Insights Cyber Intelligence a cyber-security firm that offers cyber threat intelligence to enterprises released its Financial Services Threat Landscape Report (July 2018). To acquire cyber threat intelligence, Insights engages in dark web monitoring, phishing and fraud detection and brand protection.
The research resulted in a number of key findings:135% increase in bank data available for sales on dark web marketplaces over the last one year, 149% increase in credit card stolen information, 91% increase in the number of corporate email addresses targeted by phishing scams, and 151% increase of attack probability per bank.
Stolen data posted for sale on the dark web, mainly credit card information, has been landing many buyers into trouble. Most of the people who buy credit card information end up using it to purchase goods online or physically in stores. Unable to cover their tracks some credit card buyers end up arrested and charged with fraud and identity theft.
The report attributed the rise in the number of exposed information to the change of tactics used by cybercriminals. As banks and financial institutions up their cyber security game, cybercriminals change the way they carry out attacks to be able to bypass security measures taken by their target corporations. According to the report, the following trends in the cybercrime world have resulted in more stolen data.
Phishing-as-a-service
Phishing attacks have proved to be the most effective ways of acquiring information from unsuspecting targets. Dark web marketplaces as always provide all sorts of goods and services including phishing kits. Availability of phishing kits for sale on demand have lowered the entry bar to phishing attacks. These kits enable cybercriminals with little knowhow to launch cyber-attacks that result in the exposure of large quantities of sensitive information.Fake sites and Apps
To acquire information from clients of institutions with established brands, cybercriminals are creating sites that resemble legit site doubles. The fake sites are used to steal the credentials of clients of the targeted institutions. These criminals may also create mobile banking apps that look like the actual ones and use them to collect login details of the users of targeted banks.Decentralization of dark web markets
Vendors on the dark web are getting more concerned over their anonymity and security of their funds in centralized marketplaces. This has prompted most vendors to move into decentralized marketing which offers more privacy and guarantees against surveillance by LE. Vendors and buyers have been using private messaging apps to carry out trades for some time now. Decentralization makes it impossible to monitor cases of leaked or stolen data, or to even learn of planned cyber-attacks.
Advanced Persistent Threat (ATP) Groups
Cybercriminals have joined to form groups that wage cyber-warfare against financial institutions either for monetary gain or to acquire intellectual property mainly when sponsored by states. The kind of motivation portrayed by ATPs makes it hard to entirely prevent cyber-attacks since ATPs launch well timed attacks. The year 2017 witnessed a large number of ATP attacks.Cyber-extortion
Cyber criminals are using extortion attacks to threaten financial institutions into paying large sums of money in cryptocurrencies or risk exposure of the credentials of their clients. Cyber-extortion is very effective because institutions are always willing to do anything to protect their image and clients’ information.A gang of hackers known as Rex Mundi used extortion to threaten firms that it hacked.
All these and many other developments have empowered cybercriminals making them feel invincible while intimidating their targets into feeling helpless.
0 comments:
Post a Comment