Organizations in the financial services industry are actively being targeted by threat actors who leverage customer information to steal profiles, drain funds, and commit identity fraud. This exploitation isn't limited to big banks or those dealing with credit card theft. It's happening pervasively in corners not previously considered a prime target.
Organizations are being attacked at an increasing frequency and seldom realizing the impact until a substantial amount of funds have been drained from accounts. In this case, it is an increase in exploitation against applications designed to help customers track down lost or forgotten financial assets. While not perceived to be as intense or high stakes as an application supporting daily banking, these applications coming under attack host equally lucrative information as a bank and pose similar risk to the organization. Although there are smaller dollar amounts per transaction, the volume of transactions provides adversaries an opportunity to make out with millions of dollars in stolen funds.
The primary target is webpages that allow for account information or profile information lookup. This is where users could enter personal information to see if there is a record match inside the application. Upon successfully matching datapoints such as first and last name, social security number, insurance number, or date of birth, users are then offered an opportunity to re-claim their financial profile.
For attackers, this kind of profile lookup page is ideal. By leveraging bots, they can easily perform reconnaissance and build a list of targets in a matter of seconds providing the adversary with a targeted and confirmed list of accounts to compromise.
There are many situations where threat actors can target your data. Here are some examples:
What can these types of organizations do to reduce their risk?
- Establish cybersecurity assessments of your applications by prioritizing security around profile lookups and logins. Consider technical vulnerabilities alongside potential flaws in business logic.
- Establish a contemporary security posture with revised technology and processes to counter botnets from the perimeter through to monetization.
- Employ digital risk protection capabilities like cyber threat intelligence to monitor criminal forums and marketplaces for activity concerning the organization or its customers.
- Improve your incident detection, management, and response process to ensure rapid detection, containment, and recovery from botnet exploitation.
BDO can help you achieve peace of mind knowing that your organization is far less vulnerable and more resilient to this lurking and pervasive threat. We can help you build detection capabilities, and model scenarios for early detection before funds are drained.