Four Insights Into the European Financial Cyber Threat Landscape from ZeroFox Intelligence

As with most industries, the financial sector faces a rapidly evolving cyber threat landscape as we near the end of 2024. Advances in engineering methods, such as generative AI, have enabled the expansion of social engineering tactics, ransomware and malware, and more. In this blog, we’ll dive into the ZeroFox Intelligence team’s specific findings and recommendations for the European financial cyber threat landscape.

Top Insights Into the European Financial Cyber Threat Landscape from Q3 2024

Social Engineering

Threat actors continue to evolve and harness novel social engineering techniques to gain initial network access. ZeroFox observed three main trends coming out of this quarter:

Two-factor authentication solutions no longer offer adequate protection against bypass methods such as open authorization abuse, MFA fatigue, or sim swapping.

The phishing-as-a-service (PhaaS) marketplace continues to professionalize, leading to more accessible and cheaper malicious kits being available to would-be threat actors.

Generative AI is enhancing the way that social engineering is conducted, both by increasing the apparent authenticity of low effort, mass phishing  communications, and enhancing high effort attacks that leverage deep-fake and voice cloning technology.

While user training and widespread communication about social engineering threats is key to protecting employees and customers, financial institutions should also deploy external cybersecurity to monitor for these attacks before or during their deployment. That’s because these threats are coming from outside of your traditional security perimeter and evade traditional firewalls or other barriers. 

Ransomware & Digital Extortion (R&DE) 

In Q3 2024, the financial sector was targeted in approximately six percent of European R&DE incidents. Though a slight increase from the three percent of Q2 2024, this is very unlikely reflective of increased intent. 

ZeroFox Intelligence found that Europe-based entities accounted for approximately 22 percent of all R&DE attacks targeting the financial sector. This is in line with targeting proportions from the wider threat landscape. 

Although ZeroFox did not observe any instances of threat actors seeking to disproportionately target the sector, financial institutions should still use best practices to avoid ransomware attacks. These include keeping software up to date, using multi-factor authentication, educating employees, and regularly backing up critical data.

Malware

In reviewing malware trends in Europe, ZeroFox Intelligence found that Redline was the most commonly-observed stealer targeting Europe-based financial services.

Like other stealers, Redline is spread using social engineering methods, leveraged to steal sensitive information-such as username and password combinations, from web browsers and desktop applications. Though Redline is currently the most commonly observed stealer, it’s important to remember that Malware is popular due to the low barrier for entry, especially considering “Malware-as-a-service” (MaaS) models. 

Disrupting MaaS has its own challenges. But a comprehensive approach to Digital Risk Protection and Threat Intelligence requires countermeasures at every stage of the modern cyber kill chain. Look for a solution that provides early warning, real-time detection, and rapid remediation to ensure your organization remains agile.

Initial Access Brokers (IABs)

Europe accounted for approximately 20 percent of all IAB sales that took place in Q3 2024, slightly less than the 2024 average. Of IAB sales that targeted Europe-based entities, approximately five percent targeted the financial sector, slightly less than the global average.

Though financial services are being targeted slightly less than average, the average value of an IAB targeting Europe-based financial organizations was approximately $3,700 USD. That’s slightly higher than that of other industries and indicative of increased perceived profitability.

We recommend that financial services organizations proactively monitor for potential network access sales to obtain critical early warning for impending cyber attacks and identification of malicious actors, including insiders, meaning to harm their networks. It’s crucial to monitor the dark web and external sources while also ensuring proper cybersecurity hygiene internally. 

As threat actors continue to refine their methods, financial institutions must stay proactive to defend their attack surfaces against growing risks. Learn more about how to mitigate financial fraud and social engineering scams targeting your organization.

Scope Note: ZeroFox Intelligence is derived from a variety of sources, including—but not limited to—curated open-source accesses, vetted social media, proprietary data sources, and direct access to threat actors and groups through covert communication channels. Information relied upon to complete any report cannot always be independently verified. As such, ZeroFox applies rigorous analytic standards and tradecraft in accordance with best practices and includes caveat language and source citations to clearly identify the veracity of our Intelligence reporting and substantiate our assessments and recommendations. All sources used in this particular Intelligence product were identified prior to 12:00 PM (EST) on October 1, 2024; per cyber hygiene best practices, caution is advised when clicking on any third-party links.

Tags: Threat Intelligence