I am excited to attend American Banker's new conference, Cybersec 2016 in NYC on July 19. This is a new conference for American Banker and it is bringing together some great speakers from USAA, Bank of the West, BBVA and many other innovative financial institutions. I am particularly looking forward to hearing Frank Abagnale speak - I really enjoyed his book "Catch Me if You Can"!
Attacks Continue to Grow in Size and Sophistication
These experts in the financial and security fields will undoubtedly be discussing the unprecedented level of attack activity we are seeing within the financial services industry. Akamai's recent Q1 2016 State of the Internet - Security Report shows that the financial services industry remains a top target, given the many opportunities malicious actors have to extract and monetize sensitive data. Armada Collective, the extortion group whose tactics are similar to those used by the group DD4BC, was particularly notable in Q1, with multiple extortion attempts against financial services institutions. They work by sending emails to potential victims, threatening to DDoS their servers unless they pay a specified ransom of Bitcoins.
The graph below shows how the level of attack activity has grown over the past two years.
Sustained, multi-vector attacks:
The sophistication of these attacks is also evident in the fact that over half of the attacks that Akamai mitigated in Q1 were multi-vectors. The expansion of the DDoS-for-hire market may explain the increase in the use of multi-vector campaigns. This causes significant problems for security practitioners, since each attack vector requires unique mitigation controls.
I am also looking forward to speaking with the conference chair, Penny Crosman (@pennycrosman), Editor at Large, American Banker. She recently mentioned Akamai's research in this article for American Banker. In the article, she analyzed the average cost of a DDoS attack - including revenue losses, technical support, disruption to normal operations, lost IT worker productivity and damage to IT assets.
It promises to be a great conference, where financial and security experts will come together to talk openly about the problem of cybercrime in the financial services industry, a perfect opportunity for threat intelligence sharing.
Feel free to schedule a meeting with me or check out our security content here. I hope to see you there.