Why are cybercrime cartels ransacking financial institutions (FIs)?
As bank robber Willie Sutton famously put it, yes, it’s because that’s where the money is. But according to Contrast’s 2023 Cyber Bank Heists report, nowadays, they’re not just trying to move money. They’re not just conducting brokerage fraud or wire transfer fraud.
No, they’ve moved beyond those old-school frauds. The new threat is to nonpublic market information: They’ve realized that that’s the real pot of gold.
Economic espionage
The report tracks upward trends in cyber campaigns designed to steal nonpublic market information, including portfolio positions, merger and acquisition information, and more. In fact, 50% of respondents reported that they’ve detected campaigns to steal this precious, nonpublic market information.
Cyberattacks that target market strategies are a form of economic espionage that can be used to digitize insider trading and to front-run the market, the report explains. Front-running is the illegal practice of purchasing a security based on advance nonpublic information regarding an expected large transaction.
Although FIs report a spike in this type of eFraud, it isn’t new. As far back as 2016, for example, the U.S. Attorney’s Office for the Southern District of New York announced that it had arrested a resident of Macau for insider trading on charges that he and two other Chinese men had hacked information about high-profile M&A transactions out of two law firms.
After planting malware on email servers, the three hackers allegedly made more than $4 million off the information they stole, buying shares for cheap before anyone else knew that the value of those shares were on the brink of skyrocketing due to the acquisition — specifically, Intel's $16.7 billion merger with programmable chip maker Altera.
The Cyber Bank Heists report
The increasing predation on nonpublic market information is just one takeaway from the 2023 Cyber Bank Heists report, which portrays the current threat landscape to the financial sector as depicted by FI CISOs, SVPs of Cybersecurity, and Managing Directors of Information Security from the global Tier 1 (those FIs with a minimum of $200 billion in assets) and Tier 2 (those with between $5 billion and over $10 billion in assets).
The report covers three areas of cybersecurity concern to FIs:
- Cyberattack trends,
- eFraud and
- Trends in cyber defense.
This post examines the eFraud trends uncovered by the Cyber Bank Heists research. As well, check out this overview of the report’s findings on cyberattack trends in the financial sector. For a look at how FIs are — or should be — fending off these threats, check out our writeup of trends in cyber defense.
Wire transfer: It’s old hat, but it’s still around
The FIs that participated in the research reported that wire transfer fraud is still a concern. In fact, they’ve experienced a sharp increase in this type of eFraud, with 48% reporting an increase in wire transfer fraud.
In response to rampant wire fraud, New York last month —January 2022 — passed legislation to protect people, mandating that banks and wire services warn customers before transferring wads of cash via wire transfer or cash applications.
In reporting on the legislation, ABC7NY noted the case of retired NYPD police officer Victoria Batiste, who saw a wire transfer worth $632,000 go up in smoke after the sale of her town home closed.
She got her money back — eventually — but only after a week of sweating bullets.
Although wire transfers are still a major challenge to FIs, it’s not the biggest funds-transfer fraud cybercriminal conspiracies are engaging in. That dubious honor goes to business email compromise (BEC) — an industry that’s expected to reach $3.3 billion by 2028 — and digital check fraud.
Ransomware: Down but not out
FIs also reported being stalked by some familiar faces: namely, ransomware from groups including Conti, LockBit, DarkSide, Yanluowang and Vice Society. Forty percent of respondents reported that they’d been victimized in ransomware attacks this past year. It sounds like a lot, but it’s been worse. The improvement comes from brawny policing actions coming from the likes of Europol, the FBI and the U.S. Secret Service, which have been successfully sticking spokes in the wheels of ransomware operators’ infrastructure, forums and alternative payment methods.
Regardless of those efforts, experts warn that the Ransomware-as-a-Service ecosystem is flourishing, and that the financial sector remains a primary target.
For whatever good news there is for the financial sector, there’s a bushel of bad news, including the growing frequency and severity of cyber incidents. It’s just not enough to turn the tide, according to experts who weighed in on the report — all the more reason to check out the report’s findings on trends in cyber defense, which we cover here.
You can download the full 2023 Cyber Bank Heists report here.