Recent trends reveal an alarming increase in sophisticated cyberattacks targeting the financial sector. In 2023, the financial sector was one of the top five sectors most impacted by ransomware, with reported incidents of unavailable systems, disrupted operations, reputational damage, and financial loss. Many cyberattacks have impacted financial institutions over the last six months, including a cyberattack and subsequent breach of mortgage lender giant Mr. Cooper , which exposed nearly 14.7 million customers’ personally identifiable information (PII). Additional financial institutions impacted by recent cybersecurity incidents include fintech firm EquiLend and mortgage firm LoanDepot . The critical nature of financial services and operations, coupled with the increased digitalization and the sector’s reliance on critical third-party service providers, make financial organizations high-value targets for fraud, phishing, ransomware, and extortion campaigns. The challenge of safeguarding sensitive financial data against sophisticated threats is compounded for community banks that may have limited resources. The financial sector is largely targeted by phishing campaigns, likely due to the massive adoption of the phishing-as-a-service (PhaaS) model. QR code phishing campaigns associated with PhaaS, such as Dadsec OTT, Tycoon, and W3LL Panel , often target financial organizations. Business email compromise (BEC) campaigns leverage novel tactics, techniques, and procedures (TTPs), such as third-party targeting and open-source software supply chain campaigns. For example, at least 57,000 Bank of America customers were affected in a breach, which occurred when an unauthorized third party accessed its technology partner, IMS systems. A cybersecurity incident also impacted Prudential Financial following a third-party vendor breach due to the MOVEit vulnerability. Analysts identified that some incidents may have intentionally coincided with significant mergers and acquisitions.

Additionally, mobile device malware, such as the recently identified Anatsa Android banking trojan and GoldPickaxe, is increasingly used for bank fraud. State-sponsored cyberattacks also pose a unique threat to the financial sector. These attacks are often highly sophisticated and well-funded, aimed at destabilizing financial systems or stealing sensitive economic information. The financial sector is the fourth most targeted sector by North Korean intrusion sets, particularly conducting operations against decentralized finance (DeFI) services and cryptocurrency to bypass sanctions. These large scale cybersecurity incidents may disrupt a country’s financial infrastructure and reduce confidence in financial markets – essential for global economic health – potentially threatening political stability.

Recommendations

The NJCCIC recommends users and organizations exercise caution with unsolicited or suspicious communications, even from known senders, and only submit account credentials on official websites. If you are unsure of the legitimacy, contact the sender via a separate means of communication – such as by telephone – obtained from trusted sources before taking action. Also, regularly keep systems and software up to date after appropriate testing, review privacy settings for accounts and devices, maintain awareness of installed applications, and only grant necessary permissions.

Reporting

Report any malicious cyber activity to the NJCCIC via the cyber incident report form at www.cyber.nj.gov/report. If you have any questions don’t hesitate to contact us here at Cyber Command.