Trustwave's 2024 Financial Services Threat Reports Highlight Alarming Trends in Insider Threats & Phishing-as-a-Service. Learn More

Trustwave's 2024 Financial Services Threat Reports Highlight Alarming Trends in Insider Threats & Phishing-as-a-Service. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Trustwave SpiderLabs Research: Phishing Behind 49% Attacks Against Financial Institutions

The 2024 Trustwave Risk Radar Report: Financial Services Sector underscores the escalating threat landscape facing the industry.

Deepfakes, highly realistic synthetic media, and the increasing adoption of cryptocurrencies are providing cybercriminals with new avenues to compromise financial institutions. These emerging threats are augmenting the already prevalent ransomware and phishing campaigns, creating a complex and dynamic threat environment.

Building upon the insights from the 2023 Financial Services Sector Threat Briefing and Mitigation Strategies, Trustwave SpiderLabs delves into the distinct challenges confronting the finance industry. It identifies key trends, such as the growing sophistication of cyberattacks and the increasing reliance on digital constructs such as cryptocurrency, that are driving the evolution of threats.

The report offers an in-depth examination of the strategies cybercriminals employ throughout different phases of their attacks, from reconnaissance and targeting to exploitation and exfiltration.

Additionally, the primary report is supplemented with two companion documents from the elite Trustwave SpiderLabs:

The Insider Threat research examines in detail how organizations often overlook these threats in their overall security posture and the danger they pose as these individuals already have access to critical systems, making it easier to bypass traditional security measures. This focused report delves into what motivates a malicious insider and notes how retribution and not financial gain is sometimes the goal behind these threats.

The accompanying Phishing-as-a-Service (PaaS) report discusses how this trend has emerged as a major cybersecurity threat to the financial sector. PaaS is part of the overall "Cybercrime-as-a-Service" model, which offers sophisticated phishing tools and services that can be accessed through underground forums and Telegram marketplaces, enabling attackers with low technical skills to launch highly advanced attacks.

Key findings from across the new research series on the financial services sector from Trustwave SpiderLabs include:

  • 24% of ransomware attacks against the financial sector were by ALPHV
  • 49% of attacks against financial institutions originated from phishing
  • 20% of ransomware attacks in the sector were against banking institutions
  • 65% of ransomware attacks targeting financial services were in the US
  • 37% of phishing emails in the industry contained HTML attachments
  • 73% of credential access techniques were brute-force attempts

 

Evolution of Emerging Technology: Cryptocurrency and Deepfakes

The Trustwave SpiderLabs researchers behind the 2024 Trustwave Risk Radar Report: Financial Services Sector diagnosed how threat actors are no longer just relying on tried-and-true tactics like ransomware but are using new techniques and technology to attack this sector.

For the financial services sector, the evolution of cryptocurrencies and the rise of deepfake technology represents a double-edged sword. While these innovations offer enhanced efficiency and new avenues for growth, they also introduce significant security risks that require proactive and sophisticated responses.

Cryptocurrency has evolved from a niche financial product into a mainstream asset class, with increasing integration into traditional financial systems. This integration opens new attack vectors, including the theft of digital assets and hacking of cryptocurrency exchanges.

Deepfake technology, meanwhile, presents an emerging threat in the form of highly convincing but fabricated digital content. Threat actors can use this fraudulent content to deceive individuals and organizations, undermining trust and facilitating fraud.

The 2024 Trustwave Risk Radar Report: Financial Services Sector highlights the intensifying cyber threats targeting the financial services industry. With cybercriminals increasingly setting their sights on this sector, the urgency for robust and forward-thinking security strategies is at an all-time high.

The series of reports from Trustwave SpiderLabs shed a light on the advanced tactics being employed, such as phishing-as-a-service and threats from within, offering an in-depth examination of their effects on financial entities.

ABOUT TRUSTWAVE

Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.

Latest Intelligence

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo