SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

Trustwave highlights critical cyber threats to financial services

Wed, 11th Sep 2024

Trustwave has released a series of reports detailing the threats facing the financial services sector.

This marks the second year of its ongoing research into critical security issues within the industry.

Trustwave SpiderLabs, the research arm of Trustwave, has highlighted several significant trends affecting the financial services sector. These include issues relating to cryptocurrency and ransomware. The reports provide an overview of threat actor techniques by attack stage and underscore unique factors pertinent to financial services.

The cybersecurity firm has also produced two detailed write-ups on specific threats: phishing-as-a-service and insider threats. Recent research by the Ponemon Institute has identified malicious insiders as the costliest type of data breach, followed by phishing, which is not only the second most expensive type but also the most prevalent.

"Digital trust is paramount for financial services to effectively operate in a hyper-competitive market, and the attack surface has never been more challenging with the size and the diversity of the data," said Kory Daniels, Chief Information and Security Officer at Trustwave.

Daniels further added, "Our latest series of threat briefings highlight the urgent risks of insider threats and phishing-as-a-service attacks, offering vital insights and actionable strategies to help organisations defend their most sensitive data and assets. This resource is essential for business leaders and cyber defenders striving to stay ahead in an evolving threat landscape."

Financial services organisations are particularly attractive to cybercriminals due to their wealth of sensitive financial data and substantial funds. The sector also contends with a unique cybersecurity landscape influenced by expanded regulatory requirements, heightened risk aversion, and consumer protection considerations.

Trustwave SpiderLabs' 2024 research series includes the following reports: the 2024 Trustwave Risk Radar Report: Financial Services, the 2024 Financial Services Deep Dive on Phishing-as-a-Service, and the 2024 Financial Services Deep Dive on Insider Threat.

Key findings from Trustwave SpiderLabs' financial services research series include:

  • 24 per cent of ransomware attacks against the financial sector were attributed to ALPHV
  • 49 per cent of attacks against financial institutions originated from phishing
  • 20 per cent of ransomware attacks in the sector were targeted at banking institutions
  • 65 per cent of ransomware attacks targeting financial services occurred in the United States
  • 37 per cent of phishing emails in the industry contained HTML attachments
  • 73 per cent of credential access techniques were brute-force attempts

In 2023, Trustwave released its first Financial Services Threat Intelligence Briefing, which analysed the attack flow specific to the financial services sector. It offered insights on specific threat actors, actionable intelligence, and recommended mitigations for each stage.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X