Modern Bank Heists 3.0

This marks the third edition of the Modern Bank Heists report, which takes an annual pulse of some of the financial industry’s top CISOs and security leaders. Thank you, again, for reading along and thank you to the 25 security leaders who participated in this year’s survey.

This survey offers more than just data. We use the information gleaned from this report to educate the market on how modern cybercriminals are evolving; what tactics, techniques and procedures (TTPs) are emerging; and how defenders can keep pace. Perhaps most importantly, we use the information to deliver a stronger cybersecurity platform to the market.

In this year’s survey, CISOs revealed what they’re seeing with attack prevalence and evolution. Our questions tackled topics including lateral movement, counter-incident response, island hopping and integrity attacks. The financial sector is not a new target for criminals. Of course, the bank heist has evolved significantly—from stickups to cyberspace—but the fundamental motivation behind the attacks has remained: money. This evolution is best reflected in a conversation we recently had with Jonah Force Hill, senior cyber policy advisor and executive director of the U.S. Secret Service Cyber Investigations Advisory Board (CIAB), who told us:

“This year, while virtually all sectors of the global economy fell victim to cybercrime of one kind or another, no sector was more regularly targeted than the financial sector. At an alarming rate, transnational organized crime groups are leveraging specialist providers of cybercrime tools and services to conduct a wide range of crimes against financial institutions, including ransomware campaigns, distributed denial of service (DDoS) attacks and business email compromise (BEC) scams. Criminals are increasingly sharing resources and information and reinvesting their illicit profits into the development of new, even more destructive capabilities. The growing availability of ready-made malware is creating opportunities for even inexperienced criminal actors to launch their own operations. When combined with a steady commercial growth of mobile devices, cloud-based data storage and services, and digital payment systems, cybercriminals today have an ever-expanding host of attack vectors to exploit. Every organization—providers of financial services, in particular—must remain vigilant in the face of these evolving threats. It is critical that organizations maintain a continuous dialogue with law enforcement to ensure a rapid response in the event of an incident.”

The authors would like to thank VMware Carbon Black Team Cerberus for their analytics research for this report.