The ‘year of ransomware’ paints an ominous picture for financial services


13 Apr 2018

Aidan McHugh, head of security business unit, IBM Ireland. Image: IBM

IBM’s analysis of billions of security events found financial services to be the worst-hit industry in ‘the year of ransomware’, writes Aidan McHugh.

fintech & financial services

IBM X-Force has released the 2018 Threat Intelligence Index, which looks back on 2017 through IBM Security’s analysis of billions of security events.

This year’s report finds almost a 25pc drop in compromised records as cyber-criminals launched debilitating ransomware attacks designed to lock or block data instead of stealing it. As a result, 2017 was ‘the year of ransomware/ransomworms’.

The three unprecedented and disruptive ransomworm attacks in 2017 – WannaCry, NotPetya and Bad Rabbit – used sophisticated exploits against organisations tasked with serving everyday national needs and local economies alike. These destructive ransomworm attacks highlighted the critical need for incident response and disaster recovery.

‘The cybercrime economy is thriving on cryptocurrency, and this trend, which largely shaped the threat landscape in 2017, will continue to have an impact in 2018’

Cybercrime in financial services

Within financial services, one of the key findings the index shows is that the industry experienced the highest volume of security incidents and the third-highest volume of cyberattacks throughout 2017.

Losses due to cybercrime are a growing issue for financial organisations across the globe, and seeing this sector top the chart is not a surprise.

Attackers are committing direct monetary theft from bank accounts by using phishing and credential-stealing malware, as well as running malicious code to intercept online transactions.

While attacks on the financial sector more commonly target bank customers, organised crime gangs are also after the enterprise networks of those organisations. In 2017, cyber-criminals went beyond direct attacks and targeted their consumer and business banking customers, where we see the Gozi malware as the leading Trojan being used.

X-Force recognises, too, that the cybercrime economy is thriving on cryptocurrency, and this trend, which largely shaped the threat landscape in 2017, will continue to have an impact in 2018.

As a result, the financial cybercrime arena is not expected to slow down in 2018. Even with some groups gone, the ones that remain are those who manage complex operations that include the entire supply chain linked with financial crime, especially its money-laundering aspects.

The threat from within your organisation

With mobility and bring-your-own-device (BYOD) trends being the norm in today’s workplace and productivity, many say that everyone is an insider threat. So, how does this outlook materialise in real-world security incidents? The numbers paint a grim picture.

The careless or ‘inadvertent insider’ statistics of the X-Force index emphasise the need for all enterprises to embrace a culture of dynamic cybersecurity awareness that adjusts and grows alongside the changing threat landscape.

‘Being an inadvertent insider is not confined to end users, as 2017 saw a historic 424pc increase in records breached through misconfigurations in cloud servers’

Some of the most common insider scenarios included basic misjudgement, such as employees storing intellectual property on their own unsecured personal devices or end systems, or falling for phishing emails that resulted in account takeover or access to sensitive data.

Being an inadvertent insider is not confined to end users, as 2017 saw a historic 424pc increase in records breached through misconfigurations in cloud servers. Experienced professionals in IT departments still linger in setting erroneous permission-level attribution on cloud services or preparing networked backups that expose sensitive data through weak or non-existent authentication.

Whether it is through an end user or IT professional, affected organisations of such attacks have suffered extensive and costly downtime, reputational damage, and ongoing system mayhem that is taking their business and IT teams weeks to repair after an incident takes place.

A look into the future

Seeing the sensitivity and variance of data that has been amassed and exposed from millions of individuals in 2017 is a wake-up call for all organisations to take steps. With GDPR, companies need to ensure that the data they collect is in accordance with applicable privacy laws and regulations, and is properly secured with controls that are tested over time.

It also reminds enterprises of the continued need to practise security fundamentals, and implement real-time systems and processes to monitor and detect breaches. When this is coupled with AI and machine-learning capabilities to detect patterns, it can even help to predict attacks before they occur.

As we move through 2018, incident response is where the growth of security investment could make a difference, along with the looming potential for combatting not only ransomworm threats, but also the complete spectrum of cyber-threats.

By Aidan McHugh

Aidan McHugh is head of the security business unit at IBM Ireland, responsible for leading IBM’s integrated approach to delivering cybersecurity solutions and services to clients. He leads a team of commercial, consulting and technical resources focused on protecting clients from the ever-growing landscape of cyber-threats.