The news: Banks are doubling down on their security budgets this year to protect against a spike in destructive attacks, ransomware, and “island hopping”—a term describing the process of undermining a company's cyber defenses by going after its vulnerable partner network, rather than by launching a direct attack.
That’s according to cloud computing and software provider VMware’s report, “Modern Bank Heists 5.0.”
- Its findings are based on a February 2022 survey of 130 chief information security officers and security leaders at financial institutions, 41% of which were headquartered in North America.
By the numbers: The majority of financial institutions surveyed plan to increase their security budget this year.
- Seven out of 10 financial institutions that VMware interviewed aren’t spending more than 12% of the overall IT budget on security. But the majority of financial institutions plan to increase their budget by 20% to 30% this year.
- IBM’s most recent report on cyber attacks found that the financial industry is already spending the second-most of any industry fighting off attacks, with an average cost of $5.72 million per data breach.
- Just a few years ago, Accenture found financial services to be the most expensive industry from which to fight attacks. For example, Bank of America’s CEO Brian Moynihan said it spends over $1 billion yearly on cybersecurity.
Destructive attacks: The VMware report indicates that 63% of financial institutions experienced an increase in destructive attacks, an increase of 17% from last year.
- Destructive attacks are launched punitively to destroy data and dismantle subnets. Typically, cybercriminals leverage these attacks as an escalation to destroy the evidence as part of a counter-incident response.
- Destructive malware variants seek to destroy, disrupt or degrade victim systems by encrypting files, deleting data, destroying hard drives, terminating connections, or executing malicious code.
- In the financial industry, companies reported 703 cyber attack attempts per week in Q4 2021, a 53% increase over the same period in the previous year, per Banking Journal. Some studies estimate that, on a global scale, the rate of cyber attacks is one every 10 seconds.
Ransomware: In addition, 74% of respondents experienced one or more ransomware attacks, and 63% of those victims paid the ransom.
- Uses remote access trojans (RATs) that help cybercriminals gain control of systems.
- Attackers can choose from an array of readymade and available ransomware kits—for example, from Conti, a ransomware group known for its ransomware-as-a-service (RaaS) structure. Cybercriminals use the kit to compromise a network, encrypt sensitive files within the network, and send the victim a ransom note that asks for crypto in exchange for a decryption key that will unlock access to the files.
- The cryptocurrency investigation and compliance solutions provider Chainalysis corroborates this finding: It’s identified more than $602 million worth of ransomware payments paid in 2021—with the Conti ransomware gang accounting for $180 million—although it says the true total for 2021 is likely to be much higher.
- In a six-month span last year, the financial crimes investigation unit of the US Treasury Department (FinCEN) said it identified approximately $5.2 billion in outgoing bitcoin transactions potentially tied to ransomware payments.
- Governments are now persecuting crypto exchanges that facilitate financial transactions for ransomware attackers; for example, the US Department of the Treasury Office of Foreign Assets Control’s (OFAC’s) issued sanctions against the Suex cryptocurrency exchange in September 2021.