STRENGTHENING CYBER DEFENSES IN FINANCIAL SERVICES

by | Jul 5, 2023

THE NEED FOR CONTINUOUS SECURITY MONITORING

The finance industry ranks among the most targeted sectors for cyberattacks globally. With valuable assets and sensitive information at stake, financial services organizations face significant challenges in securing their networks and mitigating cyber risks. Until now, there is nothing new under the sun. But the fact that simplest phishing attacks still succeed, the exploitation of known vulnerabilities on exposed servers still finds a way, and too-basic attacks still take advantage of misconfigurations – all highlight the need for continuous monitoring and optimization of security controls. This article explores the key findings from recent cyber research and highlights how financial services organizations can finally strike a balance between security hardening and seamless business operations. 

Here are some salient stats for you to substantiate how dire the current state of cybersecurity is: 

209 days

Are required for financial services organizations to patch vulnerabilities

1,832 incidents

were reported in the financial services sector, with 480 incidents leading to confirmed data disclosure.

77% of breaches

in the financial services sector were attributed to Basic Web Application Attacks, Miscellaneous Errors, and System Intrusion.

PERSISTENT CHALLENGES IN FINANCIAL SERVICES CYBERSECURITY 

Financial services organizations encounter unique challenges in maintaining robust cybersecurity defenses. The simultaneous presence of critical assets within the network and the need to expose sensitive assets for user logins, pose significant security challenges. This dynamic creates an ongoing struggle for organizations to prioritize security measures effectively.  

Veriti’s research on recent attacks on financial services organizations provides some valuable insights on these challenges: 

Phishing Attacks

Despite advancements in cyber threats, simple phishing attacks continue to pose a significant risk. Attackers exploit this tactic to deceive users and obtain their credentials. Veriti’s recent example unveiled a large-scale phishing campaign targeting SVB Bank clients, demonstrating the persistence of this type of attack, waiting patiently to raise its ugly head at the right time. 

The exploitation of known vulnerabilities on exposed servers

The reliance of the banking and insurance sectors on online services leaves multiple web servers and web applications exposed to potential attacks. Cyber attackers take advantage of that, exploiting vulnerabilities in specific technologies commonly used in the industry. Noteworthy examples include: 

  • Adobe ColdFusion Arbitrary File Upload (CVE-2019-7816) 
  • Apache HTTP Server Directory Traversal (CVE-2021-41773
  • Oracle WebLogic WLS Security Component Remote Code Execution (CVE-2017-10271
  • WebAdmin CGI PHP php-cgi Query String Parameter Code Execution (CVE-2012-1823
  • WordPress portable-phpMyAdmin Plugin Authentication Bypass (CVE-2012-5469). 

A recent and alarming cyber campaign, targeting particularly banking and financial institutions, was spotted by the Veriti research team. This sophisticated campaign employed a malware-as-a-service approach, leveraging file-sharing storage to distribute and execute malicious executables. The attackers strategically entice unsuspecting users to download and execute these files, unknowingly granting the attackers access to their systems. This method is a dangerous gateway for compromising sensitive financial data and breaching security defenses. 

The discovery of a consistent pattern is even more concerning: the attackers behind this campaign have been identified using the same IP address. Their relentless pursuit of financial services extends beyond a single attack vector. The table below shows that they have employed various tactics to exploit vulnerabilities in different financial institutions, demonstrating their adaptability and determination to infiltrate and compromise valuable assets. 

ATTACK Attack attempts from the attacker 
Apache HTTP Server Directory Traversal (CVE-2021-41773)  1689248 
Command Injection Over HTTP Payload 1326663 
NoneCMS ThinkPHP Remote Code Execution (CVE-2018-20062) 908075 
Web Servers Malicious URL Directory Traversal 261162 
Apache Camel XSLT Component XML External Entity 214901 
XML External Entity Over HTTP Request 75874 
Others 610 

EMOTET attack infrastructure

In addition, various attackers have been utilizing the EMOTET attack infrastructure to target financial services and government organizations with attacks such as: 

  • Map Security Scanner over HTTP on 01/06/23  
  • Scanner Enforcement Violation on 01/06/23  
  • DNS Enforcement Violation on 31/05/23  
  • phpFileManager cmd Parameter Command Execution on 31/05/23  
  • Application Servers Protection Violation on 31/05/23  

and many more… 

Emotet has resurfaced with a vengeance, posing a significant threat to individuals, financial services organizations, organizations, and networks globally. 

THE IMPORTANCE OF CONTINUOUS SECURITY MONITORING 

Verizon’s DBIR findings emphasize the critical need to continuously monitor and assess security controls in financial services organizations. Basic Web Application Attacks, phishing attempts, and exposed servers remain persistent threats, requiring constant vigilance. Organizations can proactively identify and address vulnerabilities by continuously monitoring and analyzing security controls, reducing the likelihood of successful cyber attacks.   

However, addressing the vulnerabilities within these organizations requires more than just monitoring. Security teams must implement a non-disruptive remediation validation process. Tedious but mandatory. 
This ensures that the hardening of security defenses does not inadvertently cause any business disruptions, a crucial consideration for financial institutions. Striking the right balance between strengthening security measures and maintaining seamless business operations is paramount in safeguarding the organization’s interests and protecting sensitive data from malicious actors. 

MORE CONSOLIDATION – LESS TEDIOUS OVERHEAD  

Veriti’s consolidated security platform offers a comprehensive cybersecurity solution to balance security hardening or optimization and uninterrupted business operations. Leveraging machine learning capabilities, Veriti unifies all threat prevention configurations and continually monitors for security gaps and misconfigurations. 

Additionally, Veriti’s virtual patching capabilities ensure prompt mitigation of vulnerabilities, even before official patches are available. By taking a proactive approach, financial services organizations can swiftly address critical vulnerabilities, minimizing the window of opportunity for cybercriminals. 

Furthermore, Veriti’s comprehensive threat intelligence and continuous monitoring empower organizations to stay ahead of evolving attack techniques and emerging vulnerabilities. By leveraging real-time insights, financial services organizations can fortify their defenses proactively and mitigate potential risks effectively. 

By leveraging Veriti’s consolidated platform, financial services organizations can strengthen their security posture, identify vulnerabilities, and mitigate cyber risks while still maintaining seamless business operations. 

Get your security controls assessment now


Recommended Articles

Subscribe to our BLOG

Get the latest security insights, news and articles delivered to your inbox.

Product

Product Overview

Maximize security posture while ensuring business uptime

Odin

AI-Powered Contextual Cybersearch

Automated Security Controls Assessment

Validate your security control

Integrations

Connect Veriti with your security solutions

Use Cases

Agentless OS-Level Remediation

Proactively safeguard your systems directly at the OS-Level on the endpoint

Vulnerability Remediation

Safely remediate vulnerabilities in one click

Validate Risk Posture

Identify postural gaps by querying your security configuration

Eliminate False Positives

Reduce alert fatigue. Increase Security Effectiveness

Maintain Security Hygiene

Monitor the hygiene of your security solutions

Enhance zero-day Protection

Identify and distribute zero-day indicators of attack

Solutions

VERITI FOR Enterprises

increase business outcomes

VERITI FOR MSSPs

Efficiently manage multiple clients in a consolidated platform

VERITI FOR HEALTHCARE

Neutralize security gaps without impacting healthcare operations

VERITI FOR MANUFACTURING

Protect the heart of your production processes

State of Enterprise Security Controls

DOWNLOAD Report >>

Resources

See all resources

Blog

Veriti's security blog

Downloads

The latest guides, white papers and infographics

Events

Live event and on-demand webinars

Glossary

Our Comprehensive Definitions Guide

MASTERING MODERN OS-LEVEL SECURITY: THE AGENTLESS APPROACH

WATCH NOW>>

Our Story

Learn about Veriti

Leadership Team

Meet the team

Careers

Work with us

Newsroom

Our latest updates

Contact US

Get in touch

CHANNEL PARTNERS

Become a partner

MSSPs

Reduce operational costs