A new report sheds light on the distinctive cybersecurity risks facing financial services organizations. The report, “2023 Financial Services Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies,” explores the specific threats and risks the financial services industry faces.

In its new research, Trustwave SpiderLabs documented the attack flow utilized by threat groups, exposing their tactics, techniques and procedures. From email-borne malicious attachments to abuse of valid accounts, these persistent threats pose significant risks to the financial services sector.

Financial services organizations are attractive targets because of the elevated potential for monetary gain. Serving as repositories of wealth, this sector is rich with opportunities for cybercriminals, who exploit them for financial gains through extortion, theft and fraud. In addition to the money itself, the financial services sector stores large volumes of sensitive data, including customer information, financial records and intellectual property.

The new report analyzes threat groups and their methods throughout the attack cycle, from initial foothold through to exfiltration.

Key report highlights

• The Clop threat group accounted for 39% of ransomware incidents targeting the financial services sector.
• A majority of the targeted financial services companies reporting a breach are from the U.S. (51%) with India (9%), and Russia/Mexico (7%) coming in a far second and third, respectively.
• HTML attachments make up 78% of the file types being used for email-borne malware attachments. 33% of these HTML files employ obfuscation as a means of defense evasion.