Even with robust cybersecurity programmes, large institutions are vulnerable to attacks through third-party suppliers. Smaller institutions are at even risk.
FS-ISAC (Financial Services Information Sharing and Analysis Center) has warned in a new report that ransomware attacks are a rising threat to financial institutions.
In the last four months, ransomware operators have publicly claimed successful attacks against eight financial institutions, including three banks, the report says.
FS-ISAC warns that while large institutions may be able to prevent ransomware attacks on their own networks, they can still be impacted by third party suppliers who are often the key targets.
“Smaller institutions with less sophisticated defenses are even more vulnerable to direct attacks,” the report says, pointing to the threat from sophisticated criminal groups as well as from novice criminals who buy ready-made attack products or kits.
The report points to three new revenue streams being employed by ransomware attackers, which heighten the risk to firms, namely:
- Extorting victims by threatening to publicly name them and publish sensitive data online
- Auctioning off victims’ data to other criminals on the dark web
- Ransomware-as-a-service, where less technical criminals can buy ransomware kits from more sophisticated threat actors
“In the APAC region, ransomware represents a rising number of attacks, though they often go unreported,” says Teresa Walsh, Global Head of Intelligence at FS-ISAC. “Threat intelligence is crucial in anticipating and preventing attacks and can also help firms mitigate the fallout from a successful attack.”
The report says threat intelligence can help prevent attacks by enabling institutions to construct pre-emptive defences to known attackers, several of which are named in the report. Such intelligence information can help also firms decide on next steps in the event of a successful attack.
“Knowing the type of ransomware used in the attack can help the victim assess the attacker’s identity, motivations, and attack patterns, such as whether the attacker is known to offer a decryption tool after payment.”
The report, available here, provides…