H2 2021 Financial Threat Report

February 11, 2022

The financial industry is a top target for hackers. Banks, investment firms, credit card processors, and other financial services companies that handle a vast amount of sensitive data are susceptible to weaponized files. The magnitude of cyber-attack attempts against the financial industry is evidenced by the malicious activity we’ve seen in H2 2021 alone. To demonstrate, we’ve taken a sample of activity from our customers operating in the financial arena. Here are the highlights of what we have learned from disarming files – including those that are password protected.

If you want to download the report without reading through the blog, click below!

The Scope of the Threat

We aggregated H2 data across multiple financial customer environments and found that Votiro sanitized 393,915,500+ files and cleaned 634,203 threats.

A peek inside Votiro's dashboard - Votiro

Example: A look inside Votiro’s dashboard for one of our customers

Threat Types Encountered

Hackers used a wide variety of file-borne threat types to try to breach our customers’ environments. Over the course of H2 2021, we took those 634,203 threats found in the select financial customers’ environment, we categorized 260,000+ threats into different types of file-borne threats.

chart of types of financial threat data that highlights how many documents use an external file - Votiro

Chart of threat data collected from our customer environments

Threat Highlight: Cobalt Strike

Over H2 2021, we have seen the Cobalt Strike threat appear in multiple customers’ email environments. Cobalt Strike is a commercially available tool used by network penetration testers but malicious actors can purchase a cracked licensed version of this tool on the Dark Web and repurpose it to deploy all manner of payloads, like keylogger or ransomware.

The weaponized files are zipped and password-protected, fooling unsuspecting victims into “Enabling Content” despite the companies’ security awareness training. Unbelievably, our log data shows that approximately 20% of the attachments were opened by entering a password provided in the email itself.

screenshot example of email security threat with unsafe attachment in inbox

Example: Email with a password protected zip file containing Cobalt Strike

Votiro Delivers Zero Trust Content Security

When Votiro CDR Positive Selection technology encountered Cobalt Strike, we sanitized the malicious code embedded in the zipped and password-protected document, rendering it unable to activate or launch any unwanted activities.

While traditional file security approaches rely on signatures and heuristic-based antivirus tools to find known bad files, Votiro analyzes every single document. Instead of blocking documents based on specific elements – which may not even be effective if the threat is unknown – we generate a safe document with the exact same content and user experience, ensuring both security and productivity.

If you’d like to view our recent webinar where our VP of Customer Success and Sales Engineering, Henry Frith, dives deeper into this report, visit the recording here. To learn more about implementing Votiro’s API-first Content Disarm and Reconstruction technology to secure your network against the threat of file-borne attacks, please schedule a demo today.