Cyberattacks seeking profit have been on the rise in the past year, according to a security software company.
Vikram Thakur, a researcher at Symantec, told Fifth Domain in an interview that the company has advised customers in the past few weeks to run the most up-to-date software and have high user awareness to mitigate the risks.
“The common goal of financial profit seems to be extremely rampant,” Thakur said, adding that hackers have targeted everyone from large financial institutions to individuals.
Thakur said that hackers see financial institutions as a low-probability, high-reward attack. Even though banks have some of the best cybersecurity in the world, just one successful attack can be worth millions of dollars.
Hackers have increasingly targeted the SWIFT bank messaging system to steal millions of dollars.
“Adversaries have advanced their knowledge” over the past 18 months, said a November 2017 report from SWIFT and BAE Systems. Advanced attack methods include “gaining administrator rights for operating systems, manipulating software in memory, and tampering with legitimate functionality to bypass two-factor authentication.”
But at the other end of the spectrum, hackers are also targeting individuals as a high-probability, low-risk scheme. “The highest volume that we see tends to be targeting end users in the hopes of taking their credentials or credit cards,” Thakur said.
There has been a 135 percent year-over-year increase in financial data being sold on the dark web, according to a July report from the threat intelligence firm IntSights.
The increased financial attacks are not confined to one geographic location, Thakur said. “If you look at it from an attacker prospective, they don’t care where the money comes from.”
Thakur also said it was difficult to determine why there has been an increased number of cyberattacks seeking profit. On one hand, attackers might be more motivated to carry out a cyberattack because of need, but Thakur added hackers might also be enticed by the booming incomes of banks.
“It works both ways. Guessing the motivations for attack would be pure speculation.”