5.2 C

The financial industry suffered the most data breaches in 2023—including a single attack that affected nearly 1,000 institutions



The financial sector last year, after relinquishing the top spot in 2022, once again was the industry to suffer the most data breaches, according to a report by Kroll, the financial and risk advisory firm.

Kroll’s 2024 Data Breach Outlook report also shows that social engineering attacks, such as phishing scams, are on the rise.

“The financial sector is an attractive target for cyber criminals not only for the immediate financial gain but also due to the wealth of sensitive customer information it holds,” reads the report, which was published Feb. 7 and covers 10 separate industries. 

The report explains that a key threat, besides direct attacks on an organization, is potential third-party risk at various points in supply chains or among organizations that use outsourcing.

The most high-profile of those attacks cited in Kroll’s report, one that pushed the financial sector back into the top spot, was the CL0P ransomware attack on the data transfering platform MOVEit, from Progress Software.

On May 27, CL0P, a Russian ransomware gang, injected instructions into the MOVEit code that then allowed them to steal data from transfers made using MOVEit. By June, Progress Software disclosed that the firm had discovered five more such cyber attacks, also known as SQL injection vulnerabilities.

Financial institutions that had used MOVEit’s services then realized that some of their clients had been compromised after CL0P created a victim-shaming site.

“This type of activity and its impact underscores the fragility of organizational interdependence and the extent of third-party risk,” reads the report, authored by David White, global head of breach notification at Kroll.

In sum, almost 1,000 institutions—both in the public and private sector—were affected by the CL0P-MOVEit attack, including major firms like Deloitte, Ernst & Young, Deutsche Bank, and several U.S. agencies.

“The MOVEit vulnerability was a perfect example of the ripple effect one attack can have on an ecosystem of connected companies,” the report reads. “Indeed, third-party risk is now presenting as a key area of concern due to shifting threat actor behaviors and priorities.”

The health care sector, which ranked first in 2022, ranked second last year, with third place belonging to professional services, which includes social engineering attacks such as phishing scams where victims are tricked into providing sensitive information. The most commonly seen scam, the report notes, involved bogus business emails that looked authentic.

“As part of the rise in social engineering, business email compromise continued to grow steadily in popularity, with both established and newer threat actor groups using a range of tactics to access data and in some cases, ransom the information,” reads the latest Threat Landscape report, also from Kroll.

Subscribe to the CFO Daily newsletter to keep up with the trends, issues, and executives shaping corporate finance. Sign up for free.

Source link

Subscribe to our magazine

━ more like this

‘Change agent’ Caitlin Clark prompts advertiser free-for-all: ‘She’s jump-started a new era of basketball, and she’s propelling women’s sports forward’

Caitlin Clark’s college basketball career has come to a close, but her professional career is just getting started—and fans and brands alike are...

NASA confirms 4-inch piece of space junk from International Space Station crashed into Florida man’s home

NASA confirmed Monday that a mystery object that crashed through the roof of a Florida home last month was a chunk of space junk from...

3 states consider Bayer-written legislation giving it immunity for Roundup cancer claims as it reels from $10 billion in verdicts and counting

Stung by paying billions of dollars for settlements and trials, chemical giant Bayer has been lobbying lawmakers in three states to pass bills...

Singaporean ship that collapsed Baltimore bridge had electrical problems at port, source says

Hours before leaving port, the massive container ship that caused the deadly collapse of a Baltimore bridge experienced apparent electrical problems, a person with knowledge...

Trump’s social media stock has now fallen from $80 peak to $26.61 per share as it loses two-thirds of value

The stock price for Donald Trump’s social media company slid again Monday, pushing it more than 66% below its peak set late last...