by | Jul 5, 2023


The finance industry ranks among the most targeted sectors for cyberattacks globally. With valuable assets and sensitive information at stake, financial services organizations face significant challenges in securing their networks and mitigating cyber risks. Until now, there is nothing new under the sun. But the fact that simplest phishing attacks still succeed, the exploitation of known vulnerabilities on exposed servers still finds a way, and too-basic attacks still take advantage of misconfigurations – all highlight the need for continuous monitoring and optimization of security controls. This article explores the key findings from recent cyber research and highlights how financial services organizations can finally strike a balance between security hardening and seamless business operations. 

Here are some salient stats for you to substantiate how dire the current state of cybersecurity is: 

209 days

Are required for financial services organizations to patch vulnerabilities

1,832 incidents

were reported in the financial services sector, with 480 incidents leading to confirmed data disclosure.

77% of breaches

in the financial services sector were attributed to Basic Web Application Attacks, Miscellaneous Errors, and System Intrusion.


Financial services organizations encounter unique challenges in maintaining robust cybersecurity defenses. The simultaneous presence of critical assets within the network and the need to expose sensitive assets for user logins, pose significant security challenges. This dynamic creates an ongoing struggle for organizations to prioritize security measures effectively.  

Veriti’s research on recent attacks on financial services organizations provides some valuable insights on these challenges: 

Phishing Attacks:

Despite advancements in cyber threats, simple phishing attacks continue to pose a significant risk. Attackers exploit this tactic to deceive users and obtain their credentials. Veriti’s recent example unveiled a large-scale phishing campaign targeting SVB Bank clients, demonstrating the persistence of this type of attack, waiting patiently to raise its ugly head at the right time. 

The exploitation of known vulnerabilities on exposed servers –

The reliance of the banking and insurance sectors on online services leaves multiple web servers and web applications exposed to potential attacks. Cyber attackers take advantage of that, exploiting vulnerabilities in specific technologies commonly used in the industry. Noteworthy examples include: 

  • Adobe ColdFusion Arbitrary File Upload (CVE-2019-7816) 
  • Apache HTTP Server Directory Traversal (CVE-2021-41773
  • Oracle WebLogic WLS Security Component Remote Code Execution (CVE-2017-10271
  • WebAdmin CGI PHP php-cgi Query String Parameter Code Execution (CVE-2012-1823
  • WordPress portable-phpMyAdmin Plugin Authentication Bypass (CVE-2012-5469). 

A recent and alarming cyber campaign, targeting particularly banking and financial institutions, was spotted by the Veriti research team. This sophisticated campaign employed a malware-as-a-service approach, leveraging file-sharing storage to distribute and execute malicious executables. The attackers strategically entice unsuspecting users to download and execute these files, unknowingly granting the attackers access to their systems. This method is a dangerous gateway for compromising sensitive financial data and breaching security defenses. 

The discovery of a consistent pattern is even more concerning: the attackers behind this campaign have been identified using the same IP address. Their relentless pursuit of financial services extends beyond a single attack vector. The table below shows that they have employed various tactics to exploit vulnerabilities in different financial institutions, demonstrating their adaptability and determination to infiltrate and compromise valuable assets. 

ATTACK  Attack attempts from the attacker 
Apache HTTP Server Directory Traversal (CVE-2021-41773)   1689248 
Command Injection Over HTTP Payload  1326663 
NoneCMS ThinkPHP Remote Code Execution (CVE-2018-20062)  908075 
Web Servers Malicious URL Directory Traversal  261162 
Apache Camel XSLT Component XML External Entity  214901 
XML External Entity Over HTTP Request  75874 
Others  610 

EMOTET attack infrastructure

In addition, various attackers have been utilizing the EMOTET attack infrastructure to target financial services and government organizations with attacks such as: 

  • Map Security Scanner over HTTP on 01/06/23  
  • Scanner Enforcement Violation on 01/06/23  
  • DNS Enforcement Violation on 31/05/23  
  • phpFileManager cmd Parameter Command Execution on 31/05/23  
  • Application Servers Protection Violation on 31/05/23  

and many more… 

Emotet has resurfaced with a vengeance, posing a significant threat to individuals, financial services organizations, organizations, and networks globally. 


Verizon’s DBIR findings emphasize the critical need to continuously monitor and assess security controls in financial services organizations. Basic Web Application Attacks, phishing attempts, and exposed servers remain persistent threats, requiring constant vigilance. Organizations can proactively identify and address vulnerabilities by continuously monitoring and analyzing security controls, reducing the likelihood of successful cyber attacks.   

However, addressing the vulnerabilities within these organizations requires more than just monitoring. Security teams must implement a non-disruptive remediation validation process. Tedious but mandatory. 
This ensures that the hardening of security defenses does not inadvertently cause any business disruptions, a crucial consideration for financial institutions. Striking the right balance between strengthening security measures and maintaining seamless business operations is paramount in safeguarding the organization’s interests and protecting sensitive data from malicious actors. 


Veriti’s consolidated security platform offers a comprehensive cybersecurity solution to balance security hardening or optimization and uninterrupted business operations. Leveraging machine learning capabilities, Veriti unifies all threat prevention configurations and continually monitors for security gaps and misconfigurations. 

Additionally, Veriti’s virtual patching capabilities ensure prompt mitigation of vulnerabilities, even before official patches are available. By taking a proactive approach, financial services organizations can swiftly address critical vulnerabilities, minimizing the window of opportunity for cybercriminals. 

Furthermore, Veriti’s comprehensive threat intelligence and continuous monitoring empower organizations to stay ahead of evolving attack techniques and emerging vulnerabilities. By leveraging real-time insights, financial services organizations can fortify their defenses proactively and mitigate potential risks effectively. 

By leveraging Veriti’s consolidated platform, financial services organizations can strengthen their security posture, identify vulnerabilities, and mitigate cyber risks while still maintaining seamless business operations. 

Get your security controls assessment now

Recommended Articles

Subscribe to our BLOG

Get the latest security insights, news and articles delivered to your inbox.


Product Overview

Maximize security posture while ensuring business uptime

Automated Security Controls Assessment

Validate your security control


Connect Veriti with your security solutions

Use Cases

Agentless OS-Level Remediation

Proactively safeguard your systems directly at the OS-Level on the endpoint

Validate Risk Posture

Identify postural gaps by querying your security configuration

Eliminate False Positives

Reduce alert fatigue. Increase Security Effectiveness

Maintain Cyber Hygiene

Monitor the hygiene of your security solutions

Vulnerability Mitigation

Prioritize and virtually patch vulnerabilities

Enhance zero-day Protection

Identify and distribute zero-day indicators of attack



Efficiently manage multiple clients in a consolidated platform


Neutralize security gaps without impacting healthcare operations.


Get the report >>


See all resources


Veriti's security blog


The latest guides, white papers and infographics

Our Story

Learn about Veriti

Leadership Team

Meet the team


Work with us


Our latest updates

Partner with Veriti

Become a partner