Researchers warn APT about data breaches as a serious threat to the UK financial sector

Researchers say geopolitical tensions, ransomware, and cyberattacks using stolen credentials threaten the UK financial sector.

On Monday, KELA’s security team Report We will investigate cybersecurity issues and attacks that surfaced in 2021 and early 2022, with a particular focus on British banks and other financial services.

Britain was one of the first countries to confront Ukraine after Russia’s invasion. This could make UK organizations an attractive target for threat actors with Russia, whether they are state-sponsored Advanced Persistent Threats (APT) groups or hacktivists. Formerly National Cyber ​​Security Center (NCSC) Warning company To strengthen their cybersecurity following the Russian assault.

APT is often responsible for attacking the financial sector. Account credentials, card numbers, and customer personal identification (PII) are useful not only for social engineering and identity theft, but also for fraudulent purchases and card duplication.

APT targets organizations around the world, and organizations in the UK are no exception. Over the past few years, APT, including APT40 and APT31 in China, has exploited vulnerabilities, including ProxyLogon, to endanger businesses in the United Kingdom.

“In general, APT can target the financial sector, commit fraud, rob ATMs, execute transactions, and break into an organization’s internal financial system,” says KELA. “No specific threat to the UK financial sector has been identified, but there is no doubt that the UK was targeted by the APT Group in 2021.”

Public corporate information and leaked credentials are also noteworthy. After browsing the dark web forums, researchers discovered that UK data was “in demand” by cybercriminals seeking PII, access credentials, and internal data.

For example, in January 2021, a user of the ExploitIn forum requested a “UK database leak”.In the same Russian forum, another person said, “Bank leads for the UK including date of birth, name, bank name / sort code, address, zip code. […] The DOB must be between 1935 and 1955 this year.

From January 2021 to February 2022, KELA tracked nearly 16,000 unique leaked credentials linked to UK financial institutions that appeared online. This includes information leaked during RedCappi, ParkMobile, and Oxfam violations.

However, between 2021 and 2022, no UK organization took the top spot in the 14 violations with the highest number of leaked credentials. Instead, many of them were based in India.

“Because the UK plays an important role in the global economy and often serves international companies and organizations, violations related to foreign companies are likely to affect UK companies,” the researchers said. Et al. Said.

Selling network access is less common, but it also poses a threat to the UK financial sector. KELA has found about 60 instances of network access lists. It offered an instance of a UK fintech company with annual revenue of $ 5 million for just $ 300, and Russian traders advertised access to the UK company 13 times over the past year.

Ransomware is also a headache for UK financial institutions and services around the world. Cybersecurity companies have observed that in 2021, 135 British financial companies were experiencing a ransomware incident. However, these organizations may only be a fraction of the actual number, as they are only identified by ransomware blogs and leak sites, negotiation portals, and media coverage.

Conti, PYSA, LockBit, and Sodinokibi ransomware groups were the most active when targeting UK companies.

“This report sheds light on a variety of cyber threats to UK companies and organizations in general, especially to the UK financial sector,” the researchers said. “Until 2021, both financial companies and other UK companies were exposed to multiple ransomware attacks, and credentials and compromised accounts belonging to UK entities were often put up for sale on cybercrime forums. was.”

See also

Do you have a hint? Securely contact via WhatsApp | +447713 025 499, or key-based signal: charlie0

Source link