Key Threats and Cyber Risks Facing Financial Services and Banking Firms in 2022

Although almost every business is a potential victim of cybercrime, cyber threat actors usually select their victims based on two criteria: maximum revenue and maximum impact. Financial institutions, such as banks and financial services, are prime  targets for cybercriminals since they fulfill these two criteria. Organizations in the finance industry keep highly critical and valuable data electronically, from credit cards and deposit information to estates, wills, titles, and other sensitive data, and routinely handle trillions of dollars. Besides, their continuous digital transformation efforts, the complicated regulatory environment, the complex supply chain ecosystem, and the hybrid workspace practices are increasing the opportunity for cybercriminals to obtain and monetize that data. As a result, cyber threat actors are targeting the financial sector excessively.

Although organizations in the finance sector have been concerned about cybersecurity breaches for a long time, they are now even more concerned since cyber threats now pose even greater operational and reputational risks. So what should IT and security leaders do? 

• First of all, they need to understand the most significant threat vectors, allowing them to prioritize cybersecurity initiatives with the highest return on investment and create a successful cybersecurity plan. Ransomware, phishing, web application, and vulnerability exploitation attacks, denial of service (DoS) attacks, insider threats, and attack campaigns of the nation-state and state-sponsored threat actors and Advanced Persistent Threat (APT) groups are the most prevalent threats that financial institutions face in 2023.

• Then, financial institutions must improve their defenses to mitigate these ever-evolving threats. Although they have spent millions of dollars and deployed multiple levels of defense across their infrastructure, the missing component is the effective use of security controls. It is crucial to continuously measure the effectiveness of their overall IT security infrastructure against real-world cyberattacks to stay one step ahead of threat actors. IT and security leaders need to adopt the security control validation approach that enables businesses to assess and verify their cybersecurity posture and overall cyber resilience and validate that security controls successfully mitigate cyberattacks.

Introduction

Financial institutions (FIs) have historically been at the center of enterprise cybersecurity, considering the  massive amounts of cash and customer data they process. Moreover, the financial, regulatory, and reputational implications of cyberattacks require FIs to invest in cybersecurity.

Finance and insurance organizations were heavily targeted by cybercriminals, making up 22.4% of observed cyber attacks in 2021 [1].

Research by IBM X-Force also shows that 70% of the attacks on FI firms targeted banks, 16 percent targeted insurance companies, and 14 percent targeted other financial institutions in 2021 [1]. BCG's report shows that financial services (FS) are 300 times more likely to be the victim of a cyberattack than other organizations [2].

Organizations in the finance sector are highly concerned about cyber threats. According to a survey conducted by the Conference of State Bank Supervisors (CSBS) in September 2021, cybersecurity risk was rated "extremely important" by more than 80% of bankers as the top internal risk, more than double any other category of operational risk, and more than the 60% reported the previous year [3]. 

Of course, there are numerous reasons for this risk perception. For example, cybersecurity threats pose both operational and reputational risks. A cyberattack may harm or completely disrupt a financial institution's ability to conduct business (operational risk). Moreover, customers may lose trust and move their business elsewhere because of the cyberattack (reputational risk).

The average cost of cybercrime for financial services is 40% higher than all other sectors [4].

In this blog, first, we will explain the challenges of being resilient against cyberattacks against financial institutions. Then, emerging cyber threats for financial institutions in 2023 are discussed with data from past incidents. Finally, this blog reveals the need for a threat-centric approach to learn from threats and adapt defenses against them.  It also explains how financial institutions can proactively mitigate risk in the organization's expanding digital ecosystem with an innovative threat-centric approach - security control validation.

Understanding the challenges that increase cyber risks faced by the financial industry is crucial to be resilient against cyber threats. These challenges are linked with each other and required to be addressed in a holistic approach.

1. Continuous Digital Transformation and Innovation: Financial institutions adopt emerging technologies such as cloud computing, artificial intelligence, and digital services. The majority of FIs are increasingly utilizing cloud-based software to increase information processing, fraud detection, and financial analytics capabilities. Meanwhile, the COVID-19 pandemic accelerated the transition of the industry's IT infrastructure (digital transformation) of financial institutions and the emergence of virtual banks and financial services. As a result of digital transformation, organizations now operate more and more new applications, devices, and infrastructure components that increase the attack surface. All of these factors contribute to a rise in cybersecurity risks for FIs and their customers.

While the growth of new technologies in the finance industry has a significant impact on the industry's risk profile, they can also positively affect risk management, such as improving cybersecurity and compliance controls.

2. Complicated Legislations and Regulations: Financial institutions have become more reliant on technology and data to deliver products and services to clients, so they are increasingly confronted with an evolving regulatory environment. State, federal, and international regulators have responded to the increase in financial services cyber threats by establishing new rules governing the financial services organizations they regulate. FIs are increasingly regulated in many countries, with constantly changing data protection and privacy standards, as well as cybersecurity requirements. For example, more than 30 cybersecurity regulations have been implemented in the United States alone since the publication of the National Institute of Science and Technology's (NIST) Cybersecurity Framework in 2014 [5].

While regulations are useful, complying with them can be expensive and time-consuming. According to research conducted by the Banking Policy Institute's technology division (BITS), CISOs  spend 40% of their time resolving numerous regulatory agency requirements [5]. Moreover, the complex regulatory environment results in stricter enforcement and increased regulatory expenses and fines. For example, Capital One was fined $80 million by the US government in August 2020 for failing to identify and manage cyber risk, which resulted in a massive data breach in 2019 [6]. More recently, in late December 2021, Capital One announced a $190 million settlement with a class-action lawsuit for a massive hack of the bank's cloud network on Amazon Web Services in 2019 that resulted in the theft of personal data from 100 million clients [7].

3. Complex Supply Chain Ecosystem: Most financial institutions rely on third-party service providers to fulfill their digital operations. Even if the FI's own security systems are very resilient against cyberattacks, third-party service providers may represent a weak link in the chain of cybersecurity. Threat actors are increasingly targeting software vendors and then delivering malicious code to customers in the supply chain via product downloads or updates that seem to be legitimate. These attacks compromise software distribution systems and allow threat actors to get access to the networks of the supplier's customers.

The SolarWinds breach, one of the most significant attacks in recent times, was a supply chain attack [8]. Attackers gained access to SolarWinds' network and infected its management software with malware to target thousands of companies, including banks and government agencies. The SolarWinds breach serves as a powerful reminder of the financial services sector's potential vulnerability to cyberattacks and disruptions as a result of their reliance on third-party suppliers and service providers over whom they have little or no control over cybersecurity. Cybersecurity risks created by third-party suppliers are expected to become a more significant issue in the future as regulators place a greater emphasis on business continuity and operational resilience.

4. Hybrid Workplace: The recent changes to the ways of working accelerated by COVID-19, such as the hybrid workspace combining in-office and remote employees, have increased organizations' risk. As the pandemic enters its third year, remote work, hybrid workforces, and cloud-based software technologies have become practically ubiquitous. Businesses were forced to rapidly adopt new technologies that enabled remote access, communication, and collaboration. As a result, hybrid workplace environments increase the complexity of IT systems, broaden the attack surface, and bring new cyber risks and threats.

Picus Red Report 2023 shows that 23% of malware samples are designed to encrypt files in a target system [10].

According to Trellix, the Banking/Financial sector accounted for 22% of total ransomware attacks in Q3 2021 [11]. Therefore, ransomware has evolved into a widespread and well-known threat to organizations worldwide for several years and does not seem to be fading away anytime soon. As the main reason for ransomware proliferation, ransomware is a high-profit, low-risk business for threat actors. Moreover, the technical entry barrier to ransomware business is very low for cybercriminals because of Ransomware as a Service (RaaS) and Initial Access Broker (IABs) trends.

Initially, ransomware prevented organizations from accessing their data by encrypting files in the infected systems and holding the decryption key for ransom to extort money. Victims pay a ransom fee to recover access to encrypted data in this single extortion method. However, most financial institutions adapted to file encryption attacks by improving their data backup procedures. There is no reason to pay the ransom if you can just recover your own data from backups. The ransomware gangs responded with exfiltrating critical data before encrypting it and then threatening to leak or disclose it if the ransom is not paid. That is not a problem that can be resolved through backup recovery. According to the Coveware 2021 report, over 80% of ransomware attacks involve data exfiltration in addition to file encryption [12]. Threatening with the combination of encryption and data exfiltration is double extortion. Note that the ransomware threat actor is under no responsibility to remove the stolen data regardless of whether a  ransom is paid.

In addition to encryption and data exfiltration, cybercriminals utilize other extortion methods, such as threatening to disrupt operations with denial of service (DoS) attacks, threatening to contact the victim financial institution's clients and stakeholders, and threatening to sell sensitive data to competitors [13]. In November 2021, the FBI warned that ransomware actors are very likely to target and leverage victim organizations through significant financial events such as mergers and acquisitions [14]. Prior to launching an attack, ransomware attackers conduct research into publicly available information, such as the stock valuation of a victim and material nonpublic information. If victims do not pay the ransom on time, ransomware attackers threaten to expose this information, potentially triggering investor backlash publicly. 

As a result of new extortion methods, ransomware attacks have a massive impact on financial firms, including business downtime, revenue loss, reputational loss, data loss, and public release of sensitive information. For example, UK-based insurance firm, One Call, was the victim of a ransomware attack by the Darkside gang in May 2021; the same ransomware group extorted US gasoline network Colonial Pipeline [15]. Cybercriminals demanded £15 million from Once Call and threatened to disclose the company's data, including client information such as passwords and bank details, if the demand was not satisfied. In the same month, two ransomware gangs, DarkSide and Ragnar Locker, have provided evidence of successfully breaking into the systems of three small banks in the US, stealing data, and demanding payment [16]. They claimed that they would expose additional bank data if the ransom was not paid.

Start your 14-day free trial: Increase Your Return on Security Investment by More Than Two-Fold

2. Phishing

Phishing remains a common attack vector used to gain initial access to organizations ’networks. Threat actors have consistently invested significant resources to expand the phishing economy.

Financial services was the sector most impacted by malicious emails in Q3 2022 [17].

Today, phishing is a comprehensive business, enabling criminals to use Phishing-as-a-Service (PhaaS) developments through a hosted solution. Like ransomware-as-a-service (RaaS) for running a ransomware attack campaign, attackers pay an operator for running full-fledged phishing campaigns in the PhaaS model, including spoofed sign-in page development, website hosting, phishing mail template creation, distribution of phishing emails, credential parsing, and overall orchestration. PhaaS is a game-changer in cybercrime because it eliminates several aforementioned operations, like spoofed sign-in page development and hosting. Attackers are no longer required to hack websites to host their malicious landing pages. As a result, cybercrime becomes more accessible when a ready-made Phishing-as-a-Service solution or phishing kits are used. Now, even the most novice cybercriminal may run their own phishing campaign. As an example of a phishing-as-a-service (PhaaS) operation, BulletProofLink (also referred to as BulletProftLink or Anthrax) is utilized by a variety of threat groups in one-off or monthly subscription-based business models, providing a consistent revenue stream for its operators [17].

The spoofed websites and sign-in pages that look identical to the bank's official website are leveraged by attackers in phishing and other social engineering techniques. Users are led to the spoofed website, where they are prompted to enter their username and password. After users enter their credentials, they are forwarded to the bank's original website. Cybercriminals cause significant financial and reputational damage after acquiring user credentials in this method.

For example, researchers detected a 300 percent rise in phishing attacks targeting Chase Bank between May and August 2021 [18]. The XBALTI phishing kits were designed to look and behave exactly like the Chase banking portal. According to the researchers, the phishing kits were quite sophisticated and were aimed to gather information other than email addresses and passwords, such as banking and credit card information, social security numbers, and home addresses [18].

In September 2021, researchers discovered that the Russian-linked TA505 launched a new malware campaign known as MirrorBlast against financial institutions worldwide [19]. The infection begins with an excel document attached to an email. The malware payload is downloaded and executed when the document is opened, and macros enabled.

3. Web Application Attacks

According to the State of the Internet / Security report for 2021, Akamai observed 6.3 billion web attacks worldwide in 2020; 12% of them are in the financial services industry alone [20]. The most common type of web attack targeting financial services was Local File Inclusion (52%), followed by SQL Injection (33%) and Cross-Site Scripting (9%) [20].

Morgan Stanley, the American investment banking giant, announced a data breach on July 2, 2021, attributed to zero-day assaults on Accellion's legacy File Transfer Appliance (FTA) [21]. The primary attack vector is a SQL injection vulnerability (CVE-2021-27101), which enables an unauthenticated user to execute remote commands on vulnerable Accellion FTA servers. By hacking into the Accellion FTA server of a third-party provider, Guidehous, attackers collected personal information belonging to Morgan Stanley's clients.

4. Vulnerability Exploitation Attacks

Vulnerability exploitation attacks enable threat actors to gain access to target networks to perform additional operations with higher privileges. 

Vulnerability exploitation led to 31% of attacks within the financial sector [31].

Public-facing vulnerable applications and services pose a great risk to organizations' security posture. In 2022, the infamous ransomware gang BlackByte gained initial access to financial organizations by exploiting Microsoft Exchange ProxyShell vulnerabilities (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207). In another campaign, Russian cyber threat actors deployed disk-wiper malware to Ukrainian banks by abusing a known Apache Tomcat (CVE-2020-1938) vulnerability.

Four of the top five exploited vulnerabilities in 2022 were new zero-day vulnerabilities with critical severity. While FIs should be vigilant against emerging threats, they should consider continuing effects of older yet impactful vulnerabilities such as Log4j vulnerability CVE-2021-44228.

5. Distributed Denial of Service (DDoS) Attacks

Attackers use Distributed Denial of Service attacks to flood and crash a target website by overwhelming it with traffic. Threat actors generate attack traffic from various compromised computer systems, including computers and other network-connected devices. They also use off-the-shelf toolkits and DDoS-for-hire websites to perform DDoS attacks.

DDoS attacks interrupt business operations, result in significant financial losses for the victim, and pose a substantial danger to financial institutions. According to Akamai, DDoS attacks against the financial services industry increased by 22 percent in 2022 compared to the previous year, demonstrating that DDoS attacks will be a tool in criminals' arsenal to cause disruptions in critical systems, services, and applications required for daily operations [30].

Average IT downtime caused by DDoS attacks approximately costs financial organizations $5,000 up to $140,000 per hour [30].

As a recent example, in September 2021, a DDoS attack took down the websites of several New Zealand financial institutions, including Kiwibank and the national postal service [22]. In June 2021, Fiducia & GAD IT, a German organization that operates technology for the country's cooperative banks, was targeted by a DDoS attack, impacting over 800 financial institutions across the country [23]. From August 2020 through the end of 2021, FS-ISAC members worldwide reported threats allegedly emanating from well-known APT groups threatening a large-scale DDoS attack unless a ransom is paid [24]. Organizations received communications from a variety of APT aliases, including the Russian actor groups Cozy Bear (APT27) and Fancy Bear (APT28), the North Korean-affiliated Lazarus Group, and most recently, a mashup of the latter two groups dubbed "Fancy Lazarus." Multiple sectors have noticed this behavior on a worldwide scale.

6. Nation-State / State-Sponsored Attacks and APTs

Three significant risks to the financial sector are nation-state attacks undertaken by foreign governments, state-sponsored attacks carried out by affiliated cybercriminal gangs, and Advanced Persistent Threats (APTs) launched by skilled APT groups. These threat actors employ many of the same attack vectors as less capable threat actors, such as phishing and ransomware, but with more technical capacity and funding.

The most Advanced Persistent Threat (APT) detections in Q3 2021 occurred in the Banking/Financial sector (37%) [11].

Organized cybercriminal groups collaborate and share attack tactics, techniques, procedures (TTPs), tools, and resources to compromise financial institutions, resulting in an increase in cyberattacks. Moreover, nation-state attack campaigns reflect global geopolitical tensions, which have fueled a growth in cyber activity targeting governments, militaries, and the business sector, according to the Navigating Cyber 2022 report of the Financial Services Information Sharing and Analysis Center (FS-ISAC) [24]. For example, the war in Ukraine, ongoing protest activity in Hong Kong, and North Korea's continued missile launches could result in cyber activity against various targets in the US, the UK, and the EU, among other places. Retaliation may take the form of denial of service (DoS) attacks, spearphishing, destructive malware, or vulnerability exploitation attacks.

7. Insider Threats

Regardless of the sophisticated techniques malicious actors use to penetrate an organization's network, many security incidents are attributed to insider threats posed by current or recently departed employees and unwitted staff errors. According to a 2023 study, insider attacks are 48% more difficult to detect and prevent compared to external cyberattacks. [25].

Financial services are the industry leader in insider threats (16%) [26].

Insiders have caused disruptions and critical data loss, whether purposeful or unintentional. For example, a New York credit union suffered a data breach caused by an insider in September 2021 [27]. After being fired, a former employee was able to go into corporate systems and erase 21.3 GB of company data and files within forty minutes. IBM Cost of a Data Breach Report 2022 shows that malicious insiders cost an average of $4.18 million. [28]. According to the same report, a breach caused by a malicious insider took 216 days to identify and 68 days to contain.

As cybercriminals evolve their tactics and techniques to target the most valuable data and services, financial institutions must improve their defenses to mitigate ever-evolving threats. To accomplish this, organizations in the financial sector must implement a security strategy that includes a living People, Process, Technology (PPT) framework capable of learning from threats and adapting defenses against them - a threat-centric approach. To ensure maximum security in the case of cybercrime, banks and FIs must develop a strategic plan that not only resists an initial cyberattack with minimal impact and loss but also maintains resilience continuously against emerging threats.

The majority of financial institutions have deployed multiple levels of defense across their infrastructure, including cyberattack prevention and detection solutions. However, these security layers are frequently siloed. The missing component is the effective use of security controls and visibility throughout the network and endpoints to identify and fix gaps. While it is critical to have an adequate budget for cybersecurity, it is equally crucial to utilize purchased security devices effectively.

One of the three key findings of Deloitte's Financial Cyber Survey 2021 is "businesses might have a false sense of security" [29].

While it's great to see financial organizations strive for high levels of cyber maturity, we highly advise objectively evaluating these assumptions and maturity levels and addressing any gaps between expectations and assessment results. To get one step ahead of the threat actors, banks and other financial organizations must continuously test the effectiveness of their security controls against real-world cyberattacks. Security control validation is a threat-centric approach that enables organizations to assess and analyze their cybersecurity posture and overall cyber resilience and verify that security controls are performing effectively against cyberattacks.

Picus' The Complete Security Validation Platform provides comprehensive visibility into cybersecurity threats and risks across the network and endpoints - all from a centralized dashboard. With the visibility that Picus brings, financial institutions can quickly reveal gaps in their cybersecurity posture and mitigate risks by applying actionable remediation and mitigation insights provided by Picus. Financial institutions can proactively mitigate risk in the organization's expanding digital ecosystem and prioritize remediation efforts and cyber initiatives using these insights. Additionally, Picus provides a real-time snapshot of an organization's security posture and generates alerts when an organization's security score goes below a predefined threshold.

Start Your Free Trial Now: Enhanced Visibility Against Financial Cyber Threats

References

[1] IBM Security X-Force, “X-Force Threat Intelligence Index 2022,” IBM Security, 2022. [Online]. Available: https://www.ibm.com/downloads/cas/ADLMYLAZ. [Accessed: Mar. 19, 2022]

[2] Boston Consulting Group, “Global Wealth 2019 Reigniting Radical Growth,” Jun. 2019. [Online]. Available: https://image-src.bcg.com/Images/BCG-Reigniting-Radical-Growth-June-2019_tcm9-222638.pdf. [Accessed: Mar. 16, 2022]

[3] Conference of State Bank Supervisors, “CSBS National Survey of Community Banks 2021,” Community Banking in the 21st Century 2021. [Online]. Available: https://www.communitybanking.org/~/media/files/publication/cb21publication_2021.pdf. [Accessed: Mar. 19, 2022]

[4] The Actuary, “Cyber crime to cost global economy $5.2trn over five years,” Jul. 26, 2019. [Online]. Available: https://www.theactuary.com/news/2019/07/2019/07/26/cyber-crime-cost-global-economy-52trn-over-five-years

[5] The Financial Services Roundtable – BITS, “Cybersecurity Regulation Harmonization,” United States Senate, Jun. 21, 2017. [Online]. Available: https://www.hsgac.senate.gov/imo/media/doc/Testimony-Feeney-2017-06-21.pdf. [Accessed: Mar. 17, 2022]

[6] P. Schroeder, “Capital One to pay $80 million fine after data breach,” Reuters, Aug. 06, 2020. [Online]. Available: https://www.reuters.com/article/us-usa-banks-capital-one-fin-idUSKCN2522DA

[7] A. Bronstad, “Capital One Reaches $190M Settlement Over 2019 Data Breach,” Law.com, Dec. 21, 2021. [Online]. Available: https://www.law.com/2021/12/21/capital-one-settles-lawsuits-over-2019-data-breach/. [Accessed: Mar. 17, 2022]

[8] Picus Labs Blue Team, “Six Stages of Dealing with a Global Security Incident.” [Online]. Available: https://www.picussecurity.com/resource/blog/six-stages-of-dealing-with-a-global-security-incident. [Accessed: Mar. 17, 2022]

[9] M. Henriquez, “Banking industry sees 1318% increase in ransomware attacks in 2021,” Security Magazine, Sep. 20, 2021. [Online]. Available: https://www.securitymagazine.com/articles/96128-banking-industry-sees-1318-increase-in-ransomware-attacks-in-2021. [Accessed: Mar. 15, 2022]

[10] P. Labs, “The Red Report 2023” [Online]. Available: https://www.picussecurity.com/resource/report/the-red-report-2023. [Accessed: Apr. 04, 2023]

[11] “Trellix ATR Threats Report.” [Online]. Available: https://www.trellix.com/en-us/threat-center/threat-reports/jan-2022.html. [Accessed: Mar. 17, 2022]

[12] B. Siegel, “Ransomware attackers down shift to ‘Mid-Game’ hunting in Q3,” Coveware: Ransomware Recovery First Responders, Oct. 21, 2021. [Online]. Available: https://www.coveware.com/blog/2021/10/20/ransomware-attacks-continue-as-pressure-mounts. [Accessed: Mar. 21, 2022]

[13] S. Özarslan, “3 Ransomware Trends You Need to Know in 2022: RaaS, Multiple Extortion, IABs.” [Online]. Available: https://www.picussecurity.com/resource/blog/3-ransomware-trends-you-need-to-know-in-2022-raas-multiple-extortion-iabs. [Accessed: Mar. 17, 2022]

[14] Federal Bureau of Investigation (FBI), “Ransomware Actors Use Significant Financial Events and Stock Valuation to Facilitate Targeting and Extortion of Victims,” Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3), Nov. 01, 2021. [Online]. Available: https://www.ic3.gov/Media/News/2021/211101.pdf. [Accessed: Mar. 17, 2022]

[15] G. Corfield, “Doncaster insurance firm One Call hit by not-dead-at-all Darkside ransomware gang,” The Register, May 21, 2021. [Online]. Available: https://www.theregister.com/2021/05/21/darkside_ransomware_doncaster/. [Accessed: Mar. 21, 2022]

[16] P. Crosman, “‘It’s very scary’: Small banks quietly hit by ransomware attacks,” American Banker, May 24, 2021. [Online]. Available: https://www.americanbanker.com/news/its-very-scary-small-banks-quietly-hit-by-ransomware-attacks

[17] "The Threat Report: Fall 2022." [Online]. Available: https://www.trellix.com/en-hk/advanced-research-center/threat-reports/nov-2022.html. [Accessed: Apr. 04, 2023]

[18] Help Net Security, "How phishing kits are enabling a new legion of pro phishers," Help Net Security, Dec. 02, 2021. [Online]. Available: https://www.helpnetsecurity.com/2021/12/02/phishing-kits-pro/. [Accessed: Mar. 21, 2022]

[19] "MirrorBlast and TA505: Examining Similarities in Tactics, Techniques and Procedures," HP Wolf Security, Oct. 19, 2021. [Online]. Available: https://threatresearch.ext.hp.com/mirrorblast-and-ta505-examining-similarities-in-tactics-techniques-and-procedures/. [Accessed: Mar. 20, 2022]

[20] Akamai, "State of the Internet / Security Report of 2021 - Phishing for Finance," Akamai, May 2020. [Online]. Available: https://www.akamai.com/site/en/documents/state-of-the-internet/soti-security-phishing-for-finance-report-2021.pdf

[21] M. Stanley, “Notification of a data security incident involving a Morgan Stanley vendor,” DocumentCloud, Jul. 02, 2021. [Online]. Available: https://www.documentcloud.org/documents/20985259-morgan-stanley-bc-20210702. [Accessed: Mar. 21, 2022]

[22] M. Whelan, “DDoS attacks: What they are and how they’re orchestrated,” RNZ, Sep. 08, 2021. [Online]. Available: https://www.rnz.co.nz/news/what-you-need-to-know/451063/ddos-attacks-what-they-are-and-how-they-re-orchestrated. [Accessed: Mar. 21, 2022]

[23] Reuters, “German cooperative banks hit by DDoS hack attack on IT provider,” Reuters, Reuters, Jun. 04, 2021 [Online]. Available: https://www.reuters.com/technology/german-it-company-that-serves-banks-experiences-ddos-hack-attack-2021-06-04/. [Accessed: Mar. 21, 2022]

[24] FS-ISAC Global Intelligence Office, “Navigating Cyber 2022,” FS-ISAC The Financial Services Information Sharing and Analysis Center, Mar. 2022. [Online]. Available: https://www.fsisac.com/hubfs/NavigatingCyber-2022/NavigatingCyber2022-TLPWHITE-FIN.pdf. [Accessed: Mar. 21, 2022]

[25] Gurucul, "2023 Insider Threat Report," Gurucul, Dec. 2022. [Online]. Available: https://gurucul.com/2023-insider-threat-report. [Accessed: Apr. 04, 2023]

[26] "Financial Services Cybersecurity," Palo Alto Networks. [Online]. Available: https://www.paloaltonetworks.com/industry/unit42-financial-services. [Accessed: Mar. 21, 2022]

[27] S. Gatlan, "Fired NY credit union employee nukes 21GB of data in revenge," BleepingComputer, Sep. 01, 2021. [Online]. Available: https://www.bleepingcomputer.com/news/security/fired-ny-credit-union-employee-nukes-21gb-of-data-in-revenge/. [Accessed: Mar. 21, 2022

[28] IBM Security, "Cost of a Data Breach Report 2023," IBM Security, Jul. 2022. [Online]. Available: https://www.ibm.com/downloads/cas/3R8N1DZJ. [Accessed: Apr. 04, 2023]

[29] "Financial Cyber Survey," Deloitte Danmark. [Online]. Available: https://www2.deloitte.com/dk/da/pages/financial-cyber-survey.html. [Accessed: Mar. 15, 2022]

[30]"Enemy at the gates: Analyzing attacks on Financial Services | akamai." [Online]. Available: https://www.akamai.com/lp/soti/enemy-at-the-gates-analyzing-attacks-on-financial-services. [Accessed: Apr. 04, 2023] 

[31]Sangfor Technologies, "Cyber-attacks on Banks Devastate the Financial Sector," SANGFOR. [Online]. Available: https://www.sangfor.com/blog/cybersecurity/cyber-attacks-on-banks-devastate-financial-sector. [Accessed: Apr. 04, 2023]