How are cyber-criminals targeting financial services firms?

20 Jun 2018

Equifax app. The credit rating firm suffered a major breach in 2017. Image: Pe3k/Shutterstock

Hackers are using hidden tunnels to evade detection and steal critical data from financial services.

The Equifax data breach was massive in scale, with millions of people around the globe affected. Driver licence numbers, email addresses, social security numbers and other personal information were among the types of data stolen in the 2017 incident, as breaches of financial services firms continue to be a growing threat.

According to a new report released today (20 June) by Vectra, an AI-powered threat detection firm, cyber-criminals are finding increasingly sophisticated ways to break into networks and steal critical data and personal information from financial services companies.

Vectra’s Cognito cyberattack detection and threat-hunting platform monitored network traffic and collected metadata from more than 4.5m devices and workloads from customer enterprise, cloud and data centre environments. The metadata was then analysed to gain a greater understanding of trends in networks from 246 opt-in financial services customers, and customers from 13 other industries.

Hidden tunnels lead to data breaches

The company found that attackers built concealed tunnels to breach networks of financial institutions. Jon Oltsik, senior principal analyst at Vectra’s enterprise strategy group, said: “Cyber-attackers continue to innovate by using hidden tunnels to blend in with normal traffic, evade strong access controls and exfiltrate financial data.”

Vectra detected significantly more hidden command-and-control tunnels per 10,000 devices in financial services than all other industries combined, and more than twice as many hidden data-exfiltration tunnels per 10,000 devices in financial services than all other industries.

For every 10,000 devices across all industries, 11 hidden exfiltration tunnels disguised as encrypted web traffic were detected. In financial services, that number more than doubled to 23. From August 2017 through January 2018, hidden exfiltration tunnels disguised as unencrypted web traffic jumped from seven per 10,000 devices to 16 in financial services.

More sophisticated attacks

While the volume of attacks on financial services is lower than in other industries, the sector faces increasingly complex attack attempts by criminals in search of a windfall. Head of security analysis at Vectra, Chris Morales, said: “What stands out the most is the presence of hidden tunnels, which attackers use to evade strong access controls, firewalls and intrusion detection systems. The same hidden tunnels enable attackers to sneak out of networks, undetected, with stolen data.”

Matt Walmsley, director of Vectra EMEA, told that there is a major shift occurring in the security sphere. “We are moving away from being so defence-centric, no defence is perfect.”

He noted that attacks on the financial services firms and ensuing data breaches are not a reflection of the level of security present in the edges of their respective networks. “The consequence of robust network perimeters mean attacks that get through have a higher level of sophistication and use more innovative techniques.”

Equifax app. Image: Pe3k/Shutterstock

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects