According to FS-ISAC, retail banking was the top target, accounting for 41% of the attacks, followed by exchanges at 15% and payments at 13%.
12 Feb 2021 – added references to NZX and Bloomberg
More than 100 financial services firms were the targets of a wave of DDoS extortion attacks conducted by the same threat actor last year, according to FS-ISAC (Financial Services Information Sharing and Analysis Center).
The industry consortium said the threat actor sent extortion notes threatening to disrupt the firms’ websites and digital services, methodically moving across jurisdictions in Europe, North America, Latin America, and Asia Pacific, and hitting dozens of institutions within weeks.
The targets included banks, fintechs, exchanges, card issuers, payments companies, insurance companies, credit bureaus, asset managers, money transfer companies, and payroll companies.
Retail banking was the top target, accounting for 41% of the DDoS attacks, followed by exchanges at 15% and payments at 13%. Geographically, North America accounted for 43% of the attacks, followed by EMEA at 38% and Asia at 15%.
While FS-ISAC did not identify the firms that were attacked, it is understood that the attacker was responsible for the four-day trading halt at NZX in August 2020.
FS-ISAC credits its members’ willingness to share cyber intelligence with mitigating the impact and threat for the financial services industry. “Members were able to keep up with the rapid pace of attacks using the FS-ISAC Intelligence Exchange’s secure chat and intelligence sharing capabilities, which enables industry collaboration and discussion in real time.”
The targeted firms all received some form of payment demand to avoid the attacks. FS-ISAC told Bloomberg that none of the members of its intelligence-sharing network paid a ransom and that some of the targeted firms experienced a few minutes of downtime.
The Intelligence Exchange platform was launched in May 2020 to facilitate the sharing and consumption of actionable cyber threat intelligence across the financial services sector.
To increase industry-wide cross-border cyber intelligence sharing, FS-ISAC says it is launching a ‘Global Leaders’ awards programme, which will seek to recognise members who actively share cyber intelligence and best practices to help defend against cyber threats.
“Today’s cyber criminals know no borders. An attack on a bank in Asia could be a harbinger for an attack on an insurance company in the US, a stock exchange in Latin America, or a fintech in Europe,” said Teresa Walsh, Global Head of Intelligence at FS-ISAC.
“This wave of attacks has shown how critical global cyber intelligence sharing is. Members sharing specific details of attacks enable other members to prepare and defend against them, lowering the return on investment for threat actors. Our Global Leaders program builds on these network effects by elevating those who share to benefit the entire community.”
More information about the Global Leaders programme is available here.