Netskope Threat Labs has published its latest research report, revealing that the financial sector remains among the top sectors targeted by ransomware groups. The report examines the increasing cloud app adoption in the financial services industry, and the worrying abuse of these channels to evade regular security controls for malware and ransomware attacks.
Key findings include:
● Microsoft cloud apps dominate the finance sector: Microsoft OneDrive, Microsoft Teams, and Sharepoint are among the most popular apps in the financial services sector, with Microsoft Teams being significantly more popular than in other industries.
● Shifting targets for malware downloads: OneDrive and Sharepoint, and Github are identified as significant channels for potential cloud app abuse – with the three sitting at the top of the list consistently since September 2023.
○ Sharepoint was more prominent in finance than in other sectors which is mainly linked to the popularity of Microsoft Teams which uses Sharepoint for file sharing.
● Key target for ransomware attacks: The financial sector remains one of the most attacked sectors by ransomware groups, with Trojans the primary attack mechanism, tricking users in the finance industry into downloading other malware payloads. In particular, the Clopp ransomware gang was particularly active in the second half of 2023, exploiting the CVE-2023-34362 MOVEit vulnerability.
○ LockBit was also a prominent ransomware family that primarily targeted the finance sector and has recently been targeted and shut down by law enforcement agencies.
Speaking on the finding, Paolo Passeri, Cyber Intelligence Principal at Netskope said; “It is clear that the macro trends for cloud app use and abuse have remained consistent for the finance sector over the past year. What is interesting to see is that the financial sector remains one of the most attacked sectors by ransomware groups with a focus on the exploitation of vulnerabilities at scale. The figures are a reminder that every organisation should take the time to assess and secure their infrastructure and that simple operational mistakes could expose you to significant threats.”
Cloud-delivered malware comprised 50% of malware downloads in the finance sector, on-trend with other sectors, given the ability for attackers to evade regular security controls that rely on tools such as domain block lists and monitoring web traffic but do not apply zero trust principles to routinely inspect cloud traffic. The report is based on anonymised usage data collected about a financial sector subset of Netskope’s 2,500+ customers, all of whom give prior authorisation for their data to be analysed in this manner.
