Financial services targeted for 13% of cyber attacks, mostly ransomware

Rick Steves

“An ounce of prevention is worth a pound of cure when it comes to ransomware, so we encourage all businesses to constantly evaluate the security controls they have deployed rather than waiting for an incident to occur.”

The Threat Landscape Report released by Kroll revealed ransomware as the dominant threat type in Q3 2021 as this kind of cyber attack has more than doubled since Q1 2021, from 20% to 46%, fuelled by an exponential increase in the initial access broker marketplace.

Business email compromise (BEC) incidents fell by 4% quarter on quarter, accounting for 29% of attacks in Q3 and becoming the second most common dominant threat type.

Incidents of unauthorised access and the risk of insider threats also increased, but to a lesser extent than ransomware, accounting for 25% of incidents in the same period.

Financial services sector accounts for 13% of cyber attacks

The report on the evolution of cyber threats will be published quarterly and will include the most prominent attack methods, actor groups, targeted sectors, and risks on the horizon.

Ioan Peters, Managing Director and Co-Regional Lead in EMEA for Kroll’s Cyber Risk practice, commented: “Ransomware remains a huge threat to organisations of all shapes and sizes. We’ve seen threat actors mobilise and expand their efforts since the beginning of the pandemic, and incidents like the Conti leak only serve to democratise the methods used by cybercriminals to gain access to businesses.

“An ounce of prevention is worth a pound of cure when it comes to ransomware, so we encourage all businesses to constantly evaluate the security controls they have deployed rather than waiting for an incident to occur.”

According to the Kroll report, the financial services sector is one of the most heavily targeted industries by cyber criminals, accounting for 13% of all attacks, which include ransomware and business email compromise.

The professional services sector remained the most targeted sector, accounting for 22% of cyber threats, most likely due to attackers increasingly utilising supply chain breaches within professional services firms to reach as many victims as possible in a single attack.

Technology and telecommunications (13%), health care (12%), and manufacturing (10%) are other highly targeted sectors. Altogether, the five abovementioned sectors account for 70% of cyber attacks.

Peters added: “Attacks on the global health care sector are particularly astounding given the strain on these services through the pandemic. Following an initial ‘ceasefire’ from threat groups in March 2020, the Conti group, which accounted for the largest number of incidents in Q3 (31%), has developed a reputation for targeting hospitals and other emergency medical services. Sadly, these attacks can result in life-threatening consequences, and therefore, these organisations do need to focus on ensuring that they have all possible safeguards in place.”

FinanceFeeds webinar: Expert panel to discuss market data for multi-asset brokerages  

Phishing and social engineering are top infection vectors

The research study also found that phishing and social engineering remained the most prominent infection vectors, but third-party vulnerability exploitation is the most fast growing infection vector, up by 12% QoQ.

Threat actors have weaponised the pandemic and used it as an opportunity to hit vulnerable businesses as they move more of their operations online.

“As the pandemic continues to impact the way we work globally, the risks poised from threat actors looking to take advantage of business vulnerabilities have increased as security teams struggle to keep up”, Ioan Peters continued.

“Businesses must ensure they are evolving with threats to ensure maximum protection for their business and clients. Strong identity protection such as multifactor authentication (MFA) is often the best step a business can take to protect itself in terms of outlay and reward. It’s relatively simple to set up and can prevent an overwhelming majority of attacks. A large majority of Q3 victims were businesses that did not have fully implemented MFA in place.”

Read this next

Market News

Unravelling the Yen Surge and BoJ Policy Speculations Impacting USD/JPY

The recent downturn in the USD/JPY pair due to the yen’s strength, driven by speculation about the Bank of Japan’s potential tightening of monetary policy.

Digital Assets

Himalaya Exchange customers seek release of frozen funds from DOJ

FormerFeds, a corporate defense and litigation service provider, has filed a lawsuit against the U.S. Department of Justice (DOJ) on behalf of over three and a half thousand Himalaya Exchange customers.

Digital Assets

Nubank, Circle, and Talos join forces for crypto adoption in Brazil

Nubank, the Brazilian neobank backed by Warren Buffett’s Berkshire Hathaway and Softbank Group Corp, announced new partnerships with cryptocurrency firms Circle and Talos.

Metaverse Gaming NFT

Flare onboards Ankr, Figment, Restake, and NorthStake as validators

Flare, an EVM smart contract platform known for its focus on blockchain data utility, has announced a major step in its development. The platform has onboarded leading infrastructure providers, including Ankr, Figment, Restake, and NorthStake.

Digital Assets

Sui Joins DeFi Leaders, Topping $100M in Bridged USDC

Sui, the groundbreaking Layer 1 blockchain created by the technology experts who led Meta’s Diem blockchain initiative and created the Move smart contract language, continues its explosive ascent in decentralized finance (DeFi). This week, it surpassed $100 million in bridged USDC. 

Digital Assets

Poloniex hit by UK regulator, listed as ‘unauthorised’ exchange

The UK’s Financial Conduct Authority (FCA) has added the cryptocurrency exchange Poloniex to its warning list of non-authorized companies. Poloniex, which is based in Seychelles, has experienced four hacks in the last two months and is affiliated with entrepreneur Justin Sun.

Industry News

Exclusive Markets is Proudly ISO/IEC 27001:2013 Certified by MSECB for Unparalleled Commitment to Information Security

Exclusive Markets, a leading name in the FINTECH sector, proudly announces the attainment of ISO/IEC 27001:2013 Certification by the MSECB. This esteemed certification highlights Exclusive Markets’ persistent commitment to fortifying information security within its cutting-edge trading technology. 

Digital Assets

SEC is discussing ‘technical details’ of Bitcoin EFTs ahead of approval

Discussions between the U.S. Securities and Exchange Commission (SEC) and asset managers seeking to list Bitcoin exchange-traded funds (ETFs) have reportedly advanced to key technical details.

Digital Assets

Versatus Labs Reaches $50 Million Valuation Following $2.3 Million Seed Funding Round

Versatus Labs, a peer-to-peer web services protocol aiming to help Web2 developers transition to Web3, has completed a $2.3 million funding round at a $50 million valuation led by key investors in the Web3 space including NGC Ventures and Republic Crypto. The latest funding round aims to help the company develop the ‘world’s first stateless roll-up’, Versatus LASR. This follows Versatus Labs’ recent pivot from Layer 1 solutions to Ethereum scaling solutions. 

<