Q2 2023 Financial Sector Quarterly Threat Landscape Report

ZeroFox Intelligence - Q2 2023 Financial Sector Quarterly Threat Landscape Report

Product Serial: A-2023-09-01a

TLP:CLEAR

ZeroFox Intelligence is excited to announce the release of our Financial Sector Quarterly Threat Landscape Scorecard for Q2 of 2023.

Standing Intelligence Requirements

Deep Dark Web and Criminal Underground

For the most up-to-date list of ZeroFox’s Intelligence Requirements, please visit:

https://cloud.zerofox.com/intelligence/advisories/14956

Link to Download View the full report here.

Scope Note

ZeroFox Intelligence is derived from a variety of sources, including—but not limited to—curated open-source accesses, vetted social media, proprietary data sources, and direct access to threat actors and groups through covert communication channels. Information relied upon to complete any report cannot always be independently verified. As such, ZeroFox applies rigorous analytic standards and tradecraft in accordance with best practices and includes caveat language and source citations to clearly identify the veracity of our Intelligence reporting and substantiate our assessments and recommendations. All sources used in this particular Intelligence product were identified prior to 12:00 PM (EDT) on July 10, 2023; per cyber hygiene best practices, caution is advised when clicking on any third-party links.

Key Findings

• The threat to financial organizations from ransomware and digital extortion (R&DE) very likely increased in Q2 2023, reaching the highest levels since 2021.
• Financial organizations faced a high threat of nefarious actors exploiting Common Vulnerabilities and Exposures (CVEs). Clop’s successful May 2023 exploitation of CVE-2023-34362, a zero-day exploit in MOVEit file transfer software, demonstrated the potential impact these CVEs can have; approximately 16 percent of identified victims are in the finance industry.
• While Russia-aligned threat actors continued to target North American and European financial organizations with Distributed Denial of Service (DDoS) attacks, the impact of the attacks remained limited, typically rendering websites unusable for a short period of time.
• Search Engine Optimization (SEO) poisoning and leveraging of malicious Google ads to disseminate malware continued on an upward trajectory.
• Malware-as-a-service offerings sustained low barriers to entry for threat actors seeking to target financial sector entities.
• E-skimmer campaigns remained a persistent threat and were successfully leveraged to siphon banking customers’ payment information.
• Illicit access to financial organizations advertised in open forums remained low in Q2 2023, with brokers continuing to leverage private channels for selling to well-established buyers.