News Releases

Trustwave's 2024 Financial Services Threat Reports Highlight Alarming Trends in Insider Threats and Phishing-as-a-Service

Written by | Sep 10, 2024 1:00:00 PM

Chicago – September 10, 2024  Trustwave, a leading cybersecurity and managed security services provider, today released a series of reports detailing the threats facing the financial services sector, marking the second year of its ongoing research into these critical security issues.

In its annual research, Trustwave SpiderLabs highlights the unique factors at play in financial services, significant trends currently affecting the industry, including cryptocurrency and ransomware, and provides an overview of threat actor techniques by attack stage.

Additionally, Trustwave SpiderLabs has produced two complementary in-depth write-ups on pressing threats in the sector: phishing-as-a-service and insider threats. Recent research by the Ponemon Institute identifies malicious insiders as the costliest type of data breach, with phishing being the second most expensive and the most prevalent. Trustwave SpiderLabs’ analysis delves into why these threats are particularly pervasive in the financial services vertical.

“Digital trust is paramount for financial services to effectively operate in a hyper-competitive market, and the attack surface has never been more challenging with the size, and the diversity, of the data,” said Trustwave CISO Kory Daniels. “Our latest series of threat briefings highlight the urgent risks of insider threats and phishing-as-a-service attacks, offering vital insights and actionable strategies to help organizations defend their most sensitive data and assets. This resource is essential for business leaders and cyber defenders striving to stay ahead in an evolving threat landscape.”

Financial services organizations are a goldmine for cybercriminals due to their wealth of sensitive financial data and substantial funds. The sector also faces a unique cybersecurity landscape influenced by expanded regulatory requirements, heightened risk aversion, and consumer protection considerations.

 

Trustwave SpiderLabs’ 2024 Research Series on the Financial Services Vertical Includes:

 

Key Findings from Trustwave SpiderLabs’ Financial Services Research Series Include:

  • 24% of ransomware attacks against the financial sector were by ALPHV
  • 49% of attacks against financial institutions originated from phishing
  • 20% of ransomware attacks in the sector were against banking institutions
  • 65% of ransomware attacks targeting financial services were in the US
  • 37% of phishing emails in the industry contained HTML attachments
  • 73% of credential access techniques were brute-force attempts

In 2023, Trustwave released its first Financial Services Threat Intelligence Briefing that analyzed the attack flow specific to the financial services sector, offering insight on specific threat actors, actionable intelligence, and recommended mitigations for each stage.

To access this year’s research, please click here for the full financial services threat research series.

 

About Trustwave

Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats.

Trustwave’s comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes its client’s cyber investment, and improves security resilience. Trusted by thousands of organizations worldwide, Trustwave leverages its world-class team of security consultants, threat hunters, and researchers, and its market-leading security operations platform to decrease the likelihood of attacks and minimize potential impact.

Trustwave is an analyst-recognized leader in managed detection and response (MDR), managed security services (MSS), cyber advisory, penetration testing, database security, and email security. The elite Trustwave SpiderLabs team provides industry-defining threat research, intelligence, and threat hunting, all of which are infused into Trustwave services and products to fortify cyber resilience in the age of inevitable cyber-attacks.

For more information about Trustwave, please visit: https://www.trustwave.com/en-us/.