Seattle Computer Repair by Emerald City IT
enardeitjaptrues

(206) 657-6685

Cyberattacks at Banks and Financial Services Organizations, and a Look at Open Banking

Details
Support Field: Computer Repair and Tech Support
Support Category: Virus, Spyware, & Malware Removal

Cyberattack Incidents at Financial Services Companies

Like payment processors, financial services companies are private companies that serve the financial sector by providing data processing for banks, credit unions, and other financial institutions. They can perfo rm loan analyses, credit ratings, check printing, data storage, or analytics. Basically, they provide any outsourced service except payment processing (the previous category).

Overall, these companies saw just about less of everything: they were way below average in DoS incidents at 38%, way below average in password login attacks at 25%, and reported no web attack incidents at all. This left an unusually high number of incidents we bucketed under “miscellaneous” for things like web scraping and malware infections. The financial organizational average for miscellaneous incidents was 5%, while financial services companies clocked in at 38%. In terms of security incidents, these kinds of companies do not look like other financial services companies. In fact, the only other industry that has a comparable proportion of miscellaneous incidents is health care, at 26%. One thing to keep in mind: this data is a slice of a slice of data, so we don’t have the same level of confidence in our conclusions that we would for larger data sets.

Cyberattack Incidents at Investment Funds, Consumer Finance Lenders, and Brokerages

We combined direct consumer finance lenders, stock brokerages, and investment funds since their data was smaller, and they had similar attack patterns to each other. This group reported a high percentage of password login attacks (80%) with the rest of the incidents being DoS attacks.

API Attacks and Open Banking

About 6% of our financial services cyber incident data from 2018 to 2020 involved attacks on APIs. For more information on APIs, refer to our learning series on what APIs are and why they matter.

More than half of the reported API security incidents (55%) happened in 2020. API security incidents are rising and are likely to continue to increase. We also saw 50% more API incidents in the financial sector than any other sector, as the industry average was 4%.

Figure 3 provides an overview of all API-like security incidents reported to the F5 SIRT from 2018 through 2020. These incidents were nearly all password login attacks, which were split evenly between credit unions and banks. Also note that all the API incidents involved APIs that serviced mobile banking clients.