The financial sector has become more susceptible to cyberattacks

The number of cyberattacks on the financial sector increased by a third over the year and reached 9,000. The greatest threat to the industry is attempts to scan internal networks for cyberintelligence purposes, exploitation of vulnerabilities and infection with malicious software. This was reported to Izvestia on February 18 by experts of Solar JSOC center of counteraction to cyberattacks of Solar Group, having analyzed the data of the monitoring service for 2024.

Network attacks accounted for 27% of confirmed incidents, while a year ago their share was 14%. The majority of such incidents involved unauthorized internal network scanning, i.e. attackers exploring the victim's internal network: web applications, systems and devices. The facts of network attacks indicate that hackers have already overcome the external perimeter of the organization and are trying to develop an attack inside, having previously conducted cyber reconnaissance.

The share of vulnerability exploitation, on the other hand, has decreased, from 36% to 27%. They are used by hackers at all stages of attack development: during hacking attempts, during horizontal advancement through the network and privilege escalation on the host, and during attempts to compromise the bank's systems within the infrastructure. And an established vulnerability management process remains the foundation for building a secure infrastructure.

Malware infections round out the top incidents, with the share rising from 8% to 14% over the year. Even though the financial sector is more resilient to such threats than other industries, viruses can still cause serious damage to organizations.

Confuse the Networks: software failures at the end of the year were most frequently recorded in retail and logistics

Difficulties arise from the departure of software vendors and increased attacks, experts say

According to data from the Solar 4RAYS Cyber Threat Research Center's Sensor and Honeypot Network, among all companies that show signs of malware infections, banks account for just 4%. Remote access tools - Remote Administration Tools (RATs) - pose the biggest threat to the industry. They account for 37% of all infections. Depending on their functionality, such malware allows hackers to remotely control the attacked system, including changing and uploading data, taking screenshots, and changing equipment settings.

Another 19% of incidents are related to styler virus attacks. This is malware that collects information from infected infrastructure in an automated mode. And 15% - with the activity of APT-groups.

"In the financial sector, the level of protection against basic threats is higher than in other industries. That's why APT incidents are in third place here, while in other industries it is top-1 among threats. However, banks are of interest to highly skilled attackers who realize sophisticated targeted attacks. The growth of internal scans shows that hackers are carefully preparing for such cyber attacks, trying to study the victim's infrastructure in order to plan their next steps. That is why a timely detected network attack will help prevent fatal consequences for the company," - said the director of the center of counteraction to cyberattacks Solar JCOSVladimir Drukov.

Earlier, on January 13, it was reported that in Russia 65% of the analyzed companies have a low level of security. Attacks on them can cause critical damage, lead to the suspension of key business processes and financial losses. This is stated in the results of a study by the information security company "Bastion".