Cyber criminals tend to target financial services organizations as the customer and financial data found in account statements, loan applications, insurance claims, and such documents are very lucrative – especially in high volumes. During and after the recent pandemic, we have a meteoric rise in cyber attacks on banks and financial institutions (FIs). Consider getting in touch with Cybersecurity for finance in Vancouver if you have experienced a breach recently.
What’s worrying is not just the volume of attacks, but the overall growth in complexity, efficiency, and speed of attacks. Ongoing threats to financial institutions are costing billions and The World Economic Forum estimates that the cost of cybercrimes over the next five years could reach $8 trillion USD. Cybersecurity in finance in Vancouver has some great resources on the impact of cybersecurity threats locally.
The State of Cybersecurity in Financial Services
More than 90% of cyberattacks targeted at Financial Services currently come from the following types of attacks:
SQL injection (SQLi)
In this type of attack, a potential hacker can add malicious Structured Query Language (SQL) code to a Web form input box to essentially request entry to act on the database. This often allows access to unauthorized resources or, enables the hacker to make edits to sensitive information. SQL injection is a very common type of web attack used to steal sensitive data from financial organizations. SQL Injection attacks can impact any data-driven application built on a SQL database but are commonly used to attack websites. This type of attack leverages existing improper coding and vulnerabilities of web applications that allow such malicious SQL statements to enter and query the database directly. ActiveCo’s IT Security in Vancouver have more details on SQL injection attacks.
Local File Inclusion (LFI)
File inclusion vulnerabilities include serious information security vulnerabilities like Remote File Inclusion (RFI) and Local File Inclusion (LFI). These are found in PHP script-based web applications, but can also occur in JSP, ASP, and other code. This type of attack allows executable inputs to the target application without validation. This is generally done by taking advantage of codes that cannot securely parse “include” statements. This ultimately leads to the application building a path to malicious executable code. This can be then run on an attacker-controlled variable (e.g., a cookie). LFI attacks exploit various scripts running on servers and allow for code execution on the webserver or, on the client-side, Denial of Service (DoS) or, website defacement, and/or data theft. The difference chiefly lies in if the malicious file is stored remotely or, only on a local server. LFI attacks can also be used for Cross-Site Scripting (XSS) and Denial of Service (DoS) attacks. Cybersecurity Services in Vancouver can help secure your business from LFI attacks.
Cross-Site Scripting (XSS)
Cross-site scripting (XSS) involves attaching malicious code to a legitimate website that gets executed whenever a visitor tries to load the website. The malicious code is generally inserted by adding it to the end of the URL or, even through a direct post on a page of user-generated content. Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF) attacks can happen without the user even becoming aware of them leading to data compromise on the part of the user, or theft from financial accounts.
OGNL Java Injection
Object-Graph Navigation Language is an open-source expression language for Java-based entities. It is used in Apache Struts, a common development framework for Java-based enterprise web applications. With OGNL’s inherent ability to create or change executable code, it also has the ability to write in critical security flaws to any framework that makes use of OGNL. Please consult IT in financial services in Vancouver to know more. OGNL Java Injection attacks involve using OGNL to execute malicious code. Object-Graph Navigation Language is an open-source Expression Language (EL) for Java objects. OGNL expression injection attacks allow for evaluation of invalidated expressions against the value stack. This allows malicious attackers to modify system variables or, run arbitrary code.
Top 3 cyber threats to the banking and financial sector:
Phishing and DDoS
Object-Graph Navigation Language is an open-source expression language for Java-based entities. It is used in Apache Struts, a common development framework for Java-based enterprise web applications. With OGNL’s inherent ability to create or change executable code, it also has the ability to write in critical security flaws to any framework that makes use of OGNL. Please consult IT in financial services in Vancouver to know more. OGNL Java Injection attacks involve using OGNL to execute malicious code. Object-Graph Navigation Language is an open-source Expression Language (EL) for Java objects. OGNL expression injection attacks allow for the evaluation of invalidated expressions against the value stack. This allows malicious attackers to modify system variables or, run arbitrary code.
Apart from using AI to steal sensitive data, hackers are increasingly using AI to manipulate legitimate AI data or algorithms, or automate tasks in cyber-attacks. AI is also increasingly used for identity theft where it is used to impersonate authorized users and bypass network defenses. AI technologies are also helping hackers create new cyber-threats. For example, the financial services industry recently witnessed the Emotet trojan malware that was a prototype, highly targeted, AI-based cyber threat. AI is also being used to create highly creative “deep fakes” that replicates a person’s voice and image. You can easily imagine the consequences of these technologies if they were used to emulate people in positions of significant power.
Advanced Persistent Threats
Advanced Persistent Threats (APTs) are generally used as a long-term tool in cybercrime. APTs need a high degree of stealth over prolonged periods. The point is not just to infiltrate the organization, but to build in enough backdoors and vulnerabilities to be able to remain present in the system even if earlier breaches are detected and patched. In this type of attacks, hackers generally have an objective beyond immediate financial gain, and tend to take advantage of compromised systems long after their initial goals are reached.
Rising volume and cost of malicious insider attacks
According to a report entitled ‘Unlocking the Value of Improved Cybersecurity Protection’ by Accenture and the Ponemon Institute, malicious insider attacks are the most expensive attacks for financial services firms. Each of these attacks cost an average of US$243,000 per attack to resolve. Moreover, this kind of attack also takes a long while to be resolved with an average resolution timeframe of 55.1 days on average. Financial services IT consulting in Vancouver can help your company recover quickly from recent breaches.
Banks will invest in managed security and integration services
It is critical for Canadian banks to protect their financial system and customers’ personal information from cybercrime. However, the way security is structured and orchestrated in the bank’s overall organization architecture may ultimately determine its effectiveness. This includes factors like who the CISO reports to within financial services, the level of board interest involved, how much and where the bank decides to externally source risk management functions, and if IT spending financial services does fall in the bank’s investment priorities. Apart from investing more in managed security and integration services, banks are increasingly turning to MSPs like ActiveCo for cybersecurity measures in Vancouver for end-to-end secure technology implementation.