Threat actors are taking aim at the financial tech sector and upping the ante when it comes to email attacks. That’s according to research from Abnormal Security that found increases year over year in advanced email attacks (23%) and phishing (17%), with business email compromises largely staying stable.
Surprisingly, the most successful attacks are ones that ask for a simple favor. Those attacks work so well, Abnormal Field CISO Mick Leach told IT Brew, because of how people tend to be naturally ready to help.
“Bad actors seek to prey on employees’ kindness and desire to assist,” Leach said, adding that financial institutions are “more susceptible and they’re more inclined to pay to protect the sensitive data of their folks, as well as the financial assets that they have under management.”
Letter box. The increase in email attacks—as opposed to social engineering and malware—could be seen as a continuation of what some in the cybersecurity industry refer to as the attack atmosphere. Conceptually separate from the attack “surface,” the “atmosphere” refers to a diversity of tactics by threat actors. Chris Goettl, VP of product management at Ivanti, told IT Brew that the atmosphere is a change that was inevitable.
“Each of those things are just an evolution of behaviors that existed before with threat actors,” Goettl said. “They’re just getting more and more sophisticated.”
Abnormal’s research seems to confirm this, Leach said, as threat actors “are looking for every single way that they can compromise someone.” The size of financial services firms make them particularly susceptible to attacks that prey upon the give and take nature of comms, something that phishing emails take advantage of normally. Phishing works on the principle of reciprocity, NCC Group Technical Director of Risk Management and Governance Sourya Biswas told IT Brew.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
“That’s why you will see that some of these phishing emails are worded as, ‘Click here to do something,’” Biswas said. “Click here is the, ‘Do something for me,’ and then you will get this benefit, such as click here to access your new salary.”
Specifics. Handling so much sensitive information, financial firms are open to reciprocity attacks—the threat surface is vast, requiring a wide net of attacks; if one gets through, that’s a success. It’s a bit of a numbers game, and AI, with its automation potential, is making things even harder.
“Many of these big companies don’t even know who all they are doing business with,” Leach said. “We’re seeing lots of bad actors that are doing vendor email compromise, whether that’s spoofing a current supply chain vendor, or actually compromising one of those vendors and then sending fraudulent invoices to a very large organization who may or may not realize who all they do business with.”
Repair work. Defenders need to be aware of the threat level, Leach continued, and that things are changing. AI means that attackers are able to spin up infrastructure quickly, registering domains and setting up what seems like a legitimate source with ease. Grammatical errors aren’t so easy to spot anymore.
“If I understand what normal looks like in an environment—who your folks are, how they communicate, who they work with on a daily basis, the way that they communicate, the types of business that they do—the easier it is for me to spot anomalous activity,” Leach said. “I think that ultimately is going to be the key going forward, that is how we solve this problem in the long term.”