Written by:
Matthew Delman Financial services organizations have long been a major target for threat actors. The credit card information and personal data, like bank account numbers and Social Security Numbers, that banks and other financial institutions store make it easy to facilitate identity theft and fraudulent transactions among other illicit goals. There were 744 data loss incidents in the banking sector in 2023, according to Statista research, indicating the popularity of the sector among threat actors.
The impact of these attacks is substantial, with IBM finding that the average cost of a data breach in financial services is $5.9 million. This is the second-highest cost when broken out by industry, second only to the healthcare industry.
Two recent breaches are indicative of the potential risk facing financial institutions: the Infosys McCamish Systems attack and the email compromise at the International Monetary Fund.
Infosys McCamish: A Spreading Supply Chain Attack
Infosys McCamish Systems in November 2023 revealed that they experienced a ransomware attack that left several systems and applications inaccessible. As of March 2024, the attack has already impacted customers Bank of America, Fidelity Investments, and TIAA. These three customers of Infosys McCamish combined had nearly 100,000 customer personal information exfiltrated from their databases because of the attack.
The ransomware attack on Infosys McCamish also led to operational shutdowns at TIAA. Specifically, TIAA said in a regulatory filing that the attack led to a “temporary suspension of our ability to process contract transactions and the shutdown of our online systems.” This created significant operational challenges for the insurer.
More than 57,000 Bank of America customers had their personal information stolen because of the attack. The most direct impact was in Bank of America’s deferred compensation plans, and yet customer data was still exfiltrated because of the compromise at Infosys McCamish. Fidelity Investments had a similar situation, with data on nearly 30,000 customers of its Fidelity Investments Life Insurance brand being stolen in the attack.
Infosys McCamish is the main arm of Infosys that provides software and services to life insurance companies. The cascading impact of this ransomware attack on the company is a perfect example of how threat actors can use vendors to leapfrog to their customers’ systems and exfiltrate personal information.
International Monetary Fund Email Compromise Triggers Alarms
The International Monetary Fund (IMF) announced recently that it’s investigating a cyberattack which resulted in the compromise of 11 email accounts. There’s no indications that any data was exfiltrated at this time, and the IMF said that the accounts did not belong to the Managing Director or any other member of the leadership team.
The IMF reported the breach in the interest of transparency. Back in 2011, the Fund experienced an attack so damaging that the World Bank cut off secure network links to the Fund. That was the last major cyberattack that the IMF experienced.
According to statements from the Fund, the 11 compromised email accounts were re-secured and the investigation is still ongoing. Email compromises of this nature could have enabled attackers to send malicious emails to other members of the IMF, triggering further data compromise. It also could have allowed threat actors to use internal systems that these employees had credentials for.
It remains to be seen if there will be any additional impacts of this attack.
How Sotero Helps Secure Financial Firms
The Sotero data security platform is designed to reduce the risk of ransomware and respond quickly to threats in-progress. It combines features like data security posture management and data detection and response into a single, powerful solution that uses machine learning to categorize critical data and ensure that security teams have the best protection possible on their systems.
Sotero’s ransomware protection takes 77 seconds to detect, isolate, and stop attacks in progress. This saves critical data from being encrypted, short-circuiting the ability of threat actors to achieve their goals. Moreover, Sotero’s solution continuously monitors data security posture and dynamically adapts to emerging threats. This ensures that any data security measures remain up-to-date and effective, enhancing overall cyber resilience.
Financial firms remain under constant attack from threat actors. They have the funds to pay the ransoms that financially-motivated cybercriminals demand to restore data access, and possess the data that these ransomware gangs want. It’s imperative that these firms deploy a data security solution that can detect attacks in progress and respond at speed, ensuring that their customers’ personal data remains protected.
The attacks aren’t going to stop. Financially-motivated cybercriminals will continue to use ransomware and the threat of exposure to demand money from financial institutions. They will also continue to use other tools, like email compromise, to achieve their goals. It’s vital that financial services firms, like insurance, banks, and credit unions deploy a solution like Sotero to ensure that they are protected against all comers.