New research from Digital Shadows shows how cybercriminals are increasingly setting their sights on asset and wealth management companies (AWM). The assets under management by AWM companies are set to grow by up to 5.6% a year by 2025, to USD 147.4 trillion, which presents a lot of financial upside for attackers.

Not only AWM companies possess valuable client information, but valuable intellectual property to protect, as well as investment strategies and mechanisms that can be exposed by competitors, third parties or insider threats within the company. 

One possible reason for the increasing focus on AWM companies is because traditional financial institutions – primarily banks – are investing more heavily in mitigation in the wake of repeated cases of fraud, extortion, and theft at the hands of cybercriminals, says Digital Shadows. However, AWM companies, which often control a similar amount of capital as banks, tend to operate with a smaller budget and a smaller staff, leaving them more exposed to data breaches and the reputational and financial damages that come with it. Among the most pressing cybersecurity threats in 2021 are:

  • Data loss to ransomware variants “Sodinokibi” and “NetWalker."
  • Impersonation through Business Email Compromise (BEC) including payroll scams, invoice fraud, and dual impersonation.
  • Impersonation through spearphishing and voice phishing.

Digital Shadows also provides a 2021 threat outlook so AWM companies can plan for likely threats, in addition to mitigation techniques to thwart ransomware attacks, BEC schemes, and spearfishing campaigns:

  • Ransomware prices will increase as more large organizations are targeted, while small and medium sized businesses will suffer the majority of attacks. Digital Shadows continues to observe more ransomware attacks targeting small and medium-sized organizations such as AWM companies in the financial services sector. This is likely owing to the fact that they have fewer resources dedicated to cyber-security practices, such as patch management, user awareness, and tools intended for intrusion detections/prevention (IDS and IPS). 
  • Initial access brokers will continue selling access to financial firms. Dark-web cybercriminal forums such as Exploit, XSS, and others will likely remain active in selling network access to AWM companies. Although cybercriminals typically do not name the companies to which they are selling access, these firms are often identified by attributing them to a specific country and listing their revenue or employee headcount. Access sold to organizations can be used to monetize additional company data or launch future cyber attacks for financial gain.
  • BEC and impersonation campaigns will adapt to changing current events. Threat actors aggressively exploited the COVID-19 pandemic in 2020, using it as a theme to launch cyber attacks across all sectors. For example, phishing emails with subject lines related to COVID-19 have a higher rate of open. As a potential return to normality begins to take shape later in 2021, threat actors will likely conduct impersonation campaigns centered on changing current events. Firms in the AWM industry should be aware of threat actors targeting their remote workforce, as they would likely be the target of phishing campaigns casting a “wide net” of fraudulent emails that could lead to credential theft or VPN theft.

Digital Shadows also suggested security mitigation strategies, which can be found here