The Red Report 2024: The Top 10 Most Prevalent MITRE ATT&CK Techniques
Dr. Suleyman Ozarslan
April 5, 2022
As a high-profit, low-risk business for cybercriminals, ransomware has become a well-known and widespread threat to the financial sector. Financial institutions are extremely attractive targets for threat actors due to the value of the assets they manage and the criticality of the data they are responsible for protecting. As a result, financial services firms are increasingly being targeted by ransomware attackers. As reported by Trend Micro, ransomware attacks in the finance industry increased by 1,318 percent in 2021. In Q3 2021, the Banking/Financial sector accounted for 22% of total ransomware attacks, according to Trellix.
Ransomware attacks have a substantial impact on financial firms as a result of new extortion methods, including business disruption, revenue loss, reputation damage, data loss, and the public disclosure of critical information. Even though the financial services industry has some of the most robust security measures, financial institutions have been victims of costly attacks. According to Sophos, the average cost of rectifying a ransomware attack in the financial services industry was US$2.10 million, considering ransom paid, downtime, people time, device cost, network cost, lost opportunity, and other factors.
In May 2021, for example, the Darkside gang targeted UK-based insurance provider One Call . One Call was targeted by cybercriminals who wanted £15 million and threatened to release the company's data, including client information such as passwords and bank account details if the demand was not fulfilled. DarkSide and Ragnar Locker, two ransomware gangs, have provided evidence of successfully breaching networks of three minor banks in the United States, stealing data, and demanding payment . If the ransom was not paid, they threatened to release additional bank data.
You need to create a baseline environment to enable the detection of malicious behavior, such as encryption of files or exfiltration of sensitive data. Then, security teams must monitor security alerts to detect and respond to attacks. Cybercriminals exploit software vulnerabilities to deploy ransomware. You must conduct vulnerability scans, manage vulnerabilities based on their severity, and track progress toward mitigation, including patching all apps, services, and systems. You should also perform security due diligence on third-party software and services.
You must regularly check, improve, and verify your incident response and business continuity plans. First, you need to evaluate the effectiveness of incident response plans at your organization to ensure that all employees are aware of their respective responsibilities and the organization's protocols. Additionally, you must verify that mechanisms for updating and testing incident response and business continuity plans are in place to handle cybersecurity threats involving extortion.
The majority of cybercriminals access a company's network via email, encrypt data, and demand a ransom. Security awareness training must include recognizing, detecting, and reporting phishing attempts and other possible security incidents. While a single awareness lesson can give a foundation of broad knowledge, ongoing training is required to keep everyone informed about the most recent threats. Security awareness training must be aligned with the employee's duties.
In order to mitigate cyber risks, you need to maintain an ongoing cybersecurity risk assessment program that considers evolving and emerging threats and tunes your security controls in response to identified risks. This program must include a continuous process to determine, analyze, prioritize, and assess the risk to mission-critical systems. Third-party service providers' security controls should also be subjected to ongoing testing and contractually mandated to disclose security incident reports when an incident occurs.
You can leverage the Security Control Validation approach to continuously assess your security systems via simulation of potential risk scenarios. Utilizing Breach and Attack Simulation, Security Control Validation solutions allow you to validate your security controls' effectiveness, identify risks, and improve your defenses to mitigate identified risks and increase the effectiveness of your security controls.
The Complete Security Control Validation Platform enables you to ensure that your prevention and detection systems are up to date and their rules are appropriately configured. It allows assessing the security stack's performance against ransomware attacks and evaluating how people, processes, and technologies work together against cyber threats. Picus' platform also improves your security posture by providing actionable vendor-agnostic and vendor-specific risk mitigation suggestions.
Without a doubt, cybercriminals are increasingly targeting financial services firms with ransomware attacks. With several major financial organizations falling victim to ransomware attacks in recent months, no enterprise is safe because of the expanding attack surface and the difficulty of protecting digital assets. Financial services firms should take practical actions to reduce their exposure. The ransomware risk for financial institutions can be mitigated with the four ransomware risk mitigation strategies provided in this article.
Effective monitoring, prevention, detection, and mitigation are the frontline of ransomware defense.
In case of a security incident, an effective incident response and business continuity strategy will help you to limit the impact of the incident.
Regular security awareness training may transform a company's employee into a critical line of defense against cybercrime.
Continuous cybersecurity risk assessments enable financial institutions to be ahead of the game in their preparations against ransomware. Financial organizations can be ready for ransomware attacks by simulating real-world ransomware attacks and tuning security controls to fix identified gaps.