A ‘whale’ of a threat evolves in the financial sector to steal sensitive data

A humpback whale’s fluke appears from the water as it dives in the waters off Sydney June 14, 2006, in Sydney, Australia. (Photo by Ian Waldie/Getty Images)

Cybersecurity attacks in the financial sector have not only become more sophisticated but also more audacious. Bad actors aim high, directing their schemes at the highest levels of financial executives to gain the best access and, potentially, the highest profit.

In gambling hotspots like Las Vegas and Macau, the term “whale” usually refers to a high roller – the kind who could bet thousands, or even hundreds of thousands, on a single hand of Black Jack or roulette. When cybersecurity experts talk about “whaling,” they’re looking at how cybercriminals target senior executives in an effort to steal the most privileged information and gain access to the most sensitive data.

Typically, these whaling attacks begin (as they often do) with a phishing email, according to Tonia Dudley, strategic advisor at Cofense. According to the FBI, these high profile whaling attacks cost companies more than $12.5 billion in losses in 2021 alone.

“When we look at the themes used in many campaigns, these are usually related to finance, such as invoice, purchase order or quote,” Dudley said, adding that Cofense has seen “fewer attachments coming in. in the inbox for users to interact with.” However, HTML and HTM files “systematically” make them comprehensive security filters, Dudley noted.

Dudley, a current board member of the National Cyber ​​Security Alliance who has worked for Charles Schwab and Honeywell, said more whaling campaigns are leveraging “multiple stages in their attack.” . For example, the first step might start with a link to a file-sharing cloud site, such as Google, Dropbox, or DocuSign.

“Then once the file is uploaded, the embedded files or links to pages would perform the second step, [which] could include anything from a login credentials page to malware leading to an entry to point to a ransomware attack,” she added.

Harris Schwartz, chief information security officer at Elevate Security, said financial institutions and senior executives are often the “primary targets of spear-phishing and whaling attacks, so they need to be especially aware of who they are.” in their organization would be a vulnerable target. ”

“Whaling attacks look for users with high-level access credentials that may not think before clicking and high-level access credentials,” Schwartz said. “A user’s credentials like this can provide cyber thieves with a pathway to anything from personal employee or customer information to company secrets to actual fund transfers. .”

Because of this trend, Schwartz said more U.S. financial institutions are working to “identify risky users” and increase their cybersecurity training.

Rob Rendell, Vice President of Payment Solutions at Feedzai, added that with “more banking and digital transactions, FIs (financial institutions) need to be especially alert to this type of scam. It’s much easier today for victims to make a quick digital transfer to appease this fake CEO before re-verifying the veracity of the claim.


Comments are closed.