COVID-19 Blamed for 238% Surge in Cyber Attacks Against Banks

2nd June 2020

Disarray caused by the pandemic has become a breeding ground for financially-motivated attacks. The coronavirus pandemic has been connected to a 238% surge in cyber attacks against banks, new research claims.

On Thursday, VMware Carbon Black released the third edition of the Modern Bank Heists report, which says that financial organisations experienced a massive uptick in cyber attack attempts between February and April this year, the same months in which COVID-19 began to spread rapidly across the globe.   

The cybersecurity firm’s research, which includes input from 25 CIOS at major financial institutions, adds that 80% of firms surveyed have experienced more cyber attacks over the past 12 months, an increase of 13% year-over-year. 

VMware Carbon Black data already indicates that close to a third – 27% of all cyber attacks target either banks or the healthcare sector. 

An interesting point in the report is how there appears to have been an uptick in financially-motivated attacks around pinnacles in the news cycle, such as when the US confirmed its first case of COVID-19. 

In total, 82% of chief information officers contributing to the report said that alongside a spike in attacks, techniques also appear to be improving including the use of social engineering and more advanced tactics to exploit not only the human factor but also weak links caused by processes and technologies in use by the supply chain.

The use of Kryptik and Emotet malware families is frequent, as well as Obfuse, CoinMiner, and Tiggre. Ransomware attacks against the financial sector increased roughly 9x from the beginning of February to the end of April 2020. Those surveyed said that attempts at destruction, not just information theft, are becoming more common. 

Island-hopping has also been experienced by 33% of those surveyed. This form of attack involves threat actors moving through a supply chain starting at a weak link with the overall goal of reaching a connected financial institution. This may be achieved by methods such as compromising and then moving through networks, watering hole attacks, or business email compromise (BEC).

In addition, 64% of organisations have reported a 17% increase in wire fraud attempts. 

“When combined with a steady commercial growth of mobile devices, cloud-based data storage and services, and digital payment systems, cyber criminals today have an ever-expanding host of attack vectors to exploit,” commented Jonah Force Hill, senior cyber policy adviser and CIAB executive director. “Every organisation providers of financial services, in particular — must remain vigilant in the face of these evolving threats. It is critical that organisations maintain a continuous dialogue with law enforcement to ensure a rapid response in the event of an incident.”