The Escalation from Dwell to Destruction
There has been a fundamental restructuring of cybercrime cartels thanks to a booming dark web economy of scale. Powerful cybercriminal groups now operate like multinational corporations and are relied upon by traditional crime syndicates to review film carry out illegal activities such as extortion and money laundering. Cybercrime cartels are more organized than ever before and enjoy greater protection and resources from the nation-states that view them as national assets.1
With this ground truth serving as the backdrop for the threats facing financial institutions, I interviewed 130 financial security leaders and CISOs from around the world for the fifth edition of the Modern Bank Heists report. This year’s findings should serve as a warning to the financial sector that attackers are moving from dwell to destruction.
Geopolitical Tension Is Metastasizing in Cyberspace
Cybercriminals targeting the financial sector often escalate their destructive attacks in order to burn evidence as part of their counter incident response. Our report found that 63% of financial institutions experienced an increase in destructive attacks, a 17% increase from last year. Destructive attacks are launched punitively to destroy, disrupt, or degrade victim systems by taking actions such as encrypting files, deleting data, destroying hard drives, terminating connections, or executing malicious code. In fact, we’ve recently witnessed destructive malware like HermeticWiper being launched following Russia’s invasion of Ukraine. Notably, the majority of financial leaders I spoke to for this report stated that Russia posed the greatest concern to their institution.