Extortion cyber attacks rank financial services as 4th most targeted

Australia and New Zealand more vulnerable compared to firms in Europe or North America.

Extortion-based cyber attacks remain a significant threat to the financial services sector, which was the fourth-most targeted industry in 2023, revealed QBE’s Cyber Threats to the Financial Services Industry.

Australia has experienced data breaches involving major companies, including those in the financial and insurance sectors. Despite efforts to bolster the resilience of critical industries, Australian and New Zealand companies may still be viewed by threat actors as more vulnerable compared to larger firms in Europe or North America.

Geopolitical tensions, particularly around China's ambitions concerning Taiwan, have spurred a significant increase in espionage attacks targeting Taiwanese, Asian, and U.S. organisations. 

Whilst Chinese threat actors typically focus more on government and technology sectors, financial services remain a critical sector that could attract their interest as they seek to establish a presence in this area.

Yet, the United States was the most affected country, according to ransomware leak sites. Ransomware actors are particularly quick to exploit vulnerabilities in widely used software, often before or soon after these vulnerabilities are disclosed. 

The interconnected nature of the financial sector amplifies the risk of supply chain attacks, which can cause widespread disruption.

Phishing and credential harvesting continue to be primary methods for gaining unauthorised access to corporate networks across all sectors, including financial services. The threat from ransomware, involving either the use of malware or the threat of leaking stolen data, remains high due to its effectiveness for financially motivated attackers.

The criminal ecosystem has evolved, offering various methods for threat actors to access corporate networks, from exploiting software vulnerabilities and phishing to purchasing credentials and remote access on dark web forums. 

Prominent threat groups have the capability to use this access to navigate networks, steal data, and deploy ransomware across entire organisations.]