With a variety of digital wallet methods, financial cyber risks such as fraudulent transactions, extortion, denial of service attacks, and credit card fraud have become common. These cyber attacks are capable of creating systemic risks for the financial sector. Some of the most prominent cyberattacks the financial sector has seen have impacted critical economic infrastructures. These attacks have the potential to intentionally destroy hardware and compromise sensitive business data in order to compromise services.
Cyber security threats affect almost every component of the FinTech ecosystem. They can pose potential risk to various financial institutions using technology, FinTech startups, and financial customers in the FinTech ecosystem. Technology developers also need to be aware of potential cybersecurity threats that can exert weaknesses and flaws in the technology they are developing.
This article uncovers various cybersecurity threats in FinTech and provides deep insights into the categories and actors that cause these threats. It also introduces the threat modeling approaches used by financial institutions to mitigate countermeasures against these threats. The content of this article is based on the extensive research behind our book, entitled “Understand cybersecurity management for FinTech” will be published by Springer this year.
FinTech has experienced various types of cyber threats including malware, data breaches, denial of service, cyber fraud, and phishing. Data breaches and Distributed Denial of Service (DDoS) are the two most common cyberattacks regularly seen in the timeline of cyber risks and threats on FinTech around the world. Figure 1 below shows the reported cyber attacks and threats that caused financial institutions and banks significant financial losses between 2007 and 2019.
Cyber attacks have targeted financial institutions and banks around the world. Recent cyber threat attempts include: Famous Twitter accounts hijacked for Bitcoin (US), Scotiabank data breach (Canada), ransomware attacks (US), GoldenSpy malware in control software (China), DDoS attacks (Europe), dForce -Cryptocurrency (China), and DDoS extortion (Australia).
FinTech companies face the most widespread cyber threats. This section defines the main cyber threats for FinTech startups.
- Malware: Malware is malicious software specifically designed to disrupt, damage, or gain unauthorized access to a computer system in order to steal sensitive information. Malware can be classified as follows: Adware, Ransomware, Riskware, Scareware, Spyware, Trojans, Viruses, Worms and Zero-Day.
- Adware: Adware stands for advertising malware. It is a malicious application that throws unwanted advertisements on the user’s screen. Adware lures the user into blinking ads that offer lucrative products and entice them to click on the ad.
- Ransomware: Ransomware is malware that encrypts files and directories on the computer to make them inaccessible to users. It demands a handsome ransom to provide the decryption key that is used to unlock the data.
- Risk goods: Riskware is a legitimate program that poses potential risks to the security vulnerabilities on the device. Although it is a real program, it is used to steal information from the device and redirect users to malicious websites.
- Scareware: Scareware is a fear maker that creates fear in users’ minds to encourage them to download or buy malicious apps.
- Spyware: Spyware is malicious software that, once installed on your device, can steal sensitive information. The data collected by spyware is passed on to advertisers, external agencies or companies.
- Trojans: Trojans are devious imitators that act like legitimate programs. They can hide in the background and steal information from the device.
- Virus: Virus is a computer program that replicates itself by modifying other programs and inserting its own code.
- Worm: Worm is a computer program that does not require a host program. It replicates itself to spread to other computer systems. A worm uses the target computer to infect other computers on the network.
- Zero day: Zero-day is a vulnerability that the security community is not aware of. Zero-day is the duration in which the vulnerability is unknown to humans and a malicious program is developed to exploit the vulnerability. Once the vulnerability is known, vendors develop the patch to fix it.
- Data leak: Data breach is the act of intentional or unintentional disclosure of sensitive or confidential information to an untrustworthy party.
- Denial of Service: Denial of Service (DoS) is a targeted attack on a computer system, a server or a network in order to make the services unavailable to legitimate clients.
- Distributed Denial of Service: Distributed Denial of Service (DDoS) is one of the deadly and targeted attacks that involves multiple attackers and multiple compromised systems.
Threat actors are the unauthorized people or groups who launch cyberattacks on a company. Although the suspected personnel remains the same for each organization, a specific number of attackers have been observed at financial institutions. Some of the prominent threat actors identified due to the history of cyber attacks on the financial sector are listed below:
- Malicious Insiders: These are authorized persons who have the rights and permissions to access, read, write and transfer critical private and proprietary data of a financial institution, especially in banks. According to IBM’s cost of a data breach 2020 report, the average data breach cost is $ 6.71 million. It includes both system errors and human error. Additionally, the average cost of cyber incidents across sectors is $ 4.37 million. In Internal fraud case of the HSBC bank In 2008, an employee at his London headquarters fraudulently transferred 90 million euros to accounts in Manchester and Morocco. The employee used passwords stolen from his colleagues to carry out these transactions. However, the employee was later arrested and jailed for nine years.
- Hacktivists: Hacktivists engage in politically or religiously motivated activities in order to abuse a computer system or network. Conducting such activities is called hacktivism. Hacktivists are also simply referred to as hackers. They act in groups and cooperate to coordinate a politically celebrated cyber attack on the country’s major financial institutions. In a similar incident in 2016, some anonymous hacktivists destroyed the website of the Bank of Greece and the central banks of Mexico, Panama, Kenya, Bosnia and Herzegovina using DDoS attacks.
- Cyber criminals: Cyber criminals are individuals or groups of tech-savvy professionals who use technology to perform malicious activity on digital systems or networks in order to steal sensitive data for financial reasons. They are popular for accessing underground markets on the dark web to trade illegal goods and services such as weapons, banned drugs, adult content, and narcotics. Cyber criminals infiltrate computer systems with the intent of finding useful information with which to launch targeted attacks. An international group of cyber criminals uses GozNym malware Steal $ 100 million from over 40,000 victims in 2019, including bank accounts, law firms, small businesses, international corporations, and nonprofits.
- Nation states: National actors or state-sponsored actors are well financed and demanding. They are sponsored by a government agency. One of the most recent nation-state attacks was that NoPetya ransomware outbreak in 2017 targeting Australia, Europe, Ukraine and the US. NoPetya is considered to be the fastest spreading malware of all time.
- Cyber terrorists: Cyber terrorists are involved in malicious activity designed to take down the target’s critical infrastructure. These activities fall under cyber terrorism, which is considered the new cyber war. Researchers classify the ransomware NoPetya and WannaCry as an act of cyber terrorism.
- Screenplay children: Script kiddies are beginners or unskilled people who are lured into cybercrime activities.
FinTech threat modeling follows a structural approach to the identification, categorization and analysis of cyber threats. The primary goal is to precisely identify potential threats that could exploit vulnerabilities in the FinTech institute and lead to major financial losses. It tries to reduce the weak points and their effects on the FinTech institute. It can be carried out as a proactive or reactive measure.
A proactive approach to threat modeling is also known as a defensive approach, which aims to defend the FinTech institutes against cyber attacks. It is based on threat prediction so that early warnings can be issued and resources secured. However, it is impossible to predict all cyber threats in real time.
A reactive approach to threat modeling protects against adversarial attacks by taking appropriate measures to prevent a cyber threat. It is also known as the adversarial approach and includes ethical hacking and penetration testing techniques.
FinTech institutes focus on assets, attackers or software to model threats. Choosing a suitable structural approach depends entirely on the type of FinTech, its size and the investments in companies.
This article introduces cyber threats in the FinTech industry and answers the question: Why are we afraid of cyber threats? It introduces various threat categories, threat actors, and approaches to threat modeling. The next article of the Understand cybersecurity management for FinTech Series examines cybersecurity vulnerabilities and risks in FinTech.