Cyber-Attackers Continue Assault on Financial Services, IBM Reports

Financial services is typically one of the most targeted industry verticals by cyber-attackers, and 2016 was no exception. In fact, according to a new report by IBM Security, the financial services industry was attacked more than any other industry last year. On a positive note, however,  the average financial services company that IBM monitors experienced fewer security incidents in 2016 than they did in 2015. IBM Security released the new report on financial services security trends on April 27, providing insight into the types of cyber-attack methods and exploits being used on financial services companies. In this slide show, eWEEK takes a look at some of the highlights of the research from the IBM X-Force Research team.

According to IBM, the financial services industry was attacked more in 2016 than any other industry vertical. IBM defines a security event as an activity on a system or network detected by a security device or application.

While the overall number of attacks on financial services grew in 2016, IBM reported a decline in the volume of security incidents. IBM defines a security incident as an attack or security event that was reviewed by IBM security analysts and deemed worthy of deeper investigation. The average financial services client monitored by IBM had 94 security incidents in 2016, down from 192 in 2015.

IBM found that in 2016, more financial services attacks could be attributed to insiders, though the majority of the insider attackers (53 percent) were labeled by IBM as being inadvertent actors.

The leading type of attack method used against financial services organizations in 2016 was various forms of input or command injection.

Looking deeper into the types of injection attacks that impacted financial services organizations in 2016, IBM reported that the Bash shell vulnerability known as Shellshock was responsible for just over a quarter of all attacks.

Following injection, manipulation of data structures was the No. 2 type of attack against financial Services organizations in 2016. Among the classes of attack that fit into this category were buffer overflow vulnerabilities.

Among the global attacks highlighted in the IBM report is the $81 million attack against banks in Bangladesh.