Originally posted on http://www.vmware.com by Tisa Murdock

Digital is transforming every aspect of banking—even bank robbing. And instead of a few bad actors holding up one branch, cybercrime cartels today are trying to lock up an entire financial institution for days, even weeks, while launching follow-on attacks. And they’re not easily deterred.

That’s according to the fourth edition of the Modern Bank Heists report, which annually takes the pulse of some of the financial industry’s top CISOs and security leaders worldwide.

“This year’s Modern Bank Heists report underscores the growing sophistication, tenacity, and downright cruelty of the cybercriminal underworld”

Jonah Force Hill, Cybersecurity Strategist at the U.S. Secret Service

“This year’s Modern Bank Heists report underscores the growing sophistication, tenacity, and downright cruelty of the cybercriminal underworld,” writes Jonah Force Hill, Cybersecurity Strategist at the U.S. Secret Service in the report’s opening.

“Criminal groups launched a torrent of fraud scams, ransomware attacks, and phishing campaigns, all aimed at profiting off of the unprecedented fear and anxiety caused by a once in a lifetime public health emergency,” he says.

Key Findings

The financial services sector is attractive to cybercriminals because success yields credentials, access to financial applications, and ultimately ransomware and other forms of payment. Each time cyber attackers penetrate an institution, they learn more which can encourage them to be more bold.

In response to questions about suspicious activity, counter incident response, island hopping—an attack on an organization that leads to it attacking its own partners or customers—and integrity attacks, these are just some of the key findings the report uncovered:

  • 54% of surveyed financial institutions experienced destructive attacks, a 118% increase from 2020.
  • 38% experienced an increase of island hopping.
  • 51% experienced attacks that targeted market strategies.

“Cybercriminals have learned that the most valuable asset of a bank is nonpublic market information that can be used to facilitate digital insider trading and front running as observed by VMware cybersecurity strategists,” write report authors, Tom Kellermann, Head of Cybersecurity Strategy, and Rick McElroy, Principal Cybersecurity Strategist, both of the VMware Security Business Unit.

Financial Firms Boost Prevention

Because cybercriminals are evolving in attack sophistication and organization and they are increasingly led by cybercrime cartels and nation-states, situational awareness is paramount, according to the report.

Eight in ten (82%) financial institutions surveyed plan to increase their budgets by 10–20%. Spending is expected to be concentrated on:

  • Extended detection and response (XDR) (24%)
  • Threat intelligence (23%)
  • Workload security (21%)
  • Container security (18%)

Defending Against Modern Bank Heists: 8 Best Practices

The report’s authors note that cybercrime escalation has turned into a virtual hostage situation for many organizations. As a result, they encourage financial services leaders to evolve how they respond. And they offer eight people, process, and technology-related best practices for security teams.

Among the best practices are standing up a secondary line of secure communications and ensuring the organization has robust monitoring.

“You must monitor the situation to fully grasp the scope of the intrusion to effectively develop a means of actually removing the adversary from the environment,” write Kellermann and McElroy.

Proactive and predictive technologies can also bolster defenses. Agents, honey tokens, just-in-time administration, workload security and integrated network detection and response with endpoint protection platforms are some of the most effective solutions.

And last, but not least, is the best-practice recommendation to be proactive which includes regularly hunting threats.   

Trust and confidence in the safety and soundness of the financial sector depends on banking leaders and trusted partners like VMware evolving to create greater situational awareness. For example, intrinsic security from VMware is a fundamentally different approach to securing financial organizations. It leverages infrastructure and control points in new ways across any app, any cloud, and any device, combined with threat intelligence, to shift teams from a reactive posture to a position of strength.

Jens Koegler

Jens Koegler is VMware's Healthcare Industry Director in EMEA. He is helping our healthcare customers develop and run modern applications to drive innovation and ensure better patient care through a digital foundation that includes data center, hybrid cloud, mobile, networking and security technologies. VMware plays a strategic role in the healthcare industry. Its leading innovations in enterprise software help ensure consistent patient care and reduce IT access time for healthcare professionals so they can spend more time with their patients. Jens plays a key role in helping customers understand how new applications, devices, the latest IT technologies and digital transformation are driving innovation in healthcare.