The Financial Sector is Plagued by Increasingly Sophisticated Cyberattacks That Demand a Defensive Paradigm Shift, According to the Modern Bank Heists Report from Contrast Security
The report reveals the top attack vectors & cyber trends now facing global financial sector leaders and the evolving cybersecurity strategies they're using to fight back.
Los Altos, CA — January 30, 2024 — Contrast Security (Contrast), the Runtime Security company and leader in modernized Application Security — today released its Modern Bank Heists report, an annual report that exposes the cybersecurity threats facing the financial sector.
Authored by Contrast’s Senior Vice President of Cyber Strategy Tom Kellermann, the report is a warning to global financial institutions (FIs) that security must be top-of-mind amid evolving cybercrime cartels — cartels that are employing new attack vectors and launching systemic attacks against critical infrastructures within the sector.
In a series of interviews, financial sector CISOs, SVPs of Cybersecurity and Managing Directors of Information Security from around the world revealed specific trends when it comes to notable cyberattacks, e-fraud and cyber defense. Some of the most eye-opening results from the report include:
- 74% detected campaigns to steal nonpublic market information.
- 77% experienced attacks against their application programming interfaces (APIs).
- 58% experienced counter-incident response, with adversaries disabling cybersecurity agents, manipulating logs or timestamps, or launching distributed denial-of-service (DDoS) attacks to slow the victim’s response.
- 58% saw an increase in application attacks, with attacks such as Class Loader manipulation, Expression Language Injection and untrusted deserialization becoming more common and new threats to supply chains targeting software development, integration and delivery infrastructure.
- 48% were victimized by destructive attacks launched punitively to destroy data.
- 45% believe they were victimized in stealthy attacks they weren’t able to detect.
“The magnitude and the complexity of cybercrime attacks continue to grow each year. The ingenuity and imaginations of the criminals are impressive, as the world of cybercrime continues to evolve from past pig butchering, ransomware and business email compromise (BEC) attacks to sextortion and cryptocurrency scams,” said Derek Booth, Assistant to the Special-Agent-in-Charge, U.S. Secret Service and Head of the Mountain West Cyber Fraud Task Force.
“As the criminals’ attacks evolve, the rest of the world must evolve as well, or we will become the next victim,” said Booth.
“Cybercrime cartels have revolutionized their cybercrime conspiracies in the financial sector as they now steal nonpublic market information for the purposes of digital front-running. These same cartels have become punitive against the security team as they leverage destructive attacks so as to hinder the response of the security team. This phenomenon should serve as a harbinger of things to come,” said Kellermann.
The report provides helpful guidance and specific defensive countermeasures to defend against growing cybercrime conspiracies and cyberespionage.
Booth will be joining Kellermann for a webinar at 1 p.m. EST / 10:00 a.m. PST on Tuesday, Feb. 6 to discuss their reactions to the report and the financial security risks impacting organizations this year.
To download the Modern Bank Heists report, please visit https://www.contrastsecurity.com/cyber-bank-heists-report.
To attend the webinar with Derek Booth and Tom Kellerman, please visit
https://www.contrastsecurity.com/webinar-bank-heists-2024.
Check out Contrast’s financial capabilities by visiting https://www.contrastsecurity.com/solutions/financial-services.
About the Modern Bank Heists report:
Authored by Contrast’s Senior Vice President of Cyber Strategy Tom Kellermann, the annual Modern Bank Heist report includes findings from interviews conducted with global financial sector leaders focusing on the current state of security threats and the defensive shifts made by cybercriminals. The report provides an analysis of geopolitical tensions, destructive attacks and zero-day exploits from the previous year. It also offers specific defensive countermeasures that should be employed by FIs to protect against growing cybercrime conspiracies and cyberespionage. To learn more about the annual Modern Bank Heists report, please visit https://www.contrastsecurity.com/cyber-bank-heists-report.
About the author, Tom Kellermann:
Tom Kellermann is the Senior Vice President of Cyber Strategy at Contrast Security, Inc. Previously, Tom held the positions of Head of Cybersecurity Strategy for VMware, Inc. and Chief Cybersecurity Officer for Carbon Black, Inc., wherein he authored the “Modern Bank Heist report” for the past five years. In 2020, he was appointed to the Cyber Investigation Advisory Board for the United States Secret Service. On Jan. 19, 2017, Tom was appointed the Wilson Center’s Global Fellow for Cybersecurity Policy. Tom previously held the positions of Chief Cybersecurity Officer for Trend Micro, Inc., Vice President of Security for Core Security and Deputy CISO for the World Bank Treasury. In 2008, Tom was appointed a commissioner on the Center for Strategic & International Studies' (CSIS’) Commission on Cyber Security for the 44th President of the United States. In 2003, he co-authored the Book “Electronic Safety and Soundness: Securing Finance in a New Age.”
About Contrast Security (Contrast)
Contrast is a leading Application Security vendor providing a unified Runtime Security platform that observes, tests and protects critical web applications and APIs in organizations around the world. Contrast's revolutionary technology enhances software to empower developers and protects against exploitation. Our innovative, instrumentation-based approach embeds trust boundaries in the application for the most accurate and actionable security outcomes in a fully automated manner. Development and security teams realize measurable increases in developer velocity, improvements to security posture and optimized efficiency while saving time and money. Modernize your Application Security program and empower your teams to innovate with confidence. Contrast's mission is to democratize software security and enable amazing Application Security outcomes.
The growing demand for the world’s only platform for code security has landed the company on some of the most prestigious lists, including the Inc. 5000 List of America’s Fastest-Growing Companies and the Deloitte Technology Fast 500 List of fastest-growing companies.
Learn more: https://www.contrastsecurity.com/.
Follow us: Blog | Twitter | LinkedIn | Facebook
Media Contact:
pr@contrastsecurity.com
