BY Fraser Tennant
Cyber criminals are increasingly and persistently targeting the financial services sector, particularly banking institutions, using the dark web, according to a new report by Searchlight Cyber.
In ‘Dark Web Threats Against the Banking Sector’, the dark web intelligence company outlines the tactics cyber criminal are using against banking institutions, highlighting the most prominent threats visible on the dark web.
According to the report, the most prominent threat is initial access broker posts which sees threat actors sell vulnerabilities such as remote network access, web shells, remote code execution and SQL injection (a cyber attack that injects malicious SQL code into an application allowing the attacker to view or modify a database) on dark web forums for other cyber criminals, including ransomware operators, to exploit.
“We have observed threat actors that are known to be associated with ransomware groups interacting with initial access broker posts in this report,” said Jim Simpson, director of threat intelligence at Searchlight Cyber. “Knowledge is power, and identifying vulnerabilities being sold before the ransomware operator is able to successfully breach their organisation would be a huge win for defenders.”
Additional threats noted in the report include insider threats, where employees proactively advertise their ability to undermine the security of their organisation, as well as cyber criminals trying to recruit employees at banks, and threats against banks’ supply chains, which sees criminals identify the banks that can be impacted in posts targeting their suppliers.
The report also explains how such dark web intelligence can be used by banks in security practices such as threat hunting, internal investigations and gathering intelligence on the tactics of specific cyber criminals.
“While a lot of the cyber criminal activity described in this report sounds alarming, the point of this research is not to scare banks,” said Jim Simpson, director of threat intelligence at Searchlight Cyber. “In fact, it is to demonstrate the opportunity that the dark web provides to identify threats earlier. Banks are always going to be a target for threat actors, but monitoring the dark web allows them a chance to spot criminal activity in the ‘pre-attack’ or planning stage and gives security teams valuable time to adjust their defences.”