In a threat analysis post published July 12, 2023, cybersecurity provider SOCRadar said the financial industry has faced a surge in ransomware attacks in recent years.
The trend began in the first half of 2021, when Trend Micro saw a staggering 1318% increase in ransomware attacks targeting banks and financial institutions compared to the same period in 2020.
Sophos also revealed that more than half (55%) of financial services firms will suffer at least one ransomware attack in 2021, up 62% from 2020.
SOCRadar said that while such large numbers have not yet been observed in the last two years, the increase continues.
The financial industry was the seventh most targeted sector by ransomware attackers in the first half of 2023, according to data collected by an outsourced Security Operations Center (SOC) provider. The industry has already had more attacks in this six months than he did in 2022.
“But not only is the frequency of attacks increasing. Ransomware attacks targeting banks have grown alarmingly in sophistication and scope in recent years,” SOCRadar added.
Clop, LockBit, ALPHV/BlackCat
While previous versions of ransomware simply encrypted files quickly, the latest ransomware is more stealthy and much faster. They access networks, search for sensitive data, steal it and encrypt it to maximize impact before detection by security measures.
Financial institutions also hold vast amounts of sensitive data, including information about their customers, partners, and authentication data, making double extortion attacks possible, with cybercriminals first stealing the data and then encrypting critical systems. an ideal target.
Clop is the most active ransomware group targeting banks and financial services, with the February 2023 GoAnywhere attack impacting banks and the MOVEit attack victims including Deutsche Bank, ING Bank, and Japan Post Bank10. more financial institutions are named.
read more: Clop: A Loud, Adaptive, Persistent Threat Group Lurks Behind MOVEit
SOCRadar observed that LockBit 3.0 and ALPHV/BlackCat are also actively attacking banks and financial institutions.
In November 2022, the EU passed the Digital Operational Resilience Act (DORA) to strengthen the resilience of the financial sector.
DORA technical standards will be published in early 2024 and the law will apply to EU member states from 17 January 2025.
