Financial sector has faced 'death by 1 million cuts' from cybercriminals

BlackBerry report warns financial institutions are under increased pressure

Financial sector has faced 'death by 1 million cuts' from cybercriminals
Steve Randall

The financial sector was attacked 1 million times in just 120 days by cybercriminals, highlighting the elevated risk that financial institutions face.

The latest Global Threat Intelligence Report from Ontario based BlackBerry reveals that the global financial sector was mostly targeted using commodity malware which aims for financial gain from attackers and financial along with other critical infrastructure (including government, healthcare, and communications) accounted for 62% of the attacks between September and December 2023.

Last month, Tolga Yalkin, an assistant superintendent at the Office of the Superintendent of Financial Institutions (OSFI), expressed concerns over the increasing frequency of cyber incidents, particularly noting the surge in “priority one” attacks from about 10 in 2022 to 28 in 2023. 

The attacks are increasingly using novel malware, which criminals hope will be ahead of cyber defenses.

"Novel malware typically indicates specific motivations from threat actors towards particular attack targets with intent to evade defenses, which are often based on static signatures,” said Ismael Valenzuela, Vice President of Threat Research and Intelligence at BlackBerry. “We've reached a pivotal point where traditional detection methods alone are not enough to combat this increasingly complex problem. AI is already being weaponized by malicious entities, so it must equally be the dominant tool for detection and defense."

As well as critical infrastructure, 33% of all threats targeted commercial enterprises (including retail, manufacturing, automotive and professional services), with 53% of those deploying information-stealing (Infostealer) malware with the aim of accessing highly sensitive data.

BlackBerry’s analysts expect a further increase in attacks on profitable sectors with VPN appliances, and both software and hardware vulnerabilities exploited. Asia Pacific financial institutions are expected to see greater levels of attacks from China and North Korea.

Last year, a study from cybersecurity specialists Palo Alto Networks, conducted by the Angus Reid Group, found that the average cost of a ransomware attack for Canadian organizations is more than $1.1 million in 2023 compared to $458,247 in 2021 – a 150% increase.