IBM: Financial services industry bombarded by malware, security threats

IBM X Force says financial services are targeted 65% more by cyber-attacks than the average organization


The financial services industry is the target of a whopping 65% more targeted cyber-attacks than the average business, according to security watchers at IBM’s X Force.

The number of financial services records breached skyrocketed 937% in 2016 to more than 200 million. Financial institutions were forced to defend against a 29 percent increase in the number of attacks from 2015, IBM stated.

+More on Network World:  IBM: Tax-related spam up 6,000% since Dec.; Darkweb tactics net billions+

“While the financial services industry was targeted the most by cyber-attacks in 2016, data from the IBM X-Force Threat Intelligence Index shows it ranked third by industry for the number of breached records - likely due to investments in security practices,” IBM stated.

Some of the key points of the IBM report:  

  • Among the top five targeted industries—retail, healthcare, manufacturing, financial services, and information and communications—the 2017 IBM X-Force Threat Intelligence Index reveals that in 2016 the financial services industry experienced the highest level of threat from inadvertent actors. It’s useful to think of an inadvertent actor as a compromised system carrying out attacks without the user being aware of it. Often it happens when a desktop client is compromised via malicious email attachments, clickjacking or phishing, or vulnerable computer services that have been attacked from another internal networked system.
  • In looking at ways the financial services sector was attacked in 2016, the report found that the industry was more affected by insider attacks (58%) than outsider attacks (42%).
  • IBM X-Force found that some countries experienced a marked increase in financial cybercrime in 2016. Cybercriminals sharpened their focus on business bank accounts by using malware such as Dridex, Neverquest, GozNym and TrickBot to target business banking services.
  • According to IBM, the number one attack vector, involving the use of malicious input data to attempt to control or disrupt a system, targeted 51% of the financial services clients monitored by IBM X-Force. That figure was notably higher than the cross-industry average of 42%. Command injections, which include operating system command injection (OS CMDi) and SQLi, belong in this category. OS CMDi is also known as “shell command injection,” after which the now infamous and widely prevalent.
  • IBM X-Force researchers recently identified TrickBot malware campaigns targeting the less common brands in the industry, like private banks, wealth management,  and high value account types, indicating this ambitious malware gang plans on attacking in new territory.

Check out these other hot stories:

Juniper finds its head in the clouds; security is another story

Juniper takes a swipe at Extreme’s network buying spree, plans

Cisco switch taps into Time Sensitive Ethernet; software bolsters industrial network mgmt.

Pluribus recharges, expands software-defined network platform

Cisco Jasper package manages everything enterprise mobile

DARPA opens massive “Colosseum” to develop radical wireless applications

Cisco issues 7 “high priority” security advisories; Firepower, IOS and ASA issues among them

Ethernet evolution: Broadcom switches offer Time Sensitive Ethernet

Cisco certifications target business professionals eyeing software roles

DHS warns on immigration spoofing scam

Computing pioneer Robert Taylor dies

Avaya files Chapter 11 reorg plan, reduces debt by $4 billion

Cisco runs out two “critical” security warnings for IOS, Apache Struts (again)

Copyright © 2017 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022