Cyberattacks on Financial Institutions: Data breaches in 2020

Since COVID-19, the US FBI reported a 300% increase in reported cybercrimes. 82,000 NEW malware threats are being released every single day, and HALF of the cyber-attacks occurring are aimed at small businesses; you just don’t hear about it because the news wants to report on BIG breaches OR it’s kept quiet by the company for fear of attracting bad PR, lawsuits and data-breach fines, and out of sheer embarrassment.

According to the Official Cybercrime Report published by Cybersecurity Ventures, Cyber-crime damages will cost the world $6 trillion annually by 2021, up from $3 trillion just a year ago.

Do you know that financial services are the #1 target? This is because of the treasure trove of information that they require from customers, according to Verizon’s Data Breach Report.

Cybersecurity breaches on Financial Institutions:

Here are some cyberattacks that had happened in 2020 to illustrate this image:

• March 30, 2020: researchers reported that U.S., Canadian, and Australian banks were being increasingly targeted by Zeus Sphinx, a banking trojan first seen in August 2015. The attackers target those waiting on government relief payments from Covid-19. This version of the malware is being distributed via maldoc spam with the files named “COVID 19 relief.”

 

• May 11, 2020: American ATM manfacturer Diebold Nixdorf was hit by a ransomware attack that caused ‘a limited IT systems outage’. While the company said the incident did not affect the customer networks, or the general public, security blogger Brian Krebs reported that the ransomware attack affected services for about 100 of its customers. Additional information suggests that the ransomware might have been ‘ProLock’, more often referred to as PwndLocker.

 

• July 10, 2020: the SEC (U.S. Securities and Exchange Commission) issued a warning about a rise in ransomware attacks on U.S. financial firms. These attacks focus on gaining access to the company and then enacting ransomware and have targeted firms all across the financial services sector. The SEC is so alarmed by recent developments that it has issued warnings on several areas:

1. Ransomware: An increase in sophistication of attacks on broker-dealers, investment advisers, and investment companies.
2. Credential compromises: An increase in cyber-attacks against brokers and dealers using “credential stuffing”. 

 

• July 25, 2020: Digital banking app ‘Dave’ confirmed a security breach after a hacker published the details of 7.5 million users on a public hacker forum called RAID, including full names, birth dates, home addresses, emails, and even social security numbers. The attackers exfiltrated data by entering through Waydev, a third-party analytics platform used by the Dave engineering team.

 

Make no mistake – small, “average” businesses are being compromised daily, and clinging to the smug ignorance of “That won’t happen to me” is an absolute surefire way to leave yourself wide open to these attacks.