Since at least the middle of last year, online attackers have been increasingly targeting the financial services sector.
So warns John Fokker, principal engineer and head of cyber investigations for the Advanced Threat Research group at cybersecurity firm Trellix. He says Trellix's latest threat assessment found a 22% increase in ransomware attackers and a 37% increase in APT detections in Q3 of last year, compared to the prior quarter.
Fokker also says more victims have been coming to light, thanks in part to a Ukrainian security researcher leaking Jabber chat logs of the approximately 100 employees of the Conti ransomware operation. Those logs have better revealed not just how the group functions but also the identity of organizations that quietly paid a ransom after being crypto-locked by Conti, perhaps in part to try and avoid the public ever learning of the security incident.
Fokker says: "You can put your cyber skeletons in the closet but, just like in normal life, they tend to come out."
In this video interview with Information Security Media Group, Fokker discusses:
- How targeted attacks on financial services have recently increased - via ransomware, other malware, APT groups - and the risks that poses;
- The cybersecurity impact of both Russia's invasion of Ukraine and the potential fallout from sanctions being imposed on the country;
- How the financial services sector must respond.