Banks are attacked by insider traders, supply chains remain vulnerable and counter incident response is on the rise. A new report by VMware sheds light on cybersecurity in the financial sector.

VMware surveyed more than 100 security decision-makers in financial institutions worldwide. Roughly half saw an increase in wire transfer fraud. 54 percent fell victim to a destructive cyberattack, double the rate of last year. According to VMware, the increase is due to a spike in counter incident response. Cybercriminals are learning how to deal with the measures taken by security teams, which necessitates destructive attacks on systems and security tools.

Interestingly, just over half of organisations experienced attacks on market intelligence. Some banks hold data on the strategies of customers and shares. Cybercriminals can misuse the data for insider trading on stock exchanges. VMware emphasises that cybercriminals are targeting the devices of portfolio managers, which typically hold the most market intelligence.

Island hopping and supply chain attacks

38 percent of respondents saw an increase in island hopping, wherein an organisation’s supply chain is abused to attack from within. These attacks increased by 13 percent. According to VMware, crime groups are researching the dependencies of financial organizations to find weaknesses. Think of a subcontractor who isn’t monitored by a security service provider, but remains trusted by a financial institution.

The stats are in line with a recent survey by BlueVoyant. 97 percent of organizations said they fell victim to a cyberattack originating from a supply chain vulnerability. In early April, eight Dutch housing corporations were victimized after an attack on their IT service provider, The Sourcing Company. In January, crime group Lapsus$ caused a data breach at Okta after a break-in at a partner’s office.

API security service provider Salt Security recently discovered an API vulnerability in a popular fintech platform. The platform was connected to several large American banks. A single vulnerability made it possible to plunder customers’ bank accounts and transaction data.