International. The 2021 Application Protection report, conducted by the F5 company at the beginning of this 2021, analyzed the main security incidents reported to the F5 SIRT for the years 2018 to 2020.
Financial services organizations including banks of different sizes, credit unions, insurance companies, stock exchanges, investment funds, payment processors, consumer finance lenders, brokers and companies serving the financial sector, experienced the highest proportion of incidents attributed to password login attacks (46.2%) compared to all other sectors. They were third in the percentage of denial-of-service (DoS) incidents (36.1%). The last largest category was web-related attacks, at 6.3%.
Incidents of cyberattacks on banks
Banks are the largest segment in financial services incident data 2018-2020, accounting for 40% of records. Outside of financial services organizations, banks saw more DoS attacks (41%), well above the 36% average. However, password login attacks decreased (41%), five points below the 46% average. One possible reason for this is that banks have better anti-bot controls that mitigate password login attacks and therefore see fewer attacks than the average financial organization. Web attacks account for 6% of reported bank security incidents.
Of the password login attacks, the majority of incidents were reported as brute force (77%), and the rest (23%) were reported as credential-stuffing botnet attacks. DoS attacks were primarily web application attacks (36%), followed by volumetric network attacks (24%) and DNS DoS attacks (14%), and the rest uncategorized.
Incidents of cyberattacks on banks large and small
Using a bank asset size of $100 billion to differentiate between large and small banks, we found that large banks reported more DoS attacks. Of all the incidents reported by the largest banks, 44% were DoS, while only 37% of the incidents at the smaller banks were flagged as DoS. This is reversed for password login attacks, with smaller banks finding a higher proportion (48%), while larger banks saw only 36%. The incidents of web attacks reported were almost the same: large banks 6% and small banks 7%.
Incidents of cyberattacks on credit unions
Credit unions are owned by their customers, so they are much more focused on individual consumers than the average bank. 88% of reported incidents were password login attacks. This is almost double the average and much higher than what banks see. In these institutions, DoS attacks are well below average and account for only 8% of reported incidents. It could be because they are perceived to have less money to pay the ransom. Credit unions also saw about half the average web attacks, at 3%.
Incidents of cyberattacks on insurance companies
Insurance companies handle large amounts of money and sensitive financial data, so they have experienced large cyber attacks. Insurance companies reported above-average DoS attacks (60%), but their password login attacks were below average, at 27%, and slightly more than the average web attack, at 7%.
Incidents of cyberattacks for stock exchanges
Incidents of DoS attacks reported on the stock exchange registered 80%, well above average and web attacks by 20%.
According to Banixco, in Mexico, during 2019 the number of security incidents reported by financial institutions intensified. From an average of 1 report per quarter in 2018, the statistic increased to an average of 4 reports per quarter in 2019. Likewise, in addition to registering a greater number of attacks, it was observed that the affected services were more diverse, from electronic transfers to ATMs and, in the same way, the means of computer attack were also varied, from software violation, fraudulent operations executed by third parties working within the institution, theft of passwords, abuse of deficiencies in the validation of balances, violation of telecommunications equipment, among others.
In the first half of 2021, a change in the target of attacks has been observed, now heading towards the ATMs of institutions, taking advantage of vulnerabilities in the programs that control the delivery of banknotes. Of the ten incidents reported by financial institutions during 2021, eight correspond to these types of attacks. Ransomware attacks continue to be an element of concern for financial institutions in Mexico as their impact can stop the operation of organizations for days representing a growing risk to financial stability.
"We can see from this data that attackers continue to move away from traditional software vulnerabilities toward softer targets like password logins and APIs. With the help of our colleagues at F5 SIRT, F5 Labs will continue to monitor these events, looking for patterns that suggest changes and changes in the tactics of cyber attackers," said Carlos Ortiz Bortoni, Country Manager of F5 Mexico.
* The full report can be viewed by clicking here.
