The Changing Landscape of Cyber Threats in Financial Services
A recent report by CrowdStrike highlighted the increasing threat posed by cyber attackers to the financial services sector. Interestingly, the attacker who targeted the most financial services organizations in the past year did not resort to phishing for passwords. Instead, they employed social engineering tactics, such as calling IT support lines, convincing employees to reset their multifactor authentication (MFA), and registering their own devices on the network.
The report identified Mutant Spider as the most active threat to financial services, with their primary technique being voice phishing over Microsoft Teams. By impersonating internal IT support, the group was able to manipulate employees into resetting their credentials and MFA, granting them access to corporate networks. This approach circumvented traditional security measures, highlighting the need for enhanced security protocols.
Another concerning development highlighted in the report was the rise of platforms like Kali365, a phishing-as-a-service platform available for as little as $250 a month. This platform exploits Microsoft 365 OAuth tokens, granting attackers persistent access to sensitive information without triggering additional MFA prompts.
The Verizon Data Breach Investigations Report echoed these findings, indicating a shift in breach initial access vectors from credential theft to vulnerability exploitation. This structural shift in cyber threats emphasizes the importance of reevaluating security strategies within the financial services sector.
Addressing the Evolving Threat Landscape
Security directors are urged to conduct an MFA Bypass Exposure Audit to identify vulnerabilities in their environment. The audit highlights key attack surfaces, confirmed events, gaps in MFA protection, and recommended actions to mitigate these risks.
It is essential for organizations to adapt to these evolving threats by implementing out-of-band verification for all MFA resets, utilizing FIDO2 hardware keys, and establishing callback procedures on separate channels. Restricting device code flows and monitoring OAuth refresh token usage are crucial steps in enhancing security measures.
Furthermore, the report emphasizes the need for a shift in security budget allocation towards token monitoring, session validation, and identity verification for resets. Traditional approaches to security may no longer suffice in the face of sophisticated cyber threats targeting financial institutions.
Conclusion
The evolving cyber threat landscape in financial services underscores the importance of proactive security measures. By understanding and addressing the vulnerabilities highlighted in reports like those from CrowdStrike and Verizon, organizations can better protect themselves against cyber attacks. It is crucial to stay informed about emerging threats, adapt security protocols accordingly, and allocate resources effectively to mitigate risks in an increasingly digital world.
