6 of the biggest threats banks faced in 2023

January 8, 2024 2:53 PM

woman finding computer getting virus attack — Ransomware was top of mind yet again for many cybersecurity professionals at banks this year, but financial institutions faced threats from many other directions, as well.

From all-time-high check fraud to zero-day software vulnerability exploits, banks faced attacks on multiple fronts in 2023. Trends in AI development, quantum computing and the war in Ukraine also drove some of these threats.

In 2022, weak and reused passwords posed a major threat to banks and their customers, and that trend continued last year, as did other poor practices, including failures to patch vulnerable software on time. As ever, bankers and banking customers also remained vulnerable to social engineering attacks such as phishing, which became a more potent mode of attack this year, thanks to generative AI.

Banks faced many external threats, as well. Ransomware gangs such as Cl0p and Lockbit made headlines for high-profile attacks in 2023, which have driven up cybersecurity insurance costs for financial institutions.

From generative AI to bank failures, here are six of the biggest cybersecurity threats that banks and credit unions dealt with in 2023.

MoveIt bug affects at least 60 banking victims

Key Speakers At CERAWeek 2023 — The MoveIT attacks on banks and government agencies did not represent a systemic risk, according to Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency.

On May 27, ransomware gang Cl0p started exploiting a zero-day vulnerability in Progress Software's file transfer product MoveIt to steal data from thousands of organizations and tens of millions of individuals by multiple estimates.

On the list of compromised institutions were state and federal agencies and at least 60 U.S. banks and credit unions. Data compromised in the leaks included names, addresses, birthdates, Social Security numbers and more.

Progress notified customers about the vulnerability on May 31 and released a patch for it the same day. The company has since identified and remediated two other vulnerabilities in its products. All three are SQL injection vulnerabilities, which according to the cybersecurity nonprofit OWASP Foundation is the third most common type of vulnerability in web applications.

Some of the banks that reported their data had been compromised did not even use MoveIt software directly. Rather, they had their data stolen because of a breach at a third-party provider that used MoveIt.

Citrix bug disrupts operations at 60 credit unions

Citrix Headquarters As Elliot Investment And Vista Equity In Talks To Buy Company

While smaller in total impact than the MoveIt breaches, a bug in cloud-networking software from NetScaler — a bug dubbed Citrix Bleed — led to disruptions at 60 credit unions, though no evidence suggests any data breaches resulted from the attack.

Ongoing Operations, a credit union information-technology firm, said it experienced a cybersecurity incident on Nov. 26. Ongoing Operations added that it has "no evidence of any misuse of information," although it is "reviewing the impacted data to determine exactly what information was impacted and to whom that information belonged."

The incident was a ransomware attack, according to a statement from Maggie Pope, the CEO of Mountain Valley Federal Credit Union in Peru, New York. Mountain Valley Federal Credit Union was one of the few affected institutions that publicly acknowledged the attack and provided details publicly about it. Pope later said that online banking and bill-pay services had been interrupted by the attack. All services have since been restored.

Before the ransomware attack, Ongoing Operations had failed to patch a vulnerability in the NetScaler cloud-networking software, according to Kevin Beaumont, a cybersecurity researcher and former head of cybersecurity operations at the telecommunications company Vodafone.

Cybercriminals use large language models for phishing

Data And Text On Computer Screens — An email security company has found a 12-fold increase in the number of phishing emails it has seen since the advent of ChatGPT, and malicious models may be to blame.

With the surge in popularity of ChatGPT, many cybersecurity experts warned this year that fraudsters and cybercriminals were using large language models such as OpenAI's product to write malicious code and craft phishing emails and texts more efficiently, making it easier for novice attackers to operate more effectively and for seasoned fraudsters to reach more potential victims.

Cybersecurity firm Slashnext said in a report in November that it had seen more than a 12-fold increase in malicious emails since the launch of ChatGPT at the end of 2022. The company documented cybercriminals circulating malicious chatbots that can help craft these emails, the vast majority (68%) of which are attempts at compromising the potential victim's business email.

It was unclear how many of the emails were handcrafted, written by legitimate models such as ChatGPT or Anthropic's Claude or created by a malicious language model. While many generative AI products have safeguards in place to ensure users do not use them for illegal, harmful or fraudulent activities, there have also been numerous attempts to overcome these protections.

Check fraud on track for another record year

Prepare writing a check — An increase in paper mail theft corresponds with a rise in physically altered checks that redirect funds to fraudsters.

The Financial Crimes Enforcement Network is expected to release final data in February about how much check fraud banks reported in 2023, but preliminary data suggests it was another record year.

Through the end of November, depository institutions had filed nearly 490,000 suspicious activity reports pertaining to check fraud, according to recently released data from the Financial Crimes Enforcement Network. Over the same period of 2022 — from January to November — there had been just fewer than 460,000 reports of check fraud from depository institutions.

By the end of that year, the number of reports exceeded 500,000, which is double the number of check fraud reports from 2021. This year, banks are on track to report more than 530,000 instances.

In a stark example of how check fraud is affecting banks, Regions Financial reported during an earnings call in October that it had lost $135 million to check fraud between April and September. Regions Chief Financial Officer David Turner pointed out at the time that check fraud has increased dramatically industrywide but said the bank was "reasonably confident" that the prior increases would not persist.

Customers at failing banks targeted by phishing

A Silicon Valley Bank Branch As Crisis Exposes Lurking Systemic Risk of Tech Money Machine — The collapse of Silicon Valley Bank prompted cybercriminals to target customers, bank employees and others with phishing and other impersonation campaigns.

Cybercriminals capitalized on the failures of Silicon Valley Bank and Signature Bank in March by setting up fake bank websites and phishing campaigns. They spun a plausible story to exploit the urgency of frantic customers and businesses — particularly those with large, partially uninsured deposits — who were unclear on how to communicate with their bank.

The Internet Storm Center, a group that monitors malicious internet activity, issued a warning amid this year's banking crisis that domain registrations containing "SVB" were up significantly. Over 70 new domain registrations matching that description popped up over the weekend of the run on SVB, compared to fewer than 30 over the previous two weeks. These newly registered domains included login-svb.com, svbbailout.com and svbcollapse.com.

Not all of those newly created websites were outright scams, the center said, but for every one that wasn't, there was likely another scam site that did not contain "SVB" but impersonated Signature Bank or another entity that had been in headlines. Impersonating mobile banking apps also posed a threat.

War in Ukraine linked to spike in DDoS attacks

Ukraine’s financial community carries on despite Russia’s invasion — A destroyed building following Russian missile strikes in Kyiv, Ukraine, on Wednesday, March 2, 2022.

A financial services industry consortium warned in January 2023 that a type of cyberattack known as distributed denial of service (DDoS) had grown in prevalence over the past year, and the group recommended vigilance among banks and credit unions to ensure the typically annoying but nondestructive attacks do not become disruptive.

The Financial Services Information Sharing and Analysis Center (FS-ISAC), which primarily focuses on reducing cybersecurity risks, said in a report that the volume of DDoS attacks aimed at financial firms increased 22% year over year as of November. The consortium released the report with the content delivery provider Akamai, which provides DDoS protection among its suite of products.

Hacktivist groups that have taken sides over Russia's war in Ukraine are "largely" to blame for the increase, according to the report. Most of the new attack volume affected Europe, where attacks on financial services increased 73%.