06.08.2016Enterprise Tech

Follow the money: Top methods used by cyber-thieves

By: Scott Eason
Digital investigation

Verizon’s 2016 Data Breach Investigations Report — which revealed financial gain as one of the top motivators for cyberthieves – calls to mind the notorious bank robber Willie Sutton. When asked why he robbed banks, he replied: “Because that’s where the money is.”

Still true today, this year’s DBIR revealed the top methods cybercriminals leveraged in 2015 to infiltrate banks and other financial institutions. It also reinforced the need for strong defense and mitigation strategies to protect customers and assets from continued cybersecurity threats, incidents and data breaches.

Verizon’s security research team once again analyzed a voluminous amount of data breaches – 2,260 — from across a broad spectrum of industries and countries in an effort to identify the top threats facing organizations and consumers. Our investigative team looked at approximately 1,368 incidents in the financial services sector and of these 795 were confirmed breaches.

Of the nine incident classification patterns analyzed, just three categories accounted for 88 percent of all financial services security incidents.   The top three threat patterns that banks and other financial institutions will want to heed include:

  • Web application attacks – when cybercriminals inject malicious software into web-based applications – constituted 48 percent of all security incidents. This was largely due to the impact of the Dridex botnet in 2015, a particularly malicious strain of malware designed to break into bank accounts, which caused a spike in the number of incidents. Web app attacks are particularly challenging to detect since millions of legitimate customers are typically accessing banking websites at the same time.
  • Denial of Service (DoS) attacks – which use botnets to overwhelm networks with sheer volumes of traffic that bring activity to a virtual standstill – accounted for 34 percent of the incidents. DoS attacks are typically launched to disrupt operations at financial institutions and distract IT executives while other cybercrime is committed, or inconvenience customers which can harm a bank’s brand.
  • Payment card skimming – which involves attaching a physical device to an ATM, a point-of-sale terminal or a gas pump – accounted for 6 percent of the incidents in the financial services sector, though this method represented nearly one in ten of all confirmed data breaches. A key takeaway for retail banks is that the majority of skimming incidents can be prevented by focusing on security around their ATMs.

What can financial institutions do to protect against the Willie Suttons of the cybercrime world? Verizon Enterprise Solutions has created a special DBIR Financial Services report which includes additional information about the three threat patterns along with prescriptive tips for combatting each.

Download the Report

The full “2016 Data Breach Investigations Report” and additional resources supporting the research are available on the DBIR Media Resource Center.