Skip to content

Search the site

Financial services "most attacked" as hacker dwell time dwindles, tactics change

"The second most prevalent vulnerability was CVE-2022-21587, a critical unauthenticated file upload vulnerability in Oracle E-Business Suite..."

With 36% of cyber attacks being financially motivated, where better for hackers to target than financial services? Mandiant’s new M-Trends 2024 report on intrusion activity shows that the incident response firm was called out most often to incidents involving the financial sector. 

Professional services followed as key targets, the report showed. Critically it noted that the pace of activity is faster than ever: i.e. organisations either detected ransomware or received a ransom demand within five days of initial intrusion in 2023, down almost half from nine days in 2022.

“The financial sector is grappling with an escalating onslaught from cybercriminals,” said Tony Woodhams, Head of Capital Markets for Alvarez and Marsal – with the IMF earlier this month noting that “the financial sector is uniquely exposed to cyber risk” and that attacks could, “extreme cases, lead to market selloffs or runs on banks.”

The report follows several high-profile ransomware attacks on financial services firms, including an attack on EquiLend's NGT platform (which executes $2.4 trillion of securities transactions each month) that took it offline for several weeks earlier this year.

See also: Europe's banks steel themselves for a tough ECB cyber resilence test after blistering criticism

The most common initial infection vector (when identified). Credit: Mandiant.

Attackers are adjusting their tactics, techniques and procedures (TTPs) the M-Trends report also showed; a challenge for defenders. Hackers are increasingly exploiting zero day vulnerabilities and whilst phishing use has somewhat declined, in intrusions where the initial intrusion vector was identified, 38% of intrusions started with an exploit, Mandiant said; up 6%.

"The most prevalent vulnerability Mandiant investigators observed in 2023 was CVE-2023-34362, an SQL injection vulnerability in MOVEit Transfer that Mandiant rated as high risk.

"The second most prevalent vulnerability was CVE-2022-21587, a critical unauthenticated file upload vulnerability in Oracle E-Business Suite. The third most prevalent vulnerability in 2023 was CVE-2023-2868.

"CVE-2023-2868 is a critical command injection vulnerability in Barracuda Email Security Gateways (physical appliances). These vulnerabilities were heavily exploited by attackers, and notably the first and third most targeted vulnerabilities were related to edge devices," Mandiant added.

In KPMGs 2023 Banking CEO Outlook report they state that 54% of CEOs of banks have confidence in being prepared for a cyber-attack, dropping 12% since 2022. This reportedly being because of increased sophistication of attackers, lack of investment and shortage of skilled personnel. 

See also: US Treasury confirms $9 billion ICBC ransomware impact