In an indicator of the extent to which cyber criminals are targeting financial institutions, a new report has revealed a 125% surge in the number of phishing attacks that financial services and insurance organisations experienced between 2019 and 2020.
Integrated endpoint-to-cloud security company Lookout’s Financial Services Threat Report found that between 2019 and 2020, the average quarterly exposure of financial services to phishing rose by 125% with almost 50% of phishing attempts aimed at stealing corporate login credentials.
In the same period, the exposure to malware and malicious apps also increased by over 400%, with 20% of mobile banking customers having a trojanised app on their device when trying to sign into their personal mobile banking account. The exposure to phishing attacks and malware increased even though the industry saw a 50% rise in the adoption of mobile device management (MDM) services.
“These findings demonstrate that regardless of whether a device is managed or unmanaged, attackers have equal success in deploying phishing campaigns. In addition, phishing can be particularly difficult to detect on a mobile device,” said Gert-Jan Schenk, Chief Revenue Officer, Lookout.
“We inherently trust these devices, which makes us vulnerable to social engineering attacks. Protecting modern endpoints requires a different approach – one that is built from the ground up for mobile and can continuously secure an organisations’ data from endpoint to the cloud.”
The Financial Services Threat Report, based on behavioural analysis of telemetry data from nearly 200 million mobile devices, found that cyber criminals are increasingly targeting phones, tablets, and Chromebooks to increase their odds of finding a vulnerable entry point. This is because access to a mobile device gives hackers access to proprietary market research, client financials, investment strategies, and cash or other liquid assets.
To successfully infiltrate mobile devices and tablets used by financial services, cyber criminals are also exploiting unpatched vulnerabilities in iOS and Android operating systems. Lookout found that 21% of iOS devices and 32% of Android devices were exposed to more than 390 iOS and 1,060 Android vulnerabilities because they were running iOS 13 or earlier and Android 10 or earlier.
“As hybrid work sets in as the longer-term reality and we continue to rely on mobile devices to manage our work and personal lives, we’re primed to get targeted by phishing attacks and malware. Attackers are taking advantage of the inherent trust we put in these devices. Combine that with how inexpensive it is for them to spin up a targeted malware campaign, and you have the perfect threat storm,” said Hank Schless, senior manager of security solutions at Lookout.
“MDM does not give you real-time visibility into the threats you’re faced with. It also does not secure your data, especially as it now needs to travel to wherever it’s needed. With the countless apps you now own, from data centers to the cloud, your organisation is exposed to an expanding breadth of attacks, such as ransomware and insider threats.
“To ensure your organisation stays has the visibility and the ability to control access, you need an integrated solution that can secure your data from endpoint to cloud,” he added.