I’m sure it’s not a surprise for you if I say, the favorite target of hackers is the financial industry and the reason is pretty straight forward. As per a report published by Market Expertz, cyber-attacks against financial services increased by 70% in 2017. There is no doubt that, vast amount of money flow in banks and other financial institution attracts cyber criminals. That’s why, cyber-attacks cost financial services 300 times more than any other industry.
Daniel Schulman (President and Chief Executive Officer, PayPal) once said in an interview that, an average American business attacked by cyber criminals amounts to 4 million in numbers per year, while a typical American financial service is attacked 1 billion times a year. Cyber-attacks on financial services are devastating and the threats are shockingly increasing day by day.
- On 10th of July, a phishing mail from cyber criminal took down the payroll system of Arlington Co.
- 250 GB data compromised from Brazilian financial services because of unprotected server, reported on 22nd of July.
- Dutch Bangla Bank Limited (DBBL) lost 3 million dollars last month, claimed to be hit by a hacker group name “Silence”.
- Huge loss of financial and personal records from Australians’ banks, as hackers breached thousands of banks accounts.
- On 5th of Aug, Monzo told 480,000 customers to change their PINs as they found a security breach in their system.
- European Central Bank claims that one of their websites was hacked and that hackers have possibly stolen customer data
- A million people, figure prints and facial recognition data has been compromised, as a major breach was found in the UK banks’ biometrics.
After reading the above facts, you might be thinking whether or not your bank is secure enough. Though banks and other financial services deploy major cyber security implementations in their systems, but in some scenarios they still fail. Every year governments and financial organization around the globe invest millions of dollars in cyber security but the hackers still manage to bypass those securities.
Credit unions have developed a specialized and sophisticated cyber security system, though on the other hand cybercriminals are also getting well equipped day by day. The hackers are better organized, well financed, using automated tools and proficient in machine learning.
Early 2019 had seen a sudden rise in phishing attacks on credit unions of the U.S. and on 30th Jan, almost every BSA (Bank Secrecy Act) officer at various credit unions had received a malicious mail from hackers.
Email was addressing every recipient by their names and claimed that some of the credit union customers have suspiciously transferred money from one account to another and for a proof hackers also attached a PDF with the email. This entire matter disclosed, when someone analyzed that the mail body is full of grammatical errors and those mails were sent from the IDs which were not in the database of the credit union to begin with.
Banking malware first introduced in 2014 as Emotet, a banking trojan. The main purpose of this malware is to sneak into your system to steal personal information as well as credentials. In 2018, 889,452 attacks were registered against banking malware which surprisingly hiked by 15.9% in comparison to 2017. Even today, users from India, United States, Russia, Germany, Italy, Vietnam and China are frequently getting hit by banking malware.
DDoS (Distributed Denial-of-Service) is another huge threat to banks. On August 28, 2018, Bank of Spain had reported that their website went offline for a day as they struggled, with a sudden DDoS attack.
And later on, they revealed that there was no major incident of data breach. But not all banks were that much lucky, as on 29th Jan in the same year, 3 banks (ABN AMRO, ING and Rabobank) again suffered from DDOS attack. A representative from ABN AMRO first revealed that they are suffering from DDOS attack. He also mentioned that at one point security of payments and client data was under a huge threat.
Same as other financial institutions, insurance companies are also facing cyber threats frequently. This July, State Farm insurance notified their policyholders that, they got hit by credential stuffing attack. This attack was disclosed when State Farm observed much higher login attempts than usual.
Immediately after the event, state farm had reset the password for affected accounts. Company also explained that none of the personal information of any customer had exposed.
Anthem insurance company had suffered from a vast data breach in 2015. In this incident, hackers had stolen all vital information like the names, date of birth, home addresses, social security numbers and other personal information of almost 78.8 million current and former customers, including employees. For inquiry, FBI had approached and they verified that none of the Anthem member’s data was sold or used in some mischief activities.
Nowadays, cryptocurrency is on its peak and millions of people all around the globe are investing a huge amount of money in various cryptocurrency exchanges. Here as well, hackers have adopted a new strategy of attack known as “crypto jacking.”
In this case, hackers looks for computer systems to install a software for generating bitcoins and other cryptocurrencies. They will not ask you for ransom or encrypting any data. Instead of all this, they work silently in the background for making new cryptocurrencies on your money.
In July 2019, Bitpoint (a licensed cryptocyrrency exchange) in Japan had experienced a loss of US 32 million dollars (3.5 billion Yen) in crypto assets in which 2.5 billion Yen belonged to customers. This hack was primarily focused on five cryptocurrencies: Bitcoin, Bitcoin cash, Ethereum, Litecoin and XRP.
Immediately after this incident Bitpoint had halted all trading activities which means no one can invest or make any withdrawal.
Every day hackers come with a new solution to breach world class security. As we have witnessed in the past that Ransomware hasn’t left any of the industry by its impact.
That doom day is not so far when we again hear some devastating news about major cyber-attack. Cyber security organizations need to dig deep and come out with a solution to stop these events in the future.