THE NEED FOR CONTINUOUS SECURITY MONITORING
The finance industry ranks among the most targeted sectors for cyberattacks globally. With valuable assets and sensitive information at stake, financial services organizations face significant challenges in securing their networks and mitigating cyber risks. Until now, there is nothing new under the sun. But the fact that simplest phishing attacks still succeed, the exploitation of known vulnerabilities on exposed servers still finds a way, and too-basic attacks still take advantage of misconfigurations – all highlight the need for continuous monitoring and optimization of security controls. This article explores the key findings from recent cyber research and highlights how financial services organizations can finally strike a balance between security hardening and seamless business operations.
Here are some salient stats for you to substantiate how dire the current state of cybersecurity is:
209 days
1,832 incidents
77% of breaches
PERSISTENT CHALLENGES IN FINANCIAL SERVICES CYBERSECURITY
Financial services organizations encounter unique challenges in maintaining robust cybersecurity defenses. The simultaneous presence of critical assets within the network and the need to expose sensitive assets for user logins, pose significant security challenges. This dynamic creates an ongoing struggle for organizations to prioritize security measures effectively.
Veriti’s research on recent attacks on financial services organizations provides some valuable insights on these challenges:
Phishing Attacks:
Despite advancements in cyber threats, simple phishing attacks continue to pose a significant risk. Attackers exploit this tactic to deceive users and obtain their credentials. Veriti’s recent example unveiled a large-scale phishing campaign targeting SVB Bank clients, demonstrating the persistence of this type of attack, waiting patiently to raise its ugly head at the right time.
The exploitation of known vulnerabilities on exposed servers –
The reliance of the banking and insurance sectors on online services leaves multiple web servers and web applications exposed to potential attacks. Cyber attackers take advantage of that, exploiting vulnerabilities in specific technologies commonly used in the industry. Noteworthy examples include:
- Adobe ColdFusion Arbitrary File Upload (CVE-2019-7816)
- Apache HTTP Server Directory Traversal (CVE-2021-41773)
- Oracle WebLogic WLS Security Component Remote Code Execution (CVE-2017-10271)
- WebAdmin CGI PHP php-cgi Query String Parameter Code Execution (CVE-2012-1823)
- WordPress portable-phpMyAdmin Plugin Authentication Bypass (CVE-2012-5469).
A recent and alarming cyber campaign, targeting particularly banking and financial institutions, was spotted by the Veriti research team. This sophisticated campaign employed a malware-as-a-service approach, leveraging file-sharing storage to distribute and execute malicious executables. The attackers strategically entice unsuspecting users to download and execute these files, unknowingly granting the attackers access to their systems. This method is a dangerous gateway for compromising sensitive financial data and breaching security defenses.
The discovery of a consistent pattern is even more concerning: the attackers behind this campaign have been identified using the same IP address. Their relentless pursuit of financial services extends beyond a single attack vector. The table below shows that they have employed various tactics to exploit vulnerabilities in different financial institutions, demonstrating their adaptability and determination to infiltrate and compromise valuable assets.
| ATTACK | Attack attempts from the attacker |
| Apache HTTP Server Directory Traversal (CVE-2021-41773) | 1689248 |
| Command Injection Over HTTP Payload | 1326663 |
| NoneCMS ThinkPHP Remote Code Execution (CVE-2018-20062) | 908075 |
| Web Servers Malicious URL Directory Traversal | 261162 |
| Apache Camel XSLT Component XML External Entity | 214901 |
| XML External Entity Over HTTP Request | 75874 |
| Others | 610 |
EMOTET attack infrastructure
In addition, various attackers have been utilizing the EMOTET attack infrastructure to target financial services and government organizations with attacks such as:
- Map Security Scanner over HTTP on 01/06/23
- Scanner Enforcement Violation on 01/06/23
- DNS Enforcement Violation on 31/05/23
- phpFileManager cmd Parameter Command Execution on 31/05/23
- Application Servers Protection Violation on 31/05/23
and many more…
THE IMPORTANCE OF CONTINUOUS SECURITY MONITORING
Verizon’s DBIR findings emphasize the critical need to continuously monitor and assess security controls in financial services organizations. Basic Web Application Attacks, phishing attempts, and exposed servers remain persistent threats, requiring constant vigilance. Organizations can proactively identify and address vulnerabilities by continuously monitoring and analyzing security controls, reducing the likelihood of successful cyber attacks.
However, addressing the vulnerabilities within these organizations requires more than just monitoring. Security teams must implement a non-disruptive remediation validation process. Tedious but mandatory.
This ensures that the hardening of security defenses does not inadvertently cause any business disruptions, a crucial consideration for financial institutions. Striking the right balance between strengthening security measures and maintaining seamless business operations is paramount in safeguarding the organization’s interests and protecting sensitive data from malicious actors.
MORE CONSOLIDATION – LESS TEDIOUS OVERHEAD
Veriti’s consolidated security platform offers a comprehensive cybersecurity solution to balance security hardening or optimization and uninterrupted business operations. Leveraging machine learning capabilities, Veriti unifies all threat prevention configurations and continually monitors for security gaps and misconfigurations.
Additionally, Veriti’s virtual patching capabilities ensure prompt mitigation of vulnerabilities, even before official patches are available. By taking a proactive approach, financial services organizations can swiftly address critical vulnerabilities, minimizing the window of opportunity for cybercriminals.
Furthermore, Veriti’s comprehensive threat intelligence and continuous monitoring empower organizations to stay ahead of evolving attack techniques and emerging vulnerabilities. By leveraging real-time insights, financial services organizations can fortify their defenses proactively and mitigate potential risks effectively.
By leveraging Veriti’s consolidated platform, financial services organizations can strengthen their security posture, identify vulnerabilities, and mitigate cyber risks while still maintaining seamless business operations.
