Financial Services Sector Faces Heightened Cyber Threats

Sophisticated threat actors are increasingly targeting the financial services industry with ransomware attacks and data extortion tactics, despite heightened security investments.

The financial services sector is under increasing cyber threat as ransomware attacks and data extortion tactics pose significant risks, according to a white paper by the QBE Cyber Threat Intelligence Team. Despite their heightened security investments, even major financial institutions are falling victim to sophisticated attacks that disrupt operations and compromise sensitive customer information.

Ransomware remains the top threat to all organizations, including those in financial services, in terms of likelihood and potential impact. The criminal ecosystem has evolved to enable threat actors to easily gain access to corporate networks through various methods like exploiting vulnerabilities, phishing and purchasing credentials on the dark web. Advanced threat actors are consistently adopting new and effective techniques to evade detection, steal data and deploy ransomware enterprise-wide.

Much of the ransomware landscape is dominated by the ransomware-as-a-service (RaaS) model. This is reflected in the interplay between initial access brokers who gain entry to networks, affiliates who carry out the attacks and RaaS operators who provide the ransomware infrastructure. In 2023, the financial services sector was the fourth most targeted, with 346 victim organizations listed.

Several notable ransomware incidents impacted the financial sector in 2023 and 2024:

In February 2023, the ION attack by LockBit disrupted derivatives trading.
The Latitude Financial extortion attack in March 2023 compromised the personal data of 7.9 million customers.
From March to July 2023, the Clop ransomware group exploited the MOVEit vulnerability, impacting roughly 100 companies.
In November 2023, a spate of attacks potentially linked to the Citrix Bleed vulnerability breached companies including ICBC, TCW, MeridianLink and FNF.

Evolving Tactics Enable Threat Actors to Infiltrate Networks

The direct exploitation of vulnerabilities in external-facing infrastructure remains a primary intrusion vector for threat actors targeting financial services organizations.

In 2023, zero-day vulnerabilities in widely used applications like MOVEit and Citrix NetScaler enabled widespread attacks before patches were available and implemented by organizations. The exploitation of these vulnerabilities led to spikes in the number of victims, catching many large organizations off guard. As the technical proficiency of organized crime groups grows and zero-day vulnerabilities become more readily available, the window for organizations to patch disclosed vulnerabilities is shrinking.

Phishing also continues to be a top tactic, as threat actors are constantly adapting their malware delivery methods to evade detection. According to a recent report by Egress, the finance sector is among the most targeted, alongside legal and health care. Business teams in finance, accounting, HR and marketing are the most frequently targeted. Threat actors are increasingly using HTML, PDF and Word attachments containing links to malicious sites and files hosted on trusted sharing platforms like Dropbox and Google Drive. The emerging use of artificial intelligence for more effective phishing campaigns is another concerning trend.

Credential theft and the use of compromised credentials remain effective tactics for infiltrating networks. Threat actors employ various methods — including stealer malware, password guessing, credential-harvesting pages and initial access brokers — to obtain valid credentials. Even multifactor authentication (MFA) is not foolproof, as threat actors have found success with bypass techniques like MFA fatigue attacks and the use of reverse proxy phishing kits.

Web compromise tactics, such as fake software update alerts and malvertising, trick users into installing malware by imitating legitimate brands or applications. Financial services organizations should be vigilant for fake websites that appear to be offering tools or software applications commonly used by their employees.

Supply chain attacks can lead to widespread impact in the financial sector. Scenarios include breaches of data hosted by third parties, compromises of managed service providers and breaches of software supply chains.

The risk of threat actors injecting malicious code into open-source software components is also a growing concern. In 2023, security company Checkmarx reported on malicious code packages uploaded to NPM, a JavaScript package hosting platform, specifically targeting the banking sector.

Geographic Hotspots and Threat Implications

North America

The United States is a prime target for ransomware attacks, as large financial institutions are particularly attractive to threat actors seeking big payouts. There are indications that some of this activity may be directed by Russian intelligence services with the aim of disrupting the U.S. financial sector.

South America

The South American region is known for the prevalence of dangerous banking trojans that target individuals and their financial information. Malware strains such as Casbaneiro, Guildma, Mekotio, Grandoreiro and the recent Chavecloak trojan are designed to infect users’ personal computers and mobile devices to facilitate banking fraud, with a particular focus on Brazilian users.

Ukraine & Europe

The financial services sector in Ukraine and Europe has been targeted by both nation-state actors and hacktivists in the context of the ongoing Russia-Ukraine conflict. Ukrainian intelligence services and pro-Ukrainian hackers have launched counterattacks against Russian financial institutions, and there is a risk that large-scale disruptive attacks, such as wiper malware, will be deployed by Russian APT groups against Western financial infrastructure. Pro-Russian threat actors have also conducted DDoS attacks against European and U.S. financial institutions, although these have generally had a low impact.

Middle East & Africa

In 2023, the financial sector in the Middle East and Africa region was one of the most targeted by threat actors. The region has seen a rise in impersonation scams, including attackers creating fake social media and messaging app accounts to impersonate executives and attempt to steal sensitive data or funds.

Asia & Australia

Some threat actors may perceive organizations in Australia and New Zealand as softer targets compared to their counterparts in Europe or North America, despite the significant steps taken by these countries to bolster the cybersecurity resilience of their critical sectors. Geopolitical tensions surrounding China’s aspirations over Taiwan have driven a significant amount of espionage activity against Taiwanese, Asian and U.S. organizations. While the financial services sector may not be the primary focus for Chinese threat actors, it still represents a critical industry that they likely seek to infiltrate.

Financial Services Vigilance Is Required

Despite the financial services sector’s more mature security measures, it will likely remain a top target for financially motivated and nation-state threat actors in the coming year.

While the role of artificial intelligence in bolstering threat actor capabilities is still being assessed, intelligence agencies and firms like Microsoft believe that while AI can help improve the efficiency and effectiveness of tactics like social engineering, code development and vulnerability research, it has not yet been observed to provide threat actors with novel, more dangerous or undetectable malware that cannot be countered.

Nevertheless, financial services organizations should continue to monitor advances in AI-enabled cyberattacks closely in case this situation changes.

To learn more and read the full text of QBE’s report, visit https://www.qbe.com/us/cyber.

This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with QBE North America. The editorial staff of Risk & Insurance had no role in its preparation.

QBE North America is a global insurance leader focused on helping customers solve unique risks, so they can focus on their future. QBE operates out of 27 countries around the globe, with a presence in every key insurance market. QBE insurance companies are rated "A" (Excellent) by A.M. Best and "A+" by Standard & Poor's.

Principles of Corporate Resilience

How an accelerating risk environment is raising the stakes for risk managers — and how carriers are responding.

By: Liberty Mutual Insurance | December 4, 2024

The nature of risk is evolving. It has become more volatile, interconnected, and intense, as reflected in the heightened frequency and severity of losses experienced by businesses and their insurance carrier partners.

2023 was the warmest year on record. Cybercrime is escalating at the same time that generative A.I. has begun transforming our economy. All this amidst two kinetic wars, persistent economic inflation, and rising legal system abuse.

“We’re all facing a future that is more uncertain than we have previously faced,” said Wesley Hyatt, Chief Client Officer, Global Risk Solutions, Liberty Mutual. “What I continuously learn from our clients is that they are equally focused on protecting their businesses today, and building partnerships, programs and a risk-taking culture that will endure,”.

Geopolitical, economic, and legal systems are being challenged at a rate most risk professionals haven’t seen in their lifetimes, all while we’re experiencing the impacts of climate change.

Against this backdrop, the role of today’s risk managers has shifted significantly, and it has prompted a reimagining of the way insurance carriers provide value to clients and brokers, according to Hyatt and Elizabeth Geary, President, Insurance Solutions, Global Risk Solutions, Liberty Mutual.

“Today’s risk environment demands resilience. That means anticipating, responding to, and adapting amidst rapid change,” explained Geary. “The concept of building resilience is central to the way we’re supporting clients and brokers, but it’s also foundational to how we think about evolving our own solutions and how we deliver them,” she added.

The Changing Role of Today’s Risk Managers

Wesley Hyatt, Chief Client Officer, Global Risk Solutions, Liberty Mutual

When considering today’s accelerating risk environment, organizations’ senior business leaders are looking to risk managers to take a more proactive role in shaping a resilient strategy. In this way, the practice of risk management today differs from what it has been in the past, according to Geary and Hyatt, making the role of risk managers:

More visible. The increased cost of insurance is being reflected in premiums and losses. As a result, business leaders want to know the contingency plans, projected costs, and impact on an organization’s long-term goals.

More strategic. Risk managers increasingly have a seat at the table as part of the strategic decision-making process. Their insight into the breadth of challenges a business could face, beyond traditional risk assessment and mitigation, is critical in assessing the viability and sustainability of any initiative.

More urgent. As risks evolve, the pace at which risk managers need to work has increased, partly due to the globalized nature of business and the speed of communication. The impact of shifts in trade policy or geopolitical factors demand a swift response from companies with global operations or supply chains, which comprise a vast share of contemporary businesses.

More complex. Evolving and emerging risks, along with rising costs, have prompted businesses to transform how they structure their risk management programs. This includes making trade-offs in risk retention, implementing complex tower structures, and placing a greater emphasis on business continuity, cybersecurity, quality assurance, and safety programs.

More tech driven. As the field of risk management continues to evolve, technology has become a critical tool for risk managers wanting to better understand, quantify, and monitor risk. However, as organizations expand their use of technology, cyber risks rise in tandem, further emphasizing the tech-savviness required of risk managers today.

Insurers as a Source of Support

Elizabeth Geary, President, Insurance Solutions, Global Risk Solutions, Liberty Mutual

While the role of the risk manager has changed, so has the role of the insurer — or at least it should, according to Hyatt and Geary.

“The feedback loop that allows us to make continuous improvements or adjustments to products and services has become more sensitive to the changing needs of risk managers and reflective of emerging risks. As a carrier, we need to move at a much faster pace, providing that perspective to clients and collaborating more closely than we have in the past,” explains Geary.

Echoing that sentiment, Hyatt added that “to do this effectively, we must closely understand our clients and their businesses. This means showing up and listening to their priorities and learning their tolerance for risk and the role it plays in meeting their goals.”

Together, Hyatt and Geary are prioritizing three components of what they’re calling “Corporate Resilience” to help risk managers navigate the complexities of the market: information, innovation, and collaboration.

Knowledge is power. According to Hyatt and Geary, building resilience begins with understanding the risks a business may be facing. They believe Liberty Mutual plays a foundational role in helping clients stay abreast of changing risk trends and unlocking the power of advanced data analytics to mutually benefit their businesses.

“Today’s risk managers aren’t just looking for products, services, and risk transfer, they’re looking for expertise and problem-solving. They’re seeking support in thinking through their value chain to identify risks, see around corners, and prepare,” said Hyatt.

“Clients benefit from our ability to understand their businesses at a granular level while also bringing the context of what we’re seeing from a high-level, external perspective across similar companies, in addition to the macro trends, globally,” she added.

Product innovation — a two-way street. At Liberty Mutual, client-centricity remains at the heart of its innovation strategy by cocreating solutions with its clients.

“As partners, we have a responsibility to move along with the risk and respond in a way that helps our clients and brokers, whether that’s creating new solutions or changing our existing products and services,” says Geary. Her team’s priorities in the Global Office of Underwriting include cyber, climate, energy transition, and alternative risk solutions, among others, all with a focus on offering fit-for-purpose solutions, stable capacity, and taking a long-term view.

“It’s not an ‘if we build it, they will come philosophy,’ and it doesn’t happen overnight,” explained Hyatt. Rather, she describes meaningful product innovation as the result of close and enduring partnership and deep understanding on both sides.

“It’s mutually beneficial,” said Hyatt, “and our mutual structure is a strength because it allows us to take a long-term view and affords us flexibility,” she added. “We provide the expertise and security clients need to innovate and grow their businesses. Our mutuality also means we succeed when our clients succeed.”

Partnerships that Extend Beyond RiskTransfer. With the demands on risk managers not relenting anytime soon, clients are increasingly seeking more support.

“As the way we help clients manage risk changes, our business has become less transactional. Our clients are not just transferring risk, they’re building a partnership,” explained Geary.

While industry-leading risk control capabilities, best-in-class service and superior claims handling have always differentiated Liberty Mutual, Hyatt sees clients increasingly seeking the benefits of a robust support network of other risk professionals.

In her role as Chief Client Officer, she’s deliberately incorporating community-building elements into Liberty’s programs to leverage some of those opportunities. The firm’s Corporate Resilience thought leadership series, for example, brings the risk management community together for expert panel discussions to help clients network and learn from each other. Hyatt is also helping support the firm’s public affairs initiatives, which assist clients in understanding legal system abuse and the pivotal role they play in collectively pushing for tort reform.

“Forums like these complement our client engagement strategy, which also includes local and national events, as well as relationship leads who help our largest clients access the expansive, global capabilities of Liberty Mutual that may bring value to the strategic relationship,” Hyatt explained.

These dialogues and the philosophy of continuous improvement through the power of collaboration are increasingly helping the firm drive preference with clients.

Better Together

In reflecting on her focus on building Corporate Resilience, Hyatt shared, “it’s important to keep in mind that we’re all in this together. One of the mantra’s of our leader, Neeti Bhalla Johnson, is ‘our clients’ future is our future’ and we very much believe that.” Geary and Hyatt’s hope is that their commitment to Corporate Resilience pioneers new ways to ensure that the future is bright for Liberty’s clients.

“We’re taking the current unrelenting pace and intensity of today’s industry challenges and using them as triggers for how we can home in on building success for our clients amid uncertainty and providing them with greater security,” says Geary. “All this ties directly to our mission of helping clients embrace today and confidently pursue tomorrow.”

To learn more, visit: lmi.co/corporateresilience

This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Liberty Mutual Insurance. The editorial staff of Risk & Insurance had no role in its preparation.

Liberty Mutual Insurance offers a wide range of insurance products and services, including general liability, property, commercial automobile, excess casualty and workers compensation.

Kara Higginbotham Appointed as Head of Professional Liability and Cyber for U.S. National Accounts at Zurich North America

15 Questions for Oded Barak, Founder and CEO of Five Sigma

Creativity, Expertise and Global Reach: How Sompo Provides Stability and Supports Distribution Partners

James Galvin Appointed as EVP of Employee Benefits Group at Alliant Insurance Services

Sponsored Content by QBE North America

Financial Services Sector Faces Heightened Cyber Threats

Evolving Tactics Enable Threat Actors to Infiltrate Networks

Geographic Hotspots and Threat Implications

Financial Services Vigilance Is Required

Share this article!

Trending Stories

AssuredPartners’ Erica Carr Discusses Risk Management Needs in the Transportation Industry

10 Questions for MSIG USA’s Head of Casualty, Tracey Estes

SambaSafety CEO Matt Scheuing Discusses Telematics and Other Aspects of Fleet Safety

The Buckeye State’s Insurance Talent Recruitment Approach

More from Risk & Insurance