Cyber Risk in the Financial Services Sector

Understand more about cyber risk in this sector.

Cyber Risk Graph

Explore how this sector relates to the wider risk graph

Threat Reports

Publicly available threat reporting on cyber attacks against Financial Services.

Report

APT45: North Korea’s Digital Military Machine

This report from threat intelligence analysts at Google's Mandiant marks the graduation of this cyber actor to a fully designated APT - APT45. The ...

View Source

Report

ANALYSIS OF THE APT31 INDICTMENT

Blog post providing analysis of a March 2024 US Department of Justice indictment of 7 hackers associated with APT31. The post details attribution ...

View Source

Report

Unveiling TeleBoyi: Chinese APT Group Targeting Critical Infrastructure Worldwide

This presentation from TeamT5 describes the intrusion set they refer to as TeleBoyi and was presented at JPCERT's JSAC2024 conference on January ...

View Source

Report

Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks

This article by researchers at Trend Micro discusses an Advanced Persistent Threat (APT) group they name Earth Krahang who have been observed ...

View Source

Report

Ongoing ITG05 operations leverage evolving malware arsenal in global campaigns

This Security Intelligence blog post by researchers at IBM's X-Force describes activity by ITG05 - a group which shows overlap with APT28/Forest ...

View Source

Report

Operation Blockbuster: Unraveling the Long Thread of the Sony Attack

This report by Novetta covers 'Operation Blockbuster' which was a Novetta-led coalition of private industry partners aiming to understand and ...

View Source

Report

REDCURL - The pentest you didn't know about

This report by researchers at Group-IB outlines activity by a group they call RedCurl. The report identifies victimology and motivation (corporate ...

View Source

Report

I-Soon leak: KELA’s insights

This blog post outlines KELA's analysis of the 2024 I-SOON data leak. According to the article, I-Soon had relationships with Chinese governmental ...

View Source

Report

Ransomware Spotlight: Black Basta

This report from Trend Micro outlines tactics, techniques and procedures used by the Black Basta Ransomware group. According to the report, Black ...

View Source

Report

APT37 (REAPER) - The Overlooked North Korean Actor

This special report by FireEye discusses an investigation into APT37, a suspected North Korean cyber espionage group. According to the report, ...

View Source

Report

Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day

Reporting from Mandiant which discusses the exploitation of Pulse Secure VPN devices in 2021 and 12 malware families associated with the campaign. ...

View Source

Report

APT1: Exposing One of China's Cyber Espionage Units

The APT1 report represents years of work by Mandiant, who analysed data across hundreds of breaches globally. The report identifies APT1 as a ...

View Source

MITRE ATT&CK Techniques

MITRE ATT&CK techniques observed in use against Financial Services.

Search:

ATT&CK ID	Title	Associated Tactics
T1036	Masquerading	Defense Evasion
T1598.003	Spearphishing Link	Reconnaissance
T1070.006	Timestomp	Defense Evasion
T1595.003	Wordlist Scanning	Reconnaissance
T1020	Automated Exfiltration	Exfiltration
T1566.002	Spearphishing Link	Initial Access
T1057	Process Discovery	Discovery
T1087.002	Domain Account	Discovery
T1036.007	Double File Extension	Defense Evasion
T1583.001	Domains	Resource Development
T1059.006	Python	Execution
T1210	Exploitation of Remote Services	Lateral Movement
T1003.001	LSASS Memory	Credential Access
T1574.002	DLL Side-Loading	Defense Evasion, Persistence, Privilege Escalation
T1110.003	Password Spraying	Credential Access
T1059.001	PowerShell	Execution
T1543.003	Windows Service	Persistence, Privilege Escalation
T1059.003	Windows Command Shell	Execution
T1586.002	Email Accounts	Resource Development
T1584.004	Server	Resource Development
T1112	Modify Registry	Defense Evasion
T1078	Valid Accounts	Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1608.005	Link Target	Resource Development
T1078.003	Local Accounts	Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1036.005	Match Legitimate Name or Location	Defense Evasion
T1053.005	Scheduled Task	Execution, Persistence, Privilege Escalation
T1003.002	Security Account Manager	Credential Access
T1588.001	Malware	Resource Development
T1033	System Owner/User Discovery	Discovery
T1595.002	Vulnerability Scanning	Reconnaissance
T1588.003	Code Signing Certificates	Resource Development
T1592	Gather Victim Host Information	Reconnaissance
T1505.003	Web Shell	Persistence
T1087.001	Local Account	Discovery
T1021.006	Windows Remote Management	Lateral Movement
T1047	Windows Management Instrumentation	Execution
T1539	Steal Web Session Cookie	Credential Access
T1133	External Remote Services	Initial Access, Persistence
T1140	Deobfuscate/Decode Files or Information	Defense Evasion
T1608.001	Upload Malware	Resource Development
T1608.002	Upload Tool	Resource Development
T1569.002	Service Execution	Execution
T1583.003	Virtual Private Server	Resource Development
T1595.001	Scanning IP Blocks	Reconnaissance
T1203	Exploitation for Client Execution	Execution
T1204.002	Malicious File	Execution
T1068	Exploitation for Privilege Escalation	Privilege Escalation
T1114	Email Collection	Collection
T1071.001	Web Protocols	Command and Control
T1069.002	Domain Groups	Discovery

Showing 1 to 50 of 112 entries