Cyberattacks at Banks and Financial Services Organizations | F5 Labs

2024 Cybersecurity Predictions


A wide variety of organizations fall under financial services, including banks of varying sizes, credit unions, insurance companies, government-sponsored financial institutions, stock exchanges, investment funds, payment processors, consumer finance lenders, brokerages, and companies that service the financial sector. We’ll look at all of these and note the differences in the data, starting with the largest category, banks.

Cyberattack Incidents at Banks

Banks are the largest segment in the 2018-2020 financial services incident data, representing 40% of the records. Out of financial services organizations, banks saw more DoS attacks (41%), which is five points above the average of 36%. However, they also saw fewer password login attacks (41%), which was five points below the average of 46%. One possible reason for this is that banks have better antibot controls in place, which mitigate password login attacks, and thus see fewer attacks than the average financial organization. Web attacks make up 6% of the reported bank security incidents, which is on par with the average.

Of the password login attacks against banks, the majority of incidents were reported as brute force (77%), with the remainder (23%) reported as credential stuffing botnet attacks. The DoS attacks that could be classified were mostly web application, or layer 7, attacks (36%), followed by network volumetric attacks (24%) and DNS DoS (14%) attacks, with the rest uncategorized.

Cyberattack Incidents at Large and Small Banks

We had enough data to do a significant breakout by bank size, as shown in Figure 2. Using a bank asset size of USD $100 billion as a divider between large and small banks, we found that large banks reported more DoS attacks. Of all the incidents larger banks reported, 44% were DoS, while only 37% of incidents at smaller banks were noted as DoS. This is reversed for password login attacks, with smaller banks seeing a higher proportion (48%), while larger banks saw only 36%. Reported web attack incidents were nearly the same—large banks 6% and small banks 7%.



Source link
lol

A wide variety of organizations fall under financial services, including banks of varying sizes, credit unions, insurance companies, government-sponsored financial institutions, stock exchanges, investment funds, payment processors, consumer finance lenders, brokerages, and companies that service the financial sector. We’ll look at all of these and note the differences in the data, starting with the largest…

Leave a Reply

Your email address will not be published. Required fields are marked *