Posted on March 18, 2021 at 11:42 PM
U.S. Banks Warned of More Sophisticated Attacks from APT Gangs
Financial service organizations are increasingly being targeted by threat actors through all sorts of means. A recent report revealed that while financial organizations are major targets for cyber attacks, many policies and activities of the government and agencies have not been able to stop them.
As a result, cyber intelligence units are advising U.S. banks and other institutions to take a proactive approach to protect their systems. They warned that financial institutions should not depend on cyber-defenses by the government as these are no longer enough.
The institutions must remove elements with vulnerabilities, secure-sourcing strategies, and carry out cyber resilience audits to protect their systems and customers.
The level of cyber attacks on financial institutions has increased tremendously over the years, as threat actors become more sophisticated.
A 2015 analysis revealed that financial organizations are targeted four times compared to other organizations. But that level has gone on to multiply in several folds today. Now, these firms are attacked as many as 300 times than other firms in other industries.
U.S.-based banking institutions are the most impacted, as they account for over 25% of global cyber attacks on financial institutions.
The threat actors responsible for the majority of these attacks have grown in sophistication and potency. Most of the attacks are being carried out by Advanced Persistent Threat (APT) actors.
Third-party-linked attacks also increasing
These sustained attacks are perpetrated to compromise networks and carry out long-term operations such as data exfiltration or spying.
In other low-level types of attacks, the threat actors try to quickly get into the system and leave before anyone notices. But with these APT attacks, the intention is to plant malware in the system and stay to steal information for as long as possible.
They use all sorts of sophistication to hide their identity from the victim’s system. Some APTs can stay hidden and undetected for several months before they are discovered. In that period, they can gather all types of information, including past and present details, from the system.
A successful cyberattack on a bank will also affect the customers. But a cyberattack on the U.S. treasury can cripple the country. The recent SolarWinds incident is an example of how such cyberattacks can have devastating and multiple effects on several organizations.
The majority of the cybersecurity protections and actions are focused on applications and software. However, the increased direct attack on systems is a reminder that more threat actors are now going through other routes to compromise systems.
It means that organizations also need to de-emphasize application and hardware attacks.
The Supermicro case showed that threat actors may even compromise a company’s network via third parties. So, the situation now requires a broader and comprehensive cybersecurity protocol.
In the Supermicro incident, a third-party supply linked to the PRC military was compromised, which enabled a sophisticated attack across the organization’s network. As a result, Amazon had to delist a supplier in China while Apple removed thousands of servers.
Most sophisticated attacks are carried out by ATP groups
A great deal of know-how, planning, and resource gathering is needed for ATP attacks compared to most rogue hacking activities.
As a result of this sophistication, most times they are carried out by threat actors backed by a government, including from Russia, Iran, North Korea, and the People’s Republic of China.
But China’s threat is more serious since they have the capability of producing information technology that can install both virtual and physical backdoors.
Institutions should take a proactive approach
It’s commonly known that Chinese hackers use surveillance and exfiltration technology to steal data from their victims.
With these persistent threats on the U.S. financial institutions, they can no longer rely on the government to deal with these state-backed threats. While federal measures are still relevant and helpful, the organizations have been advised to enroll their employees in good cybersecurity and awareness programs.
They should also mitigate exposure by having regular resilience audits and source for technology from trusted democratic nations to prevent data infiltration through third parties.
President Joe Biden is also making plans to improve U.S. supply chain security. Last month, he signed an executive order for the initiation of such a bill. It’s an indication of the level of seriousness the government is placing on the security of organizations.