Malware

Cyber attacks, attacks on the credit system up 214 per cent

Tinexta Cyber research on thirty banks highlights excessive vulnerability to external intrusions

2' min read

Key points

  • The numbers of intrusions
  • Workers also at risk
  • The new malware

2' min read

The research covers 30 banks, 15 significant and as many less significant, based on clusters predefined by Certfin, was named Financial Threat Landscape and focused on the potential threats to the industry brought by Infostealer, a type of malware designed specifically to harvest sensitive information from infected systems. The report was conducted by Tinexta Cyber, a company specialising in cybersecurity and listed on the Star, analysing the cyber intrusions suffered by bank customers through break-ins of their devices (mobile phones, tablets and PCs) and their consequences on the internal control systems of the banks concerned. But also the aggressions of new modalities and techniques that have seen as victims the very analysts and programmers who are supposed to be guardians of computer security. Among the main outcomes highlighted by the report is the fluctuation in breach incidents between the first three quarters of 2023 and the same period in 2024. Against a trend of cyber attacks on the system that, all things considered, was considered to be physiological in the first nine months of last year, the trend was abruptly reversed in the fourth quarter, with a real surge. A trend that also continued in 2024.

The numbers of intrusions

Loading...

In the first quarter of 2023, the 'least significant' banks reported 751 compromised devices. The count dropped to 696 in Q2 2023 and further reduced to 550 in Q3 2023.

However, this trend was abruptly reversed in the fourth quarter of 2023, with the number of compromised devices rising to 1676. "The jump from 550 in Q3 2023 to 1676 in Q4 2023 (an increase of 205%)," they explain from Tinexta Cyber, "is worrying and the situation got even worse in Q1 2024, with the number of compromised devices reaching 2200. This represents an increase of 193 per cent compared to the first quarter of 2023, highlighting a continuing and growing threat to the security of less significant banks'. During the first three quarters of 2023, then, 'significant' banks also experienced a downward trend in the number of compromised devices. This trend was reversed in the fourth quarter of 2023, where the number of compromised devices rose to 11,876: a substantial increase, which more than tripled the figures of the third quarter of 2023, marking a 220% increase. The number of compromised devices increased further in Q1 2024 to 24,240, an increase of 214% over Q1 2023 and 104% over Q4 2023.

At risk to insiders

The research then revealed a further pitfall. In fact, the incursors seem to have adopted a novel approach to administering malware, posing as helpful contributors on Stack Overflow, one of the platforms most used by operators. This method exploits the trust and credibility of the developer community platform to propagate malicious code. How? By infiltrating discussions in which users seek programming advice, offering seemingly legitimate solutions that however incorporate malicious payloads. "A tactic," they explain from Tinexta Cyber, "that is worrying as it targets developers and corporate environments, expanding the reach of Infostealer threats beyond the typical end-user base.

Copyright reserved ©
Loading...

Brand connect

Loading...

Newsletter

Notizie e approfondimenti sugli avvenimenti politici, economici e finanziari.

Iscriviti