Security company Trustwave said hackers have been breaching businesses’ networks by crafting convincing phishing emails with generative AI.
Hackers eye financial businesses for payday, says cyber expert
The financial services industry is ripe for cyber attacks and hackers armed with AI are exploiting its weak points, according to security company Trustwave.
A Trustwave report, 2023 Financial Services Sector Threat Landscape, found hackers favoured using AI to craft sophisticated phishing attacks against financial services organisations, and that it was “highly unlikely” attacks would slow down.
Hackers considered financial services “one of if not the highest value” industries, the report said, due to the financial rewards of a successful attack. Data breaches cost financial firms an average of $US5.9 million ($9.2 million) in 2023, compared to an average of $US4.4 million.
In addition to money, financial services made attractive targets due to the volumes of data they used, including personal data such as sensitive health information from insurers.
The report, based on data from Trustwave’s global client base, found hackers still used traditional methods to compromise networks, but they were becoming more sophisticated.
“The methods may be old but threat actors have continued to refine and update their techniques to stay ahead in the cyber security arms race,” it said.
Hackers tended to follow a specific “attack flow”, which started from an initial security bypass to escalation, compromise and the extraction or destruction of valuable data.
Phishing, where hackers sent scam emails to induce people into revealing sensitive information or installing malware, was one of the most effective methods hackers used to gain a foothold in financial services organisations, the report said.
Trustwave found that the brands most spoofed in phishing attacks were American Express at 8 per cent, DocuSign at 10 per cent, and Microsoft at 52 per cent.
Hackers have also been using AI and large language model (LLM) technology to craft more convincing phishing emails.
“The quick maturity and expanded use of LLM technology makes crafting these emails easier, more compelling, highly personalised, and harder to detect,” it said.
“WormGPT and FraudGPT can craft convincing phishing emails without many of the red flags that we teach users to identify phishing emails by including items like picking out misspellings, grammar mistakes, and general clumsiness of writing that may indicate that the author is not a native speaker.”
Hackers were also exploiting the industry’s interconnectedness by gaining footholds into financial organisations through their suppliers and third parties.
“Cyber criminals often target these third parties as a strategic manoeuvre – if they successfully breach a third-party vendor, they can gain access to the targeted company’s data.”
“The industry’s infrastructure depends on third-party code, APIs, vendors, support providers and other managed services … Trustwave has seen a sharp rise in successful attacks due to third-party software and services, including high-profile, supplier-based attack vectors”
Once a network had been breached, Trustwave found a “continuing rise” in ransomware incidents directly targeting the financial services sector because organisations often struggled to maintain proper data inventories and enforce security hygiene.
To thwart cyber criminals, Trustwave suggested businesses take preventative measures and centre mitigation strategies around hackers’ attack flow.
To prevent hackers from gaining an initial foothold, the report recommended conducting mock phishing tests and frequently rotating passwords. Regular audits of applications should be conducted to detect vulnerabilities and system logs monitored to pick up abnormal traffic that could be a sign of a malware infection.
Chief information security officer Kory Daniels said a business’s ability to defend its networks would be key to earning the trust of customers as the number of cyber attacks surges.
"In a highly competitive B2B and B2C financial services industry, cyber security’s role in earning and sustaining consumer trust is paramount as a competitive differentiator,” he said.
“For financial institutions, it isn’t just about protecting data, it's about safeguarding the financial wellbeing and peace of mind of customers, partners, and investors.”
Comments powered by CComment