enduring hazards, which range from malicious attachments sent via email to the misuse of legitimate accounts, present serious concerns to the financial services industry.
Financial services companies are appealing targets due to their high potential for financial benefit. Wealth repositories, this industry is rife with profitable chances for cybercriminals, who take advantage of them for profit through theft, fraud, and extortion.
The financial services industry holds a lot of sensitive data, including financial records, client information, and intellectual property, in addition to the actual money.
“Cybersecurity is the foundation of trust in the financial services industry,” stated Kory Daniels, Chief Information Security Officer at Trustwave, in elucidating the significance of the company’s research endeavours.
“Safeguarding customers’ financial well-being and peace of mind is just as important to financial organisations as securing data.
“Our most recent threat briefing is an invaluable tool for security leaders in the financial services industry, offering a thorough overview of the risks identified by our SpiderLabs team and tailored mitigation tactics to support businesses in safeguarding highly sensitive information and assets.”
Risks associated with generative AI
Thanks to notable developments, generative artificial intelligence (AI) has garnered a lot of attention lately. A large portion of the “hype” surrounding generative AI may be traced back to ChatGPT from OpenAI.
Although a lot of people have realised how much more productive this may be in the office, Trustwave also shows that scammers are utilising technology to make sure their schemes operate better.
One instance of this is the application of AI to further simplify, enhance the persuasiveness, personalise, and make it more difficult to identify phishing emails. Phishing emails used to be quite simple to spot due to things like spelling and grammar mistakes. The risk that AI poses, though, is that phishing emails will—and in many cases already have—become more sophisticated and contain fewer mistakes that would be easy for victims to identify.
Additional important conclusions
Threat groups and their tactics are examined in the Trustwave SpiderLabs report at every stage of the attack cycle, from gaining an early advantage to exfiltration. According to the findings, 39% of ransomware instances that targeted the financial services industry were caused by the Clop threat group.
It also found that the bulk of the targeted financial services organisations that have reported a breach are from the United States (51%) followed by India (9%), Russia/Mexico (7%), and other countries.
In examining the techniques most frequently employed by scammers, Trustwave also discovered that 78% of file formats utilised for email-borne malware attachments are HTML attachments. Of these HTML files, thirty-three percent use obfuscation as a defence evasion technique.
