New threat intelligence report demonstrates how cybercriminals persistently target financial institutions
Searchlight Cyber, the dark web intelligence company, has released its new report, Dark Web Threats Against the Banking Sector, which outlines the tactics of cybercriminal reconnaissance against banking institutions. The report highlights the most prominent threats visible on the dark web – including Initial Access Broker posts on dark web forums, insider threats, and supply chain attacks – and explains how banks can use this intelligence to improve their cyber defense.
Latest Fintech Interview: Global Fintech Interview with Ramy Ashour, Global Head of Enterprise & Solutions at Valtech
The research found that:
- Initial Access Broker posts are the most commonly observed activity on the dark web.
The report explains how threat actors sell vulnerabilities such as remote network access, web shells, remote code execution, and SQL injection on dark web forums for other cybercriminals – including ransomware operators – to exploit. - “Insider threats” pose a challenge for banks.
Searchlight analysts observed cases of employees proactively advertising their ability to undermine the security of their organization, as well as cybercriminals trying to recruit employees at banks. - Reconnaissance against banks’ supply chains can be observed on the dark web.
With criminals identifying the banks that can be impacted in posts targeting their suppliers.
The research includes posts from cybercriminals on dark web sites such as XSS, Exploit, and BreachForums targeting banks around the world, with examples from the United States, UK, France, Spain, South America, and Asia.
The report also explains how this type of dark web intelligence can be used by banks in security practices such as threat hunting, internal investigations, and gathering intelligence on the tactics of specific cybercriminals.
Read More About Fintech Interview: Global Fintech Interview with Mani Ganeshan, Global Head – Engineering, Travel Distribution, and Centre Head at Amadeus Labs
Commenting on the findings, Jim Simpson, Director of Threat Intelligence at Searchlight Cyber said:
“While a lot of the cybercriminal activity described in this report sounds alarming, the point of this research is not to scare banks. In fact, it is to demonstrate the opportunity that the dark web provides to identify threats earlier. Banks are always going to be a target for threat actors, but monitoring the dark web allows them a chance to spot criminal activity in the “pre-attack” or planning stage and gives security teams valuable time to adjust their defenses.
“For example, we have observed threat actors that are known to be associated with ransomware groups interacting with some of the Initial Access Broker posts in this report. Knowledge is power, and identifying vulnerabilities being sold before the ransomware operator is able to successfully breach their organization would be a huge win for defenders. These are the proactive defense opportunities that dark web intelligence provides.”
Browse The Complete Interview About Fintech: Global Fintech Interview with Anndy Lian, Intergovernmental Blockchain Expert, Partner at Blockchain Technology
[To share your insights with us, please write to sghosh@martechseries.com]
