The financial industry is a top target for hackers. Banks, investment firms, credit card processors, and other financial services companies that handle a vast amount of sensitive data are susceptible to weaponized files. The magnitude of cyber-attack attempts against the financial industry is evidenced by the malicious activity we’ve seen in H2 2021 alone. To demonstrate, we’ve taken a sample of activity from our customers operating in the financial arena. Here are the highlights of what we have learned from disarming files – including those that are password protected.
If you want to download the report without reading through the blog, click below!
The Scope of the Threat
We aggregated H2 data across multiple financial customer environments and found that Votiro sanitized 393,915,500+ files and cleaned 634,203 threats.
Example: A look inside Votiro’s dashboard for one of our customers
Threat Types Encountered
Hackers used a wide variety of file-borne threat types to try to breach our customers’ environments. Over the course of H2 2021, we took those 634,203 threats found in the select financial customers’ environment, we categorized 260,000+ threats into different types of file-borne threats.
Chart of threat data collected from our customer environments
Threat Highlight: Cobalt Strike
Over H2 2021, we have seen the Cobalt Strike threat appear in multiple customers’ email environments. Cobalt Strike is a commercially available tool used by network penetration testers but malicious actors can purchase a cracked licensed version of this tool on the Dark Web and repurpose it to deploy all manner of payloads, like keylogger or ransomware.
The weaponized files are zipped and password-protected, fooling unsuspecting victims into “Enabling Content” despite the companies’ security awareness training. Unbelievably, our log data shows that approximately 20% of the attachments were opened by entering a password provided in the email itself.
Example: Email with a password protected zip file containing Cobalt Strike
Votiro Delivers Zero Trust Content Security
When Votiro CDR Positive Selection technology encountered Cobalt Strike, we sanitized the malicious code embedded in the zipped and password-protected document, rendering it unable to activate or launch any unwanted activities.
While traditional file security approaches rely on signatures and heuristic-based antivirus tools to find known bad files, Votiro analyzes every single document. Instead of blocking documents based on specific elements – which may not even be effective if the threat is unknown – we generate a safe document with the exact same content and user experience, ensuring both security and productivity.
If you’d like to view our recent webinar where our VP of Customer Success and Sales Engineering, Henry Frith, dives deeper into this report, visit the recording here. To learn more about implementing Votiro’s API-first Content Disarm and Reconstruction technology to secure your network against the threat of file-borne attacks, please schedule a demo today.