Julien Eichinger - stock.adobe.c

Coronavirus: Cyber attacks on banks seen spiking, says Carbon Black

VMware’s Carbon Black observes a spike in cyber attacks on financial services organisations

In what has been referred to as an “unprecedented anomaly”, cyber criminals are increasingly targeting the financial services sector during the Covid-19 coronavirus pandemic, with attacks on banks and other financial institutions spiking by 38% between February and March to account for 52% of all attacks observed by VMware’s Carbon Black Cloud.

The sudden shift observed by Carbon Black threat researchers Patrick Upatham and Jim Treinen was also reflected by equally sharp declines in other verticals. Retail, for example, accounted for 31% of observed threats in February, but this dropped to 1.6% in March, suggesting that the shutdown of vast swathes of the industry has caused cyber criminals to turn their attention elsewhere.

Equally, healthcare, which usually falls in the top three verticals for targeting by malicious actors, ended March as the seventh most frequently attacked industry.

“As the Covid-19 battle continues globally, it is clear attackers will continue to target vulnerable populations and organisations,” wrote Upatham and Treinen in a blog detailing their findings.

“As the VMware Carbon Black Threat Analysis Unit (TAU) has found, attackers have been using Covid-19 to launch phishing attacks, fake apps/maps, trojans, backdoors, cryptominers, botnets and ransomware. Increased vigilance and visibility into enterprise-wide endpoint activity are more paramount than ever.” 

Upatham and Treinen revealed that of the 52% of attacks targeting the financial services sector in March 2020, 70.9% of those came from the Kryptik trojan, a particularly nefarious and persistent threat, which targets victims through malicious installers and them tries to acquire admin rights to make registry modifications to let it execute each time a Windows machine boots.

Without the appropriate visibility tools, it can be very hard to spot because it tends to delete its executable file after running to obfuscate itself.

While overall volumes of cyber crime have remained relatively constant as the pandemic has developed, Carbon Black’s analysts said they had seen a clear correlation between notable coronavirus-related news and cyber attacks.

“Cyber criminals often exploit fear and uncertainty during major world events by launching cyber attacks,” they said. “These attacks are often performed with social engineering campaigns leveraging malicious emails that lure victims to install malware that steals financial data and other valuable personal information or, in some cases, turns a user’s computer into a cryptomining zombie.”

For example, Carbon Black observed a 48% spike in attacks over baseline levels on 30 January, the day the US announced its first case of Covid-19; a 64% spike on 29 February, when multiple US states declared public emergencies; a 28% spike on 8 March, when Italy went into full lockdown; and a 22% spike on 11 March, when the World Health Organization declared Covid-10 a pandemic.

Read more about the Covid-19 impact on security

Upatham and Treinen said their findings highlighted the importance of incorporating threat data analytics services into organisational cyber security postures to help security teams keep pace and stay ahead of attackers by observing wider trends in behaviour.

“Without big data analytics, companies can only focus on finding and stopping known methods and attacks, which leaves them vulnerable to new and emerging attacks,” they said. “Security teams must be able to predict and prevent not only known attacks, but future and unknown ones, too.

“Innovative processes like big data analytics take advantage of all available data – unfiltered endpoint data, event streams, attackers’ tactics and techniques, global threat intelligence, and more – to provide the most comprehensive protection possible.”

Read more on Upatham and Treinen’s findings here.

Content Continues Below

Read more on Hackers and cybercrime prevention

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

The Corona – pandemic has turned daily life upside down. The global marked is bleeding, countries are closing down and many people are infected or yet to be. But in these troubled times another danger is showing its teeth – Cyberattacks:

The hackers and scammers are again using chaos on their behalf to make even more global damage than the pandemic itself.

Scams and fishing

Scammers are using the chaotic situation – an anxious population, excessive demands for goods no longer in stock, and masses of disinformation on social media – on their behalf to trick people to steal their money or sensitive information. And with half of the population working from home meaning the security is in its lowest, the situation is even more dangerous. Weliveseciruty.com wrote an in depth article here. The following is examples of the trendy Corona-scams.

Malicious news, meaning fake emails pretending to be WHO or some other health organisation that advocates to click a button. But the button will do no other than install a trojan in the system that hackers and scammers can use to steal your stuff. The picture is an example of a fake mail.