Financial Cyber-Attacks in 2021

The BFIS (Banking, Finance, Insurance, Securities) is a critical infrastructure sector that greatly depends on IT systems, which makes it especially vulnerable to cybercrime. While analyzing security incidents within the domain in 2018-2021, Costella identified 6,472 breaches and data leakages, with more than 3.3 million records exfiltrated from 20 companies of Fortune 500. The amount of leaked data has increased six-fold over the last two years, pushing financial businesses to intensify the protections. Currently, the finserv sector spends $18,5 annually per company to combat cybercrime, which is 40% higher than in any other industry, says the Ninth Annual Cost of Cybercrime Study by Accenture.

Cybercriminals utilize a variety of tools and techniques to perform their attacks. It’s a never-ending battle, with new kill chains and vulnerable spots being detected daily. That’s why financial institutions employ various methods that let them stay alert on the go. Particularly, one of the ways is to use threat detection platforms like SOC Prime, which enables access to more than 130,000 Sigma rules, with new detections for critical threats being released within hours after the disclosure. Furthermore, it is possible to convert these Sigma rules to over 20 other SIEM & XDR formats by setting up SOC Prime’s inbuilt automation or by running them through a free online tool Uncoder.IO, allowing instant content translation on the fly.

Below is the list of most commonly used financial cyberattacks in 2021. Continue reading to be in the know of what’s happening in the realm of cybersecurity attacks on the financial sector in 2021.


Global financial losses caused by malware have risen to roughly $115,4 billion per week across multiple industries, according to research by Cybersecurity Ventures. Malware has also been widely used by cybercriminals attacking financial businesses in 2021. Cybersecurity protection tools installed once can’t handle the growing number of attacks because new malware samples are being developed on a regular basis.

Common features of financial malware:

  • Supply chain attacks are on the rise. During such intrusions attackers prompt a user to install a fake software patch. If downloaded, the malware-laced software infects all hosts across the entire network, spreading fast and exfiltrating confidential data.
  • Banking Trojans increasingly rely on malicious Google Adsense campaigns to infect the targeted networks within the banking sector.
  • Malware often goes hand in hand with social engineering tools like phishing emails. Attackers share links to infected Google Drive docs, files of various formats, links to webpages, etc.
  • Attackers can also spread malware through mobile devices. Researchers note that financial entities like banks can’t control which software their users install on their phones and tablets, so essentially, these devices are exposed to a limitless number of threats. What’s more, attackers might use anti-fraudulent software as an entry point for infiltration.

In 2021, it has been observed that cyber-attacks are not limited to breaches of conventional financial institutions like banks. Instead, cybercriminals increasingly turn their attention to crypto assets. For instance, adversaries utilized a vulnerability affecting Poly Network decentralized finance ledger to steal $600 million in the biggest cryptocurrency theft ever.

APT Attacks

APT groups perform sophisticated campaigns during which cybercriminals establish a long-term presence in the victim’s network. The attack plan is built with careful consideration of the weak points of a specific target organization.

Key compromise tactics were highlighted in the BitDefender whitepaper:

  • The attack typically starts with infiltration to the financial institution’s internal systems. Most commonly, attackers rely on spear phishing to establish a foothold and start a lateral movement.
  • The next phase is to utilize backdoor malware to gain remote access and issue system commands. Notably, the Cobalt Strike penetration testing software had been the most widely used backdoor for attackers in 2021.
  • The third phase is reconnaissance. Attackers collect data related to banking applications and internal procedures and prepare it for exfiltration. Usually, they wait for weekends or after business hours to perform these actions.
  • The final stage of the APT attack on a financial sector may differ. They might steal and encrypt data to get a ransom, compromise the ATM networks to cash out, steal funds from the banking systems, or cause significant losses just to damage the reputation of the institution.

One of the ways to prevent an APT attack is to start with an in-depth security defense strategy. The SOC architecture should include advanced security data analysis and early detection algorithms along with real-time reporting.

Social Engineering

The Deloitte survey shows that social engineering poses the biggest threat for companies in the financial sector. On top of that, research by Cisco shows that 43% of employees have made mistakes that could potentially expose companies to a cyber-attack threat.

The situation worsens when less-skilled attackers exploit ChatGPT, a large language model that amassed over 100 million monthly users within two months, to orchestrate advanced social engineering attacks.

Social engineering includes:

  • Phishing attacks that reach out through emails, text messages, or online ads and motivate a person to visit a scam website or download an infected file.
  • Scareware (a.k.a. fraudware), being a piece of software that prompts a person to visit an infected website.
  • A ‘favor for a favor’ social engineering trick that encourages victims to share confidential data in return for some service.

When it comes to execution, methods like phishing are used by cyber attackers either as an entry point for infiltration or as a direct fraudulent activity for stealing funds. For instance, fraudsters would use legitimate bank accounts of unsuspecting users to instantly withdraw funds. The use of mobile banking applications heightens the risk because of the global expansion of mobile banking trojans like Anubis, Basbanke, Ghitmob, and Ginp.

To prevent social engineering, it is necessary for financial organizations to educate their users and employees on how to identify and report fraudulent activity in their accounts. Security measures like 2FA authentication might minimize chances of direct attacks but it’s important to remember that social engineering actors employ stealthy hacking techniques to pretend as if they are representatives of a legitimate institution.

Third-Party’s Unsecured Services

A common tendency of the year is that adversaries have been seeking security gaps in third-party services connected to the banking infrastructure. For example, they tend to infiltrate through companies that provide services to the banks, thus gaining access to the financial data. Beyond that, attacks through third-party services targeted directly at customers’ payment cards also took place in 2021.

Common techniques of a financial cyber-attack through third-party:

  • A less technically sophisticated method for criminals to gain access to funds is to leverage the spoofing technique. Usually, they send an email, pretending to be a third-party provider, and ask employees of the financial organization to share confidential data. For example, General Electric was attacked by hackers impersonating their third-party provider Canon Business Process Services.
  • The next common technique is digital skimming. Fraudsters skim digital payment information like credit card numbers and security codes through input fields on e-commerce websites.
  • Viruses like Vultur exploit Android’s accessibility services and remote access functions. After installing an infected app, the user exposes the device to fraudsters who can get remote control over its interfaces. As a result, attackers can gather financial accounts’ credentials by screen recording and using a keylogger to gather inputs.

Employing services of third-party providers has become a general practice in the financial services sector. However, the act of sharing information between the parties becomes a likely entry point for a cyber-attack. End users are also exposed to cyber threats by using e-commerce sites and suspicious mobile apps.

Closing Thoughts

The year 2021 showed increased activity in the realm of financial cyber threats. Malicious actors target institutions like banks, e-wallet apps, or trading desks in order to gain illicit access inside the organization’s system and steal funds. Meanwhile, malware is also considered a significant threat to large organizations. At the same time, APT attackers continue developing their techniques and networks, growing into a mature cyber-attack market.