The opinions expressed here are those of the authors. They do not necessarily reflect the views or positions of UK Finance or its members.

Throughout 2023, NCC Group’s cyber threat intelligence team has found that the financial services (FS) sector continues to be a prime target for a host of different cyber threat actors, and the ever-evolving threat landscape means that organisations continue to have their work cut out for them when managing cyber risk. This is further backed up in IBM’s Cost of a Data Breach Report 2023, which found the FS sector was the second most impacted by the cost of cyber incidents in 2023.

Despite being an industry that is deemed to be more resilient to cyber threats, in most part due to maturing cyber security capabilities driven by increasing cyber regulations entering the sector (e.g. DORA), NCC Group continues to observe and help their FS clients recover from increasingly sophisticated cyber-attacks.

In previous years, criminals would directly target financial organisations to gain direct access to funds in order to steal them. However, throughout 2023 it has become increasingly apparent that ‘data’ is the key commodity for cyber criminals. Leveraging data for extortion purposes, or the sale of this data are now predominant ways in which criminal groups can monetise their activities, and this is no different when it comes to the targeting of Financial Services.

The data held by FS organisations, whether retail banks, wealth management, or insurers is usually highly sensitive in nature. Confidentiality, integrity and availability of this data is therefore paramount for organisations to maintain operations. As such, any breach can have significant financial implications and long-term impact on an organisation’s reputation.

The use of ransomware, and particularly double-extortion activity, has had a significant impact on financial services in 2023. In 2023, NCC Group tracked a record number of incidents where an organisation’s data had been leaked as a result of a ransomware incident. Examples included the use of Lockbit in targeting Indonesia’s BSI Bank, and more recently another attack using Lockbit impacted The Industrial and Commercial Bank of China (ICBC).

Of course, the impact of a ransomware incident is not only limited to the encryption and leaking of data. This leaked data provides other criminals with an opportunity to conduct further targeted attacks or fraud.

2023 also saw an increase in the activity of ‘Initial Access Brokers’, the name given to individuals or groups that focus their activity on ‘breaking-in’ to an organisation and selling illegal access to the highest bidder. NCC Group’s analysis suggests this increase in activity is partly due to the successes of ransomware operators.

Cyber-attacks against financial services are not limited to that of cyber criminals. Since the start of the conflict in Ukraine in 2022 and amidst the ongoing geo-political tensions in the region, hacktivist activity against financial institutions and other Critical National Infrastructure remains a genuine threat. At the beginning of 2023, several pro-Russian hacktivist groups joined forces to launch a series of Distributed Denial of Service attacks against financial institutes across Europe. Such attacks have also been launched by groups with allegiances to Ukraine.

In late 2023, several national cyber security centres across the globe also highlighted the ongoing threats from Foreign Intelligence Services (FIS’s), and particularly espionage campaigns targeting Critical National Infrastructure, including financial services. Financial intelligence about individuals and business continues to be a valuable asset to FIS’s and organisations operating in the FS sector continue to be the target of such activities.

How to keep secure in 2024

The ever-developing list of bad actors with malicious use for sensitive financial information puts financial services organisations at the centre of a growing web of cyber threats. Today, this comes from an array of cyber criminals, Foreign Intelligence Services and hacktivist Groups which will only continue to grow in tomorrow’s landscape.

However, the focus for organisations must be on the vulnerable infrastructure, people, and supply chain issues which open the door to cyber incidents and infiltration from these actors.  This requires particular attention to be paid to their external attack surface, and the technical vulnerabilities and sensitive data exposure which leave financial organisations vulnerable. For a sector dealing in huge financial risk and data sensitivity, the stakes are too high not to dig beyond the surface.

NCC Group recently shared its Annual Cyber Threat Monitor Report, which reviews the key events that shaped the cyber landscape in 2023 and looks ahead at the year to come. The company also releases a free monthly Threat Intelligence newsletter and hosts a webinar (known as the ‘Threat Pulse’) to discuss the latest findings in greater detail. If you would like to learn more about NCC Group click here.

Read the Annual Cyber Threat Monitor Report.

Or you can sign up to the newsletter and webinars by visiting us here.