Cybersecurity firm CrowdStrike said it detected a surge in attempted breaches of the financial service sector in the past year, with North Korean cyberattackers being the most aggressive state-sponsored hackers to aim at the industry.
The large uptick in attempted hacks of the financial industry stunned CrowdStrike, which tracked more than 215 adversaries for its 2023 Threat Hunting Report.
“In the past year, the volume of interactive intrusion activity against the financial service industry increased by over 80%,” the report said. “Defenders in the financial industry should watch this trend closely, as the increased volume of activity is matched by an increased diversity of threats.”
The rapid growth in attempted hacks of the financial industry put it as the top targeted sector — behind only technology.
CrowdStrike said the breakout time for cyberattackers to spread through a victim’s network reached its fastest speed of all time between July 2022 and June 2023, with the quickest hackers bursting throughout a network in seven minutes.
“We have seen a threat landscape that has grown in complexity and depth as threat actors pivot to new tactics and platforms, such as abusing valid credentials to target vulnerabilities in the cloud and in software,” CrowdStrike Senior Vice President Adam Meyers said in a statement. “When we talk about stopping breaches, we cannot ignore the undeniable fact that adversaries are getting faster and they are employing tactics intentionally designed to evade traditional detection methods.”
CrowdStrike found that North Korean adversaries were the most aggressive state-sponsored cyberattackers hammering the financial sector, with their sights aimed at financial institutions and financial technology organizations.
Financial institutions are at risk of attack from North Korea because the regime of Kim Jong-un needs funding. Top White House cyber official Anne Neuberger said in May that the Biden administration estimated that North Korea funded half its missile program via cryptocurrency heists and cyberattacks.
North Korean cyberattackers also want access to networks with sensitive information, seeking answers to complex questions traditionally provided by diplomats and intelligence officers in other countries. Cyber intelligence firm Recorded Future said in June it found North Korea’s top five most targeted industries since 2009 were government, cryptocurrency, media, traditional finance and the defense sector.
While North Korea’s financial motivation was straightforward for CrowdStrike to decipher, Iranian and Chinese hackers took different approaches.
“The diversity of sectors targeted by Iranian (KITTEN) and Chinese (PANDA) state-nexus adversaries are reflective of two distinct, but similar, tradecraft strategies,” CrowdStrike’s report said. “KITTEN adversaries increasingly rely on opportunistic exploitation of entities of interest, and PANDA adversaries continue to expand operations to achieve coverage across as many targets as possible.”
As digital defenders look to secure networks from cybercriminals and state-sponsored hackers in the future, CrowdStrike said a knowledge gap exists in properly securing cloud computing environments, given the rapid adoption of the tech by many organizations.
“As the technologies and security products that organizations rely on evolve, so too do adversary tooling and tradecraft — at an alarming pace,” the report said.
• Ryan Lovelace can be reached at rlovelace@washingtontimes.com.
Please read our comment policy before commenting.