Cyber criminals are adapting their methods to include spear phishing campaigns, account impersonation and takeovers of remote onboarding and meetings.
The financial sector has been a primary target of hackers during the Covid-19 pandemic raising the likelihood of severe disruption, according to the Bank for International Settlements (BIS).
A BIS bulletin on January 14 warned that the surge in homeworking during the pandemic has increased the exposure financial firms have to cyber risk. As a result, the BIS felt it necessary to reiterate the risks from cyber attacks and to publish its findings.
It said the causes and methods behind cyber attacks vary with some being intentional while others are unintended incidents. Those falling into the incidental category, such as accidental data disclosures and processing errors, are frequent, the BIS said. By contrast, around 40% of cyber incidents are intentional, malicious and therefore deliberate.
One type of attack highlighted by the bulletin is known as a “zero-day exploit”, which is an attack against a software or hardware vulnerability that has been discovered but not publicly disclosed.
The threat posed by cyber attacks to the financial sector has never been greater and Covid-19 has made this cat-and-mouse game even more difficult
A zero-day exploit can see customers and vendors of IT assets also attacked with no predefined detection signatures or remedial patches available. The BIS said the situation is exacerbated by commercial firms conducting research to sell zero-day exploits on the open market.
Another type of cyber attack involves a distributed denial of service where servers are flooded with traffic to exhaust bandwidth.
Remote access responses
In response to such threats, there has been an increase in the use of remote access technologies such as the remote desktop protocol and virtual private network, which rose by 41% and 33%, respectively, in the first two months of the Covid-19 outbreak.
“The threat posed by cyber attacks to the financial sector has never been greater and Covid-19 has made this cat-and-mouse game even more difficult,” said Brett Lancaster, head of the customer security programme at Swift.
“As the BIS report shows, staff have been staying away from their secure office environments and working remotely, mostly from home and organisations have had to accept additional security risks. Meanwhile, cyber criminals are adapting their methods to include spear phishing campaigns, account impersonation and takeovers of remote onboarding and meetings, creating new challenges.”
Mr Lancaster explained that the situation prompted the European Central Bank to establish the Euro Cyber Resilience Board for pan-European Financial Infrastructures information sharing working group, chaired by Swift. He said it was the first time that major financial infrastructures, Europol and the European Union Agency for Cybersecurity have jointly taken steps to share cyber threat information across major European infrastructures.
This article first appeared in The Banker’s sister publication Global Risk Regulator.
