The Shifting Cyber Threat Landscape

An image of a lock followed by colorful tendrils.

With the rapid acceleration of cloud software, Internet of Things (IoT) and advancements in FinTech, the financial and technology industries saw significant increases in cyberattacks over the past year. Attackers find vulnerabilities in supply chains and software, capitalize on lax security updates and use social engineering to manipulate end-users.

As hackers become more creative in their subversive techniques, businesses need to become more proactive in educating their workforce and stepping up their cyber incident response plans. Businesses should consult with their vendors, third-party suppliers and stakeholders in every business unit to ensure continuity, mitigate risk and verify that security measures are being employed and regularly updated.    

Below are summarized findings from the recent NTT Security Global Threat Intelligence Report that focus specifically on the finance and technology sectors in the Americas, which account for the most highly targeted attack sectors in this region. Recommendations from the National Institute of Standards and Technology Framework are included here as well. Organizations can also look to the Department of Homeland Security’s National Cyber Incident Response Plan for guidance on dealing with and addressing cyber incidents. 

Finance and Technology Top the List of Targets

Attacks to the finance sector nearly tripled, accounting for 43 percent of attacks compared with 15 percent the previous year. Attacks targeted at the technology industry sector increased to 27 percent of attacks, up from 11 percent in the previous year. For comparison, manufacturing was the most attacked sector in 2016, with 23 percent of attacks, but has since fallen to five percent of attacks in 2017.

The report indicates that the rise in cyberattacks on finance and tech can be attributed to crimes of opportunity. The technology sector has led to significant increases in the U.S. stock market and due to tech's speed-to-market nature, security and user privacy are often not part of developers' skill set. This leaves the door open for vulnerabilities, especially when it comes to the technology sectors' supply chains.

Social Engineering is the Path of Least Resistance

Social engineering as it relates to information security is the psychological manipulation of people into performing actions or divulging confidential information. Attackers convince users to click on links in phishing emails and open malicious attachments.

If you work in an office or in proximity to IT professionals, you've undoubtedly been lectured (repeatedly) on not opening emails from senders you don't recognize or opening attachments when you're not expecting one. But the lectures bear repeating since it continues to fall on deaf ears. Malicious Microsoft Word documents account for 78 percent of phishing campaign attachments in the Americas, using scripts, macros and embedded objects, according to the report. 

With ransomware attacks having increased 350 percent in the past year, cybercriminals will continue to exploit human vulnerabilities to gain access to confidential information. The report notes that despite this increase in ransomware incidents, ransomware incident response engagement fell due to better vendor response, better detection and better incident response plans.

Malware Attacks Explode in the Americas

Malware from spyware/keyloggers accounted for 39 percent of malware in the Americas compared with 26 percent globally. The report notes that this indicates that "attackers were working on short-term attacks, stealing credentials, targeting funds, and often sustaining long-term access to compromised environments." Overall, ransomware volume increased 350 percent globally.  

Drilling down, the top attack types for the finance sector were application-specific attacks, meaning that cybercriminals are utilizing vulnerabilities within software applications. When developers don't apply updated security patches or do not incorporate privacy considerations into the design of their applications, it allows cybercriminals the opportunity to enter without notice.

In the technology sector, the top attack type is known bad sources. The report indicates a known bad source is "a site labeled as a bad actor due to a variety of indicators, including internally identified hostile sites, sites which have repeatedly been responsible for attacks, or signatures and blacklists published by NTT Security threat research teams" and their trusted partners.

Russian Federation Cyberattacks Target Americas

As Russian cyberattacks continue to dominate U.S. news cycles, the Russian Federation made a noticeable blip on the radar in the Global Threat Intelligence Report, ranking in the top five attack sources (the IP address from which a specific attack was launched) against targets in the Americas. In other regions, it ranked no higher than 10th. While attack sources from the Russian Federation accounted for only three percent of all targeted attacks in the Americas, the report notes that the Russian Federation did not appear in the top 10 most active attack sources in any other region except the Americas.

The main sectors targeted by Russian Federation attack sources included business and professional services, technology and manufacturing. The Russian Federation appeared in the top five attack sources for the Americas' technology industry, with the three primary attack types being known bad sources, reconnaissance activities and web application attacks.

With regard to the upcoming 2020 Olympic and Paralympic Games in Tokyo, NTT Security put special emphasis on potential threats to Japan as a result of the games. The report states that countries that have hosted Olympic Games in recent years have been the target of cyberattacks for financial gain, such as counterfeit ticket sales, or retaliatory measures, such as Russian athletes being banned due to allegations of doping and performance-enhancing drugs. During the 2018 Winter Olympics in Pyeongchang, a Russian-linked hacker group leaked email correspondence between the U.S. Olympic Committee and anti-doping officials investigating alleged use of illegal substances by Russian athletes.

National Institute of Standards and Technology Framework Recommendations

Businesses must balance the priority of security with speed-to-market and competitiveness, especially in the technology and finance sectors. Solutions to threats can range from daily due diligence to more sophisticated techniques. Regardless of the approach chosen, the National Institute of Standards and Technology (NIST) highlights cybersecurity frameworks that organizations can use as a cybersecurity roadmap to implement best practices. An updated draft of its Framework for Improving Critical Infrastructure Cybersecurity version 1.1 was released in December 2017.

Notably, the report indicates potential weak links in supply chains: "NIST is hoping that version 1.1 will facilitate greater consideration of supply chain risk within a cybersecurity strategy." This framework, while voluntary to implement with broad guidelines, is intended to allow organizations to tailor solutions for an organizations' unique infrastructure.

Specific recommendations from the report are listed below based on trends in the Americas:

  • Protect against compromises designed to persist – Due to the prevalence of spyware/keyloggers in the financial sector, it is recommended that organizations design and implement a network architecture that isolates different functions and key information into protected subnetworks by using such elevated controls as internal firewalls.
  • Protect against phishing attacks – Training employees to be highly suspicious of unexpected attachments or emails from unrecognized senders is the first defense in protecting against phishing attacks. The report even goes so far as to recommend restricting inbound attachments if it is within the organization's risk tolerance.
  • Filter or block sources – By proactively identifying blacklists and other tools to identify known bad sources can reduce an organization's attack profile. Alternatively, it is recommended to build whitelists or organizations and locations where business is conducted.

Visit the SIG Resource Center for additional information on cybersecurity, including whitepapers, webinar recordings, Summit presentations, industry research and more. The SIG Resource Center is a benefit of SIG membership and is updated regularly with the latest industry insights. Not a SIG member? Reach out to us to learn more about our member benefits.  

Stacy Mendoza, Digital Marketing Specialist

Stacy Mendoza is a Digital Marketing Specialist with Sourcing Industry Group (SIG). Stacy began her career in market research as an editor for Hart Research Associates in Washington, D.C. Since moving back to Florida in 2014, she has worked in marketing and public relations, specializing in content creation, media relations and crisis communications. Stacy is a passionate volunteer who donates her time to help nonprofits develop marketing strategies and awareness campaigns. Stacy holds a Bachelor of Arts degree in English from The Florida State University in Tallahassee, Florida. Follow her on Twitter and tweet at @SIG_Stacy.