Financial services firms in particular are "lucrative targets for online criminals," according to Cisco's 2017 Midyear Cybersecurity Report. Malware authors are specifically targeting financial firms with malware like Dridex and the Zeus Trojan, according to the report.
Meanwhile financial firms are trying to integrate new technology with legacy systems using disparate vendors and products. Cisco found almost 60% of financial firms are using at least six different technology vendors, and two-thirds are using six different security products. However, the report also found it was "common" to see one firm using as many as 30 different vendors.
Their obligation to be compliant as well as secure adds another layer of pressure on financial firms. "In various heavily regulated industries, there's a tendency to believe that meeting compliance requirements will resolve security issues," according to Cisco. However, regulations "are only part of the solution for stopping security breaches and providing threat analysis."
Less than two-thirds of firms have a formal security strategy in place, Cisco found, and less than half are following a standardized cybersecurity practice. Furthermore, despite regulators stated interest in firms' analysis of their vendors' cybersecurity protocols, just 37% said they require third parties to employ the ISO 27001 security standard.
Here are six threats to beware of, according to the report:
1. Exploit Kits
Cisco found use of exploit kits, which look for vulnerabilities in networks, have declined dramatically since January 2016. However, the report warned that one of the leading kits, Neutrino, still surfaces from time to time. Another kit, RIG, targets Adobe Flask, Microsoft Silverlight and Microsoft Internet Explorer, according to the report.
Automatic security updates have helped keep threats from exploit kits at bay, and hackers are turning back to that old exploit stalwart, email, to deliver malicious code.
2. Malware, Spyware and Ransomware
In the first half of 2017, Cisco found, malware is increasingly being delivered in ways that require users to take an action in order to circumvent malware detection software. Ransomware is being created using open source or as a service, making it easy and cheap for attackers to initiate campaigns.
Cisco called modern advertising software "spyware," noting that vendors may try to sell it as a legitimate tool with end-user license agreements, but "no matter how they try to spin it, spyware is nothing more than malware." Cisco found that between November 2016 and March 2017, about 20% of companies were infected with three spyware families: DNS Unlocker/DNSChanger, Hola and RelevantKnowledge.
While spyware products may look like legitimate products, and aren't "typically considered a significant security risk," Cisco noted that their true purpose — to gather and track information on users — makes them inherently dangerous. "Spyware companies are known to sell or provide access to the data they collect, allowing third parties to harvest information with relative anonymity. That information can be used to identify critical assets, map internal infrastructures in organizations, and orchestrate targeted attacks," according to the report.