Dr. Suleyman Ozarslan
March 24, 2022
Although almost every business is a potential victim of cybercrime, cyber threat actors usually select their victims based on two criteria: maximum revenue and maximum impact. Financial institutions, such as banks and financial services, are prime targets for cybercriminals since they fulfill these two criteria. Organizations in the finance industry keep highly critical and valuable data electronically, from credit cards and deposit information to estates, wills, titles, and other sensitive data, and routinely handle trillions of dollars. Besides, their continuous digital transformation efforts, the complicated regulatory environment, the complex supply chain ecosystem, and the hybrid workspace practices accelerated by COVID-19 are increasing the opportunity for cybercriminals to obtain and monetize that data. As a result, cyber threat actors are targeting the financial sector excessively.
Although organizations in the finance sector have been concerned about cybersecurity breaches for a long time, they are now even more concerned since cyber threats now pose even greater operational and reputational risks. So what should IT and security leaders do?
First of all, they need to understand the most significant threat vectors, allowing them to prioritize cybersecurity initiatives with the highest return on investment and create a successful cybersecurity plan. Ransomware, phishing, web application and vulnerability exploitation attacks, denial of service (DoS) attacks, insider threats, and attack campaigns of the nation-state and state-sponsored threat actors and Advanced Persistent Threat (APT) groups are the most prevalent threats that financial institutions face in 2022.
Then, financial institutions must improve their defenses to mitigate these ever-evolving threats. Although they have spent millions of dollars and deployed multiple levels of defense across their infrastructure, the missing component is the effective use of security controls. It is crucial to continuously measure the effectiveness of their overall IT security infrastructure against real-world cyberattacks to stay one step ahead of threat actors. IT and security leaders need to adopt the security control validation approach that enables businesses to assess and verify their cybersecurity posture and overall cyber resilience and validate that security controls successfully mitigate cyberattacks.
Financial institutions (FIs) have historically been at the center of enterprise cybersecurity, considering the massive amounts of cash and customer data they process. Moreover, the financial, regulatory, and reputational implications of cyberattacks require FIs to invest in cybersecurity.
From 2015 through 2020, finance and insurance is the most targeted industry by cyber criminals globally .
Research by IBM X-Force also shows that 70% of the attacks on FI firms targeted banks, 16 percent targeted insurance companies, and 14 percent targeted other financial institutions in 2021 . BCG's report shows that financial services (FS) are 300 times more likely to be the victim of a cyberattack than other organizations .
Organizations in the finance sector are highly concerned about cyber threats. According to a survey conducted by the Conference of State Bank Supervisors (CSBS) in September 2021, cybersecurity risk was rated “extremely important” by more than 80% of bankers as the top internal risk, more than double any other category of operational risk, and more than the 60% reported the previous year .
Of course, there are numerous reasons for this risk perception. For example, cybersecurity threats pose both operational and reputational risks. A cyberattack may harm or completely disrupt a financial institution's ability to conduct business (operational risk). Moreover, customers may lose trust and move their business elsewhere because of the cyberattack (reputational risk).
The average cost of cybercrime for financial services is 40% higher than all other sectors .
In this blog, first, we will explain the challenges of being resilient against cyberattacks against financial institutions. Then, emerging cyber threats for financial institutions in 2022 are discussed with data from past incidents. Finally, this blog reveals the need for a threat-centric approach to learn from threats and adapt defenses against them. It also explains how financial institutions can proactively mitigate risk in the organization's expanding digital ecosystem with an innovative threat-centric approach - security control validation.
Challenges in Cybersecurity of Financial Industry
Understanding the challenges that increase cyber risks faced by the financial industry is crucial to be resilient against cyber threats. These challenges are linked with each other and required to be addressed in a holistic approach.
1. Continuous Digital Transformation and Innovation: Financial institutions adopt emerging technologies such as cloud computing, artificial intelligence, and digital services. The majority of FIs are increasingly utilizing cloud-based software to increase information processing, fraud detection, and financial analytics capabilities. Meanwhile, the COVID-19 pandemic accelerated the transition of the industry's IT infrastructure (digital transformation) of financial institutions and the emergence of virtual banks and financial services. As a result of digital transformation, organizations now operate more and more new applications, devices, and infrastructure components that increase the attack surface. All of these factors contribute to a rise in cybersecurity risks for FIs and their customers.
While the growth of new technologies in the finance industry has a significant impact on the industry's risk profile, they can also positively affect risk management, such as improving cybersecurity and compliance controls.
2. Complicated Legislations and Regulations: Financial institutions have become more reliant on technology and data to deliver products and services to clients, so they are increasingly confronted with an evolving regulatory environment. State, federal, and international regulators have responded to the increase in financial services cyber threats by establishing new rules governing the financial services organizations they regulate. FIs are increasingly regulated in many countries, with constantly changing data protection and privacy standards, as well as cybersecurity requirements. For example, more than 30 cybersecurity regulations have been implemented in the United States alone since the publication of the National Institute of Science and Technology's (NIST) Cybersecurity Framework in 2014 .
While regulations are useful, complying with them can be expensive and time-consuming. According to research conducted by the Banking Policy Institute's technology division (BITS), CISOs spend 40% of their time resolving numerous regulatory agency requirements . Moreover, the complex regulatory environment results in stricter enforcement and increased regulatory expenses and fines. For example, Capital One was fined $80 million by the US government in August 2020 for failing to identify and manage cyber risk, which resulted in a massive data breach in 2019 . More recently, in late December 2021, Capital One announced a $190 million settlement with a class-action lawsuit for a massive hack of the bank's cloud network on Amazon Web Services in 2019 that resulted in the theft of personal data from 100 million clients .
3. Complex Supply Chain Ecosystem: Most financial institutions rely on third-party service providers to fulfill their digital operations. Even if the FI's own security systems are very resilient against cyberattacks, third-party service providers may represent a weak link in the chain of cybersecurity. Threat actors are increasingly targeting software vendors and then delivering malicious code to customers in the supply chain via product downloads or updates that seem to be legitimate. These attacks compromise software distribution systems and allow threat actors to get access to the networks of the supplier's customers.
The SolarWinds breach, one of the most significant attacks in recent times, was a supply chain attack . Attackers gained access to SolarWinds' network and infected its management software with malware to target thousands of companies, including banks and government agencies. The SolarWinds breach serves as a powerful reminder of the financial services sector's potential vulnerability to cyberattacks and disruptions as a result of their reliance on third-party suppliers and service providers over whom they have little or no control over cybersecurity. Cybersecurity risks created by third-party suppliers are expected to become a more significant issue in the future as regulators place a greater emphasis on business continuity and operational resilience.
4. Hybrid Workplace: The recent changes to the ways of working accelerated by COVID-19, such as the hybrid workspace combining in-office and remote employees, have increased organizations' risk. As the pandemic enters its third year, remote work, hybrid workforces, and cloud-based software technologies have become practically ubiquitous. Businesses were forced to rapidly adopt new technologies that enabled remote access, communication, and collaboration. As a result, hybrid workplace environments increase the complexity of IT systems, broaden the attack surface, and bring new cyber risks and threats.
Emerging Cyber Threats for Financial Institutions
Numerous data breaches have impacted banking and finance throughout the years. However, there is a bright spot. Understanding the offensive security mindset of attackers is key to building a solid defense. These cases have assisted businesses in strengthening their defensive capabilities and learning from past failures. Analyzing the past cybersecurity incidents, security professionals can identify top threat vectors to prioritize cybersecurity investments with the highest ROI and build an effective cybersecurity plan. Attack vectors used in recent cyber incidents also allow us to make predictions about emerging cyber threats in 2022.
According to a recent report, the banking industry experienced a 1,318 percent increase in ransomware attacks in 2021 . Ransomware is a type of malware that prevents or limits users from accessing their system or data and threatens to publish or sell the stolen data until the victim pays a ransom fee to the attacker.
According to Trellix, the Banking/Financial sector accounted for 22% of total ransomware attacks in Q3 2021 . Therefore, ransomware has evolved into a widespread and well-known threat to organizations worldwide for several years and does not seem to be fading away anytime soon. As the main reason for ransomware proliferation, ransomware is a high-profit, low-risk business for threat actors. Moreover, the technical entry barrier to ransomware business is very low for cybercriminals because of Ransomware as a Service (RaaS) and Initial Access Broker (IABs) trends.
Initially, ransomware prevented organizations from accessing their data by encrypting files in the infected systems and holding the decryption key for ransom to extort money. Victims pay a ransom fee to recover access to encrypted data in this single extortion method. However, most financial institutions adapted to file encryption attacks by improving their data backup procedures. There is no reason to pay the ransom if you can just recover your own data from backups. The ransomware gangs responded with exfiltrating critical data before encrypting it and then threatening to leak or disclose it if the ransom is not paid. That is not a problem that can be resolved through backup recovery. According to the Coveware 2021 report, over 80% of ransomware attacks involve data exfiltration in addition to file encryption . Threatening with the combination of encryption and data exfiltration is double extortion. Note that the ransomware threat actor is under no responsibility to remove the stolen data regardless of whether a ransom is paid.
In addition to encryption and data exfiltration, cybercriminals utilize other extortion methods, such as threatening to disrupt operations with denial of service (DoS) attacks, threatening to contact the victim financial institution's clients and stakeholders, and threatening to sell sensitive data to competitors . In November 2021, the FBI warned that ransomware actors are very likely to target and leverage victim organizations through significant financial events such as mergers and acquisitions . Prior to launching an attack, ransomware attackers conduct research into publicly available information, such as the stock valuation of a victim and material nonpublic information. If victims do not pay the ransom on time, ransomware attackers threaten to expose this information, potentially triggering investor backlash publicly.
As a result of new extortion methods, ransomware attacks have a massive impact on financial firms, including business downtime, revenue loss, reputational loss, data loss, and public release of sensitive information. For example, UK-based insurance firm, One Call, was the victim of a ransomware attack by the Darkside gang in May 2021; the same ransomware group extorted US gasoline network Colonial Pipeline . Cybercriminals demanded £15 million from Once Call and threatened to disclose the company's data, including client information such as passwords and bank details, if the demand was not satisfied. In the same month, two ransomware gangs, DarkSide and Ragnar Locker, have provided evidence of successfully breaking into the systems of three small banks in the US, stealing data, and demanding payment . They claimed that they would expose additional bank data if the ransom was not paid.
Phishing remains a common attack vector used to gain initial access to organizations ’networks. Threat actors have consistently invested significant resources to expand the phishing economy.
Attackers used the phishing technique to gain initial access in 46% of attacks against the financial services sector in 2021 .
Today, phishing is a comprehensive business, enabling criminals to use Phishing-as-a-Service (PhaaS) developments through a hosted solution. Like ransomware-as-a-service (RaaS) for running a ransomware attack campaign, attackers pay an operator for running full-fledged phishing campaigns in the PhaaS model, including spoofed sign-in page development, website hosting, phishing mail template creation, distribution of phishing emails, credential parsing, and overall orchestration. PhaaS is a game-changer in cybercrime because it eliminates several aforementioned operations, like spoofed sign-in page development and hosting. Attackers are no longer required to hack websites to host their malicious landing pages. As a result, cybercrime becomes more accessible when a ready-made Phishing-as-a-Service solution or phishing kits are used. Now, even the most novice cybercriminal may run their own phishing campaign. As an example of a phishing-as-a-service (PhaaS) operation, BulletProofLink (also referred to as BulletProftLink or Anthrax) is utilized by a variety of threat groups in one-off or monthly subscription-based business models, providing a consistent revenue stream for its operators .
The spoofed websites and sign-in pages that look identical to the bank's official website are leveraged by attackers in phishing and other social engineering techniques. Users are led to the spoofed website, where they are prompted to enter their username and password. After users enter their credentials, they are forwarded to the bank's original website. Cybercriminals cause significant financial and reputational damage after acquiring user credentials in this method.
For example, researchers detected a 300 percent rise in phishing attacks targeting Chase Bank between May and August 2021 . The XBALTI phishing kits were designed to look and behave exactly like the Chase banking portal. According to the researchers, the phishing kits were quite sophisticated and were aimed to gather information other than email addresses and passwords, such as banking and credit card information, social security numbers, and home addresses .
In September 2021, researchers discovered that the Russian-linked TA505 launched a new malware campaign known as MirrorBlast against financial institutions worldwide . The infection begins with an excel document attached to an email. The malware payload is downloaded and executed when the document is opened, and macros enabled.
3. Web Application Attacks
According to the State of the Internet / Security report for 2021, Akamai observed 6.3 billion web attacks worldwide in 2020; 12% of them are in the financial services industry alone . The most common type of web attack targeting financial services was Local File Inclusion (52%), followed by SQL Injection (33%) and Cross-Site Scripting (9%) .
Morgan Stanley, the American investment banking giant, announced a data breach on July 2, 2021, attributed to zero-day assaults on Accellion's legacy File Transfer Appliance (FTA) . The primary attack vector is a SQL injection vulnerability (CVE-2021-27101), which enables an unauthenticated user to execute remote commands on vulnerable Accellion FTA servers. By hacking into the Accellion FTA server of a third-party provider, Guidehous, attackers collected personal information belonging to Morgan Stanley's clients.
4. Vulnerability Exploitation Attacks
Vulnerability exploitation attacks enable threat actors to gain access to target networks to perform additional operations with higher privileges.
Threat actors used vulnerability exploitation attacks as the initial access vector in one of three attacks against financial institutions in 2021 .
In 2021, threats actors gained initial access to victim networks by exploiting multiple known vulnerabilities, including Java deserialization (CVE-2021-35464) and Citrix path traversal (CVE-2019-19781) vulnerabilities. Additionally, attackers gain access to target networks via zero-day vulnerabilities in high-profile attacks such as the Kaseya MSP supply-chain ransomware attack campaign and Microsoft Exchange Server incidents (CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, and CVE-2021-26855).
Four of the top five exploited vulnerabilities in 2021 were new, including the Log4j vulnerability CVE-2021-44228, which was the second most exploited vulnerability despite being disclosed only in December.
5. Distributed Denial of Service (DDoS) Attacks
Attackers use Distributed Denial of Service attacks to flood and crash a target website by overwhelming it with traffic. Threat actors generate attack traffic from various compromised computer systems, including computers and other network-connected devices. They also use off-the-shelf toolkits and DDoS-for-hire websites to perform DDoS attacks.
DDoS attacks interrupt business operations, result in significant financial losses for the victim, and pose a substantial danger to financial institutions. According to Akamai, DDoS attacks against the financial services industry increased by 93 percent between 2018 and 2020, demonstrating that criminals always have the option of causing disruptions in critical systems, services, and applications required for daily operations .
DDoS attacks increased by 110% in 2020 compared to the previous year's totals in the financial services sector .
As a recent example, in September 2021, a DDoS attack took down the websites of several New Zealand financial institutions, including Kiwibank and the national postal service . In June 2021, Fiducia & GAD IT, a German organization that operates technology for the country's cooperative banks, was targeted by a DDoS attack, impacting over 800 financial institutions across the country . From August 2020 through the end of 2021, FS-ISAC members worldwide reported threats allegedly emanating from well-known APT groups threatening a large-scale DDoS attack unless a ransom is paid . Organizations received communications from a variety of APT aliases, including the Russian actor groups Cozy Bear (APT27) and Fancy Bear (APT28), the North Korean-affiliated Lazarus Group, and most recently, a mashup of the latter two groups dubbed "Fancy Lazarus." Multiple sectors have noticed this behavior on a worldwide scale.
6. Nation-State / State-Sponsored Attacks and APTs
Three significant risks to the financial sector are nation-state attacks undertaken by foreign governments, state-sponsored attacks carried out by affiliated cybercriminal gangs, and Advanced Persistent Threats (APTs) launched by skilled APT groups. These threat actors employ many of the same attack vectors as less capable threat actors, such as phishing and ransomware, but with more technical capacity and funding.
The most Advanced Persistent Threat (APT) detections in Q3 2021 occurred in the Banking/Financial sector (37%) .
Organized cybercriminal groups collaborate and share attack tactics, techniques, procedures (TTPs), tools, and resources to compromise financial institutions, resulting in an increase in cyberattacks. Moreover, nation-state attack campaigns reflect global geopolitical tensions, which have fueled a growth in cyber activity targeting governments, militaries, and the business sector, according to the Navigating Cyber 2022 report of the Financial Services Information Sharing and Analysis Center (FS-ISAC) . For example, the war in Ukraine, ongoing protest activity in Hong Kong, and North Korea's continued missile launches could result in cyber activity against various targets in the US, the UK, and the EU, among other places. Retaliation may take the form of denial of service (DoS) attacks, spearphishing, destructive malware, or vulnerability exploitation attacks.
7. Insider Threats
Regardless of the sophisticated techniques malicious actors use to penetrate an organization's network, many security incidents are attributed to insider threats posed by current or recently departed employees and unwitted staff errors. According to a 2020 study, insider attacks are becoming more prevalent, more difficult to detect, and more harmful .
Financial services is the industry leader in insider threats (16%) .
Insiders have caused disruptions and critical data loss, whether purposeful or unintentional. For example, a New York credit union suffered a data breach caused by an insider in September 2021 . After being fired, a former employee was able to go into corporate systems and erase 21.3 GB of company data and files within forty minutes. IBM Cost of a Data Breach Report 2021 shows that malicious insiders are the third costliest attack type . According to the same report, a breach caused by a malicious insider took 23 days to identify and 75 days to contain.
The Need for a Threat-Centric Approach
As cybercriminals evolve their tactics and techniques to target the most valuable data and services, financial institutions must improve their defenses to mitigate ever-evolving threats. To accomplish this, organizations in the financial sector must implement a security strategy that includes a living People, Process, Technology (PPT) framework capable of learning from threats and adapting defenses against them - a threat-centric approach. To ensure maximum security in the case of cybercrime, banks and FIs must develop a strategic plan that not only resists an initial cyberattack with minimal impact and loss but also maintains that resilience continuously against emerging threats.
The majority of financial institutions have deployed multiple levels of defense across their infrastructure, including cyberattack prevention and detection solutions. However, these security layers are frequently siloed. The missing component is the effective use of security controls and visibility throughout the network and endpoints to identify and fix gaps. While it is critical to have an adequate budget for cybersecurity, it is equally crucial to utilize purchased security devices effectively.
One of the three key findings of Deloitte's Financial Cyber Survey 2021 is “businesses might have a false sense of security” .
While it's great to see financial organizations strive for high levels of cyber maturity, we highly advise objectively evaluating these assumptions and maturity levels and addressing any gaps between expectations and assessment results. To get one step ahead of the threat actors, banks and other financial organizations must continuously test the effectiveness of their security controls against real-world cyberattacks. Security control validation is a threat-centric approach that enables organizations to assess and analyze their cybersecurity posture and overall cyber resilience and verify that security controls are performing effectively against cyberattacks.
The Complete Security Control Validation Platform
Picus’ The Complete Security Control Validation Platform provides comprehensive visibility into cybersecurity threats and risks across the network and endpoints - all from a centralized dashboard. With the visibility that Picus brings, financial institutions can quickly reveal gaps in their cybersecurity posture and mitigate risks by applying actionable remediation and mitigation insights provided by Picus. Financial institutions can proactively mitigate risk in the organization's expanding digital ecosystem and prioritize remediation efforts and cyber initiatives using these insights. Additionally, Picus provides a real-time snapshot of an organization's security posture and generates alerts when an organization's security score goes below a predefined threshold.
Cyber risks to financial services firms will remain long into 2022. IT and security leaders in this sector must continue to invest in the right combination of technology and expertise to improve assurance. While there is no one-size-fits-all strategy for cybersecurity, the continuous security control validation approach can significantly and swiftly improve a company's security posture. When combined with a transition from reactive to proactive security, financial institutions will feel more equipped with this approach to deal with emerging threats.
 IBM Security X-Force, “X-Force Threat Intelligence Index 2022,” IBM Security, 2022. [Online]. Available: https://www.ibm.com/downloads/cas/ADLMYLAZ. [Accessed: Mar. 19, 2022]
 Boston Consulting Group, “Global Wealth 2019 Reigniting Radical Growth,” Jun. 2019. [Online]. Available: https://image-src.bcg.com/Images/BCG-Reigniting-Radical-Growth-June-2019_tcm9-222638.pdf. [Accessed: Mar. 16, 2022]
 Conference of State Bank Supervisors, “CSBS National Survey of Community Banks 2021,” Community Banking in the 21st Century 2021. [Online]. Available: https://www.communitybanking.org/~/media/files/publication/cb21publication_2021.pdf. [Accessed: Mar. 19, 2022]
 The Actuary, “Cyber crime to cost global economy $5.2trn over five years,” Jul. 26, 2019. [Online]. Available: https://www.theactuary.com/news/2019/07/2019/07/26/cyber-crime-cost-global-economy-52trn-over-five-years
 The Financial Services Roundtable – BITS, “Cybersecurity Regulation Harmonization,” United States Senate, Jun. 21, 2017. [Online]. Available: https://www.hsgac.senate.gov/imo/media/doc/Testimony-Feeney-2017-06-21.pdf. [Accessed: Mar. 17, 2022]
 P. Schroeder, “Capital One to pay $80 million fine after data breach,” Reuters, Aug. 06, 2020. [Online]. Available: https://www.reuters.com/article/us-usa-banks-capital-one-fin-idUSKCN2522DA
 A. Bronstad, “Capital One Reaches $190M Settlement Over 2019 Data Breach,” Law.com, Dec. 21, 2021. [Online]. Available: https://www.law.com/2021/12/21/capital-one-settles-lawsuits-over-2019-data-breach/. [Accessed: Mar. 17, 2022]
 Picus Labs Blue Team, “Six Stages of Dealing with a Global Security Incident.” [Online]. Available: https://www.picussecurity.com/resource/blog/six-stages-of-dealing-with-a-global-security-incident. [Accessed: Mar. 17, 2022]
 M. Henriquez, “Banking industry sees 1318% increase in ransomware attacks in 2021,” Security Magazine, Sep. 20, 2021. [Online]. Available: https://www.securitymagazine.com/articles/96128-banking-industry-sees-1318-increase-in-ransomware-attacks-in-2021. [Accessed: Mar. 15, 2022]
 P. Labs, “The Red Report 2021.” [Online]. Available: https://www.picussecurity.com/resource/blog/red-report-2021-top-ten-attack-techniques. [Accessed: Mar. 17, 2022]
 “Trellix ATR Threats Report.” [Online]. Available: https://www.trellix.com/en-us/threat-center/threat-reports/jan-2022.html. [Accessed: Mar. 17, 2022]
 B. Siegel, “Ransomware attackers down shift to ‘Mid-Game’ hunting in Q3,” Coveware: Ransomware Recovery First Responders, Oct. 21, 2021. [Online]. Available: https://www.coveware.com/blog/2021/10/20/ransomware-attacks-continue-as-pressure-mounts. [Accessed: Mar. 21, 2022]
 S. Özarslan, “3 Ransomware Trends You Need to Know in 2022: RaaS, Multiple Extortion, IABs.” [Online]. Available: https://www.picussecurity.com/resource/blog/3-ransomware-trends-you-need-to-know-in-2022-raas-multiple-extortion-iabs. [Accessed: Mar. 17, 2022]
 Federal Bureau of Investigation (FBI), “Ransomware Actors Use Significant Financial Events and Stock Valuation to Facilitate Targeting and Extortion of Victims,” Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3), Nov. 01, 2021. [Online]. Available: https://www.ic3.gov/Media/News/2021/211101.pdf. [Accessed: Mar. 17, 2022]
 G. Corfield, “Doncaster insurance firm One Call hit by not-dead-at-all Darkside ransomware gang,” The Register, May 21, 2021. [Online]. Available: https://www.theregister.com/2021/05/21/darkside_ransomware_doncaster/. [Accessed: Mar. 21, 2022]
 P. Crosman, “‘It’s very scary’: Small banks quietly hit by ransomware attacks,” American Banker, May 24, 2021. [Online]. Available: https://www.americanbanker.com/news/its-very-scary-small-banks-quietly-hit-by-ransomware-attacks
 Microsoft 365 Defender Threat Intelligence Team, “Catching the big fish: Analyzing a large-scale phishing-as-a-service operation,” Microsoft Security Blog, Sep. 21, 2021. [Online]. Available: https://www.microsoft.com/security/blog/2021/09/21/catching-the-big-fish-analyzing-a-large-scale-phishing-as-a-service-operation/. [Accessed: Mar. 20, 2022]
 Help Net Security, “How phishing kits are enabling a new legion of pro phishers,” Help Net Security, Dec. 02, 2021. [Online]. Available: https://www.helpnetsecurity.com/2021/12/02/phishing-kits-pro/. [Accessed: Mar. 21, 2022]
 “MirrorBlast and TA505: Examining Similarities in Tactics, Techniques and Procedures,” HP Wolf Security, Oct. 19, 2021. [Online]. Available: https://threatresearch.ext.hp.com/mirrorblast-and-ta505-examining-similarities-in-tactics-techniques-and-procedures/. [Accessed: Mar. 20, 2022]
 Akamai, “State of the Internet / Security Report of 2021 - Phishing for Finance,” Akamai, May 2020. [Online]. Available: https://www.akamai.com/site/en/documents/state-of-the-internet/soti-security-phishing-for-finance-report-2021.pdf
 M. Stanley, “Notification of a data security incident involving a Morgan Stanley vendor,” DocumentCloud, Jul. 02, 2021. [Online]. Available: https://www.documentcloud.org/documents/20985259-morgan-stanley-bc-20210702. [Accessed: Mar. 21, 2022]
 M. Whelan, “DDoS attacks: What they are and how they’re orchestrated,” RNZ, Sep. 08, 2021. [Online]. Available: https://www.rnz.co.nz/news/what-you-need-to-know/451063/ddos-attacks-what-they-are-and-how-they-re-orchestrated. [Accessed: Mar. 21, 2022]
 Reuters, “German cooperative banks hit by DDoS hack attack on IT provider,” Reuters, Reuters, Jun. 04, 2021 [Online]. Available: https://www.reuters.com/technology/german-it-company-that-serves-banks-experiences-ddos-hack-attack-2021-06-04/. [Accessed: Mar. 21, 2022]
 FS-ISAC Global Intelligence Office, “Navigating Cyber 2022,” FS-ISAC The Financial Services Information Sharing and Analysis Center, Mar. 2022. [Online]. Available: https://www.fsisac.com/hubfs/NavigatingCyber-2022/NavigatingCyber2022-TLPWHITE-FIN.pdf. [Accessed: Mar. 21, 2022]
 C. Insiders, “2020 Insider Threat Report,” Cybersecurity Insiders, Nov. 2019. [Online]. Available: https://www.cybersecurity-insiders.com/wp-content/uploads/2019/11/2020-Insider-Threat-Report-Gurucul.pdf. [Accessed: Mar. 21, 2022]
 “Financial Services Cybersecurity,” Palo Alto Networks. [Online]. Available: https://www.paloaltonetworks.com/industry/unit42-financial-services. [Accessed: Mar. 21, 2022]
 S. Gatlan, “Fired NY credit union employee nukes 21GB of data in revenge,” BleepingComputer, Sep. 01, 2021. [Online]. Available: https://www.bleepingcomputer.com/news/security/fired-ny-credit-union-employee-nukes-21gb-of-data-in-revenge/. [Accessed: Mar. 21, 2022]
 IBM Security, “Cost of a Data Breach Report 2021,” IBM Security, Dec. 2021. [Online]. Available: https://www.ibm.com/downloads/cas/OJDVQGRY. [Accessed: Mar. 20, 2022]
 “Financial Cyber Survey,” Deloitte Danmark. [Online]. Available: https://www2.deloitte.com/dk/da/pages/financial-cyber-survey.html. [Accessed: Mar. 15, 2022]