Cybersecurity firm Carbon Black has unveiled its Modern Bank Heists report into the global threat to the financial services industry from online fraud.

For the report, Carbon Black employed researchers to quiz 1000 information security officers including representatives from four of the world’s 10 biggest banks.

The report’s main findings were that attempts at online bank robbery have boomed, with 67 per cent of the survey sample reporting an increase in cyberattacks in the last year.

A quarter (26 per cent) said they were targeted by destructive attacks, which are attempts at destroying data rather than extracting money. This is an increase of 160 per cent on 2018. Carbon Black says this is evidence that a new form of data hostage taking is evolving.

There are several genres of cyber shake-downs evolving, including Island Hopping, Water Hole attacks, Wire Transfer fraud and Home Equity Loan stings.

Island Hopping, in which supply chains and partners are commandeered in order to target a financial institution, was experienced by 32 per cent of the survey group. Water Hole attacks were mounted on 21 per cent of the study group. In these attacks, financial institution and bank regulation websites are hijacked and used to pollute visitors’ browsers. This tactic is increasing as cybercriminals exploit the trust consumers have in bank brands.

The wire transfer sting was attempted on 47% of the financial institutes quizzed. No figures are available for the number of successful attempts that this represents. These attacks exploit business process gaps in the wire transfer verification process. Sometimes they use social engineering attacks to target customer service representatives and consumers directly.

A third (31 per cent) of the survey group saw an increase in Home Equity Loan fraud, where malicious actors target consumers through spear phishing or making direct withdrawals from Home Equity Line of Credit (HELOC) accounts. They do this by exploiting business process gaps and online account compromise.

The biggest proportional crime wave rise was in the sophistication of crime against financial institutions. Near four-fifths (79 per cent) of those surveyed said cybercriminals are much more sophisticated, mounting social engineering attacks to exploit weaknesses in people, processes and technology.

“The modern-day ‘Dillenger’ gangs are evolving their attacks,” said the report in conclusion.

Depression-era bank robber John Dillinger won popular support in the US for robbing 24 banks and four police stations. Hopefully, cybercriminals will not win popular acclaim.


by Nick Booth