Three Reasons Why Cybercriminals Attack Financial Institutions
Cybercrime and threats continue to be at an all-time high. An attack on a financial institution resulting in the loss of data can have a devastating effect on the organization’s revenue and reputation. In addition, the amount of time and money needed to resolve these attacks can be significant.
While we hear about cybercriminals and the effects of cybercrime, we’re left wondering, why do these criminals attack? In years past people would say cybercriminals attacked for the fun of it. However, now people turn to hacking for a variety of financial, political, and ideological reasons.
Three of the top reasons cybercriminals attack include:
Bragging Rights or Power
Some attackers, be it individuals or members of a larger group, will target large, well known organizations with the hope that the resulting recognition or publicity will give them bragging rights within the hacker community. This was best illustrated by attacks perpetrated by a teenager named Michael Calce (aka MafiaBoy) in early 2000. These attacks brought down large websites such as Yahoo, eBay, and Dell. Calce was later arrested after bragging about his attacks on the internet via IRC.
Political or Personal Agendas
Some attackers target particular companies, websites or governments as a way of drawing attention to their own political beliefs or personal grudges. In many cases, the attackers are disgruntled employees (or former employees) of an organization looking for revenge. Other attacks in this category can be attributed to nation states who are acting on political agendas.
An example is Blue Security and its anti-spam product, Blue Frog. Attackers did not like that the organization was blocking spam so they launched a distributed denial of service (DDoS) attack on the company and the organization shut down.
One of the largest DDoS attacks was launched against KrebsOnSecurity.com in retaliation for a series the site produced on the takedown of the DDoS-for-hire service, which coincided with the arrests of two men.
In today’s market, cybercriminals have found it lucrative to readily sell stolen data on the black market. Or, attackers will penetrate organizations as a form of extortion, demanding payment with a deadline with the threat of an ensuing DDoS attack. Recent FBI statistics indicate that hackers were able to successfully extort more than $209 million in ransomware payments from businesses and financial institutions in Q1 2016 alone. While we hear about attacks on larger well-known organizations, it can actually be more profitable for an attacker to target smaller, lesser known organizations since their security measures might not be as tight.
Community banks and credit unions cannot be complacent when it comes to protecting themselves and the sensitive information they hold. It is critical to defend your institution with a variety of security layers, not only firewalls and anti-malware, but additional security layers designed to guard against cybercrime. Safe Systems’ proprietary solution, Rogue Actor Detection (RAD), designed specifically for banks and credit unions, enables financial institutions to identify when an intruder is present, identify curious internal employees, identify rogue internal employees, and uncover suspicious activity before any damage is done.