Financial services firms vulnerable to 'hidden tunnels'

Vectra says that many global financial services organizations are targeted by sophisticated cyberattackers in an attempt to steal critical data and personally-identifiable information (PII).

  • 5 years ago Posted in
As part of key findings in the new 2018 Spotlight Report on financial services, Vectra disclosed that cyberattackers build hidden tunnels to break into networks and steal critical data and personal information. These tunnels are used to remotely control an attack, known as command-and-control, and steal data, known as exfiltration, while remaining largely undetected.

 

“Cyberattackers continue to innovate by using hidden tunnels to blend in with normal traffic, evade strong access controls, and exfiltrate financial data,” said Jon Oltsik, senior principal analyst at the Enterprise Strategy Group. “The Vectra report provides insights into these attacker behaviors and details what cybercriminals are willing to do to steal personal and private financial information.”

 

According to the Vectra report, security breaches across multiple industries continue in an upward trajectory, and the financial services industry is no exception. But while financial services firms didn’t experience the same volume of breaches as other industries, they still face considerable risk as lucrative targets of cyberattackers in search of a windfall.

 

Vectra found the same type of attacker behaviors across the financial services industry as those that led to the 2017 Equifax data breach. The Equifax breach resulted in the theft of driver’s license numbers, email addresses, Social Security numbers and other personal information from 145.6 million consumers, according to a company filing with the Securities and Exchange Commission. After the breach occurred, it reportedly went undetected for 78 days.

 

Information in the 2018 Spotlight Report from Vectra is based on observations and data from the 2018 RSA Conference Edition of the Attacker Behavior Industry Report. The report reveals attacker behaviors and trends in networks from 246 opt-in customers in financial services and 13 other industries.

 

From August 2017 through January 2018, the Cognito cyberattack-detection and threat-hunting platform from Vectra monitored network traffic and collected metadata from more than 4.5 million devices and workloads from customer cloud, data center and enterprise environments. The analysis of this metadata provides a better understanding about attacker behaviors and trends as well as business risks, enabling Vectra customers to avoid catastrophic data breaches.

 

“Every industry has a profile of network and user behaviors that relate to specific business models, applications and users,” said Chris Morales, head of security analytics at Vectra. “Attackers will mimic and blend in with these behaviors, making them difficult to expose.”

 

“What stands out the most is the presence of hidden tunnels, which attackers use to evade strong access controls, firewalls and intrusion detection systems,” Morales added. “The same hidden tunnels enable attackers to sneak out of networks, undetected, with stolen data.”

 

Key findings from the report include:

§  Vectra detected significantly more hidden command-and-control tunnels per 10,000 devices in financial services than all other industries combined.

§  Vectra detected more than twice as many hidden data-exfiltration tunnels per 10,000 devices in financial services than all other industries combined.

§  For every 10,000 devices across all industries, 11 hidden exfiltration tunnels disguised as encrypted web traffic were detected. But in financial services, that number more than doubled to 23. From August 2017 through January 2018, hidden exfiltration tunnels disguised as unencrypted web traffic jumped from seven per 10,000 devices to 16 in financial services.

§  For every 10,000 devices across all industries, two hidden tunnels disguised as encrypted web traffic were detected. But in financial services, that number more than doubled to five. From August 2017 through January 2018, hidden exfiltration tunnels disguised as unencrypted web traffic doubled from two per 10,000 devices to four in financial services.

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
73% of organizations lack automated patch management, and 62% experienced incidents involving...
Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with...
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to...
Aqua’s cloud native application protection platform becomes the only solution that protects cloud...
54% of organisations working on a security transformation project now or in the next 12 months.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Zscaler Zero Trust exchange cloud-based architecture enables superior green security capabilities...