Cybersecurity Threat Landscape for the Finance and Insurance Sector in H1 2023

?? Introduction:

The finance-and-insurance sector holds a vast amount of sensitive personal and financial data, making it an appealing target for cyber threat actors. Among these malicious actors, financially motivated cybercriminals are particularly active, employing tactics such as phishing emails, ransomware, and banking trojans. During the first half of 2023 (H12023), the sector experienced significant challenges with 189 organizations from this domain appearing on data-leak websites associated with ransomware groups. Let's delve deeper into the #threatlandscape faced by the finance-and-insurance sector and highlight key actors and their potential activities.

?? Ransomware Threats:

Compared to other sectors, the finance-and-insurance industry stood out for being targeted above the average by the top five most active ransomware groups in H1 2023: "Clop," "LockBit," "Alphv," "Basta," and "Akira." Among these groups, LockBit posed a substantial threat to the sector due to its relentless targeting and ongoing development of ransomware strains. The consistent focus on the finance-and-insurance sector makes LockBit a formidable adversary for organizations operating within it. #RansomwareThreats #CyberAttacks

?? APT Groups in the Spotlight:

Apart from ransomware groups, the finance-and-insurance sector faced threats from Advanced Persistent Threat (#APT) groups. Notably, the North Korea-linked Lazarus Group and the pro-Russia hacktivist collective Killnet posed key threats during H1 2023.

Lazarus Group, known for targeting financial entities, had a particular interest in cryptocurrency companies as part of financially motivated campaigns. The group's activities likely aimed at generating funds for the North Korean regime, which faced restrictions due to international sanctions. #LazarusGroup #CyberEspionage

Killnet, on the other hand, issued threats against the European banking sector during H1 2023, with a focus on disrupting the SWIFT network, a critical backbone for financial transactions. #Killnet #Hacktivism #CyberThreats

?? Anticipated Threats in H2 2023:

As we move into the second half of 2023 (H22023), the finance-and-insurance sector is likely to continue facing financially motivated cybercrime as the most significant threat. Killnet's claims of launching attacks against the European banking system warrant heightened vigilance from organizations in this sector.

Furthermore, APT groups are expected to maintain their focus on the finance-and-insurance sector at similar levels. Any attacks conducted during H1 2023 will likely be detected, prompting these groups to adapt their tactics for H2 2023. #CybersecurityPredictions #CyberDefense

?? Conclusion:

The finance-and-insurance sector remains a prime target for cyber threat actors due to the wealth of sensitive data it holds. As the threat landscape continues to evolve, organizations within this sector must adopt robust cybersecurity measures to protect themselves against ransomware attacks, phishing attempts, banking trojans, and APT campaigns. Raising awareness about these threats and staying updated on emerging cyber tactics is crucial in fortifying the sector's cyber defenses. #CyberSecurityAwareness #DataProtection #StaySafeOnline

This is a typical report that we provide with our DRP partner to our customers. In addition to that various other value-add services are available in a pick&choose approach. If you want to learn more about the digital risks out there, have a quick glance to our Threat Detection Response service DRPaaS https://www.swisscom.ch/drp