FOCUS MODE
EXTRACT IOC
Threat Research

Cyber threats impacting the financial sector in 2024 – focus on the main actors

SekoiaIO
Cyber threats impacting the financial sector in 2024 – focus on the main actors
This report discusses the evolving landscape of cybercrime and state-sponsored threats targeting the financial sector, focusing on Initial Access Brokers (IABs), ransomware groups, and Trojan operators. It highlights the roles of various actors and techniques, showcasing the persistent threat posed by these entities through sophisticated malware, exploitation of vulnerabilities, and collaborative tactics. Affected: Financial Sector, Banking Institutions, Insurance Providers, Crypto Platforms

Keypoints :

  • Initial Access Brokers (IABs) facilitate unauthorized network access for monetary gains.
  • Ransomware and extortion actors present a significant threat to financial institutions, employing advanced malware and exploiting vulnerabilities.
  • Trojan operators, like Solar Spider and GoldFactory, use sophisticated banking malware to target financial entities.
  • Phishing-as-a-Service models democratize phishing capabilities, intensifying attacks on financial institutions.
  • State-sponsored actors exploit financial systems for espionage, economic gain, or disruption.
  • North Korean APTs use cyber operations to bypass sanctions and fund weapons programs.
  • Collaboration between state-sponsored actors and cybercriminals is noted, optimizing their operational effectiveness.
  • RansomHub and various other ransomware groups target financial entities, often using advanced evasion techniques.
  • Hacktivism is rising, with notable groups targeting the financial sector for political gain.
  • Cybersecurity measures have improved, yet threats remain persistent in a volatile landscape.

MITRE Techniques :

  • Initial Access (TA0001): Exploiting vulnerabilities through phishing attacks to gain network access.
  • Execution (TA0002): Deploying malware such as EvilProxy and IcedID during operations.
  • Credential Access (TA0006): Utilization of valid accounts to facilitate further network penetration.
  • Exfiltration (TA0010): Utilizing tools like Rclone and WinSCP for data exfiltration in ransomware campaigns.
  • Impact (TA0040): Ransomware deployment leading to disruption and financial damage in attacked sectors.
  • Command and Control (TA0011): Using backdoors and remote access tools to maintain persistence within compromised systems.

Indicator of Compromise :

  • [Domain] okta-revolut[.]com
  • [Domain] revolut-okta[.]com
  • [Malware] RansomHub custom ransomware
  • [Malware] EDRKillShifter
  • [Malware] JSOutProx

Full Story: https://blog.sekoia.io/cyber-threats-impacting-the-financial-sector-in-2024-focus-on-the-main-actors/

Tags: PAYLOAD, TROJAN, CRITICAL INFRASTRUCTURE, MACOS, BANK, EXPLOIT, CLOUD, IMPACT