Cyberattacks at Banks and Financial Services Organizations | F5 Labs
- by nlqip
A wide variety of organizations fall under financial services, including banks of varying sizes, credit unions, insurance companies, government-sponsored financial institutions, stock exchanges, investment funds, payment processors, consumer finance lenders, brokerages, and companies that service the financial sector. We’ll look at all of these and note the differences in the data, starting with the largest category, banks.
Cyberattack Incidents at Banks
Banks are the largest segment in the 2018-2020 financial services incident data, representing 40% of the records. Out of financial services organizations, banks saw more DoS attacks (41%), which is five points above the average of 36%. However, they also saw fewer password login attacks (41%), which was five points below the average of 46%. One possible reason for this is that banks have better antibot controls in place, which mitigate password login attacks, and thus see fewer attacks than the average financial organization. Web attacks make up 6% of the reported bank security incidents, which is on par with the average.
Of the password login attacks against banks, the majority of incidents were reported as brute force (77%), with the remainder (23%) reported as credential stuffing botnet attacks. The DoS attacks that could be classified were mostly web application, or layer 7, attacks (36%), followed by network volumetric attacks (24%) and DNS DoS (14%) attacks, with the rest uncategorized.
Cyberattack Incidents at Large and Small Banks
We had enough data to do a significant breakout by bank size, as shown in Figure 2. Using a bank asset size of USD $100 billion as a divider between large and small banks, we found that large banks reported more DoS attacks. Of all the incidents larger banks reported, 44% were DoS, while only 37% of incidents at smaller banks were noted as DoS. This is reversed for password login attacks, with smaller banks seeing a higher proportion (48%), while larger banks saw only 36%. Reported web attack incidents were nearly the same—large banks 6% and small banks 7%.
Source link
lol
A wide variety of organizations fall under financial services, including banks of varying sizes, credit unions, insurance companies, government-sponsored financial institutions, stock exchanges, investment funds, payment processors, consumer finance lenders, brokerages, and companies that service the financial sector. We’ll look at all of these and note the differences in the data, starting with the largest…
Recent Posts
- QNAP pulls buggy QTS firmware causing widespread NAS issues
- N-able Exec: ‘Cybersecurity And Compliance Are A Team Sport’
- Hackers breach US firm over Wi-Fi from Russia in ‘Nearest Neighbor Attack’
- Microsoft rolls out Recall to Windows Insiders with Copilot+ PCs
- Five Companies That Came To Win This Week