By Toby Butler, Financial Crime Solutions Manager at Ripjar
Ransomware attacks are on the increase in the United Kingdom. Most of the British Government’s COBRA meetings have been convened in response to ransomware attacks, showing how cybersecurity breaches are as pressing as national emergencies and crises. The National Cyber Security Centre’s (NCSC) annual review found this year that the country was hit by 17 ransomware incidents that were so impactful they “require a nationally coordinated response”. That extends to the financial services sector, which saw an increase of ransomware attacks with 55% of organisations hit in 2021.
Where does this leave the sector and how can artificial intelligence and machine learning be instrumental in understanding the risks companies face against future ransomware attacks?
Company information is being stolen and sold to different threat groups, who prey on the individuals in that organisation who are more likely to pay them. The UK is one of the most cyber-attacked countries in the world and the Government has been criticised for being “ill-equipped” to deal with this exponential rise of fraud cases.
Ransomware-as-a-Service
Ransomware is one of the most common forms of cybercrime. Fighting it has become one of the biggest problems that organisations today face during their everyday operations. For instance, Malware (malicious software) encrypts the files of a single computer, then works its way through an entire network to reach the server and inflict maximum damage. Company information is being stolen and sold to different threat groups, who prey on the individuals in that organisation who are more likely to pay them.
When these attacks occur the victims, more often businesses, are left with minimal options. If they have substantial backup solutions already in place, they can attempt to restore the encrypted data to their servers. But if that data isn’t already secured elsewhere, they may need to pay a ransom to the criminals behind the attack. Thereby allowing the business to function once again and restoring their reputation. The cost of paying the ransom will feel considerably smaller compared to starting a business again from scratch. Sophos’ State of Ransomware in Financial Services 2022 report found that 52% of financial services organisations paid the ransom to restore their data, the average remediation cost in financial services was US$1.59M.
Cybersecurity Ventures estimates that ransomware is set to cost global businesses more than $256 billion by the end of 2031. By that token, organisations need to be extremely mindful of the potential threats they may face. Businesses need to understand the methodologies these hackers use, to address the weaknesses within their domain and take measures to isolate and prevent further ransomware attacks from happening again.
The rise of WAMs
According to a recent report by security firm CyberSixgill, 19% of the 3,612 cyberattacks that took place in 2021 were traced back to Wholesale Access Markets – or WAMs for short. WAMs are, in essence, underground internet flea markets. These markets are where aspiring attackers come to purchase network access from threat actors – the individual or entity involved in carrying out the cyber-attack. Types of threat actors include insiders, cybercriminals, rival organisations, or even nation states stealing data.
WAMs sell access to multiple compromised endpoints (or pathways) for around 10-20 dollars. Researchers found that WAMs listed access to approximately 4.3 million compromised endpoints in 2021, which include access to both provider and enterprise software (for example, an organisation’s Slack channel) up to 180 days before the attack itself took place. This shows how long these compromised endpoints remain undetected without proper internal analysis.
How can Financial Services stay ahead of the curve?
The use of Artificial Intelligence (AI) and machine learning is undisputed across modern businesses and sectors, and continues to revolutionise processes across the board. AI is a significant player in the financial services industry, building the ‘cyber-wall’ against nefarious users. It gives organisations optimal insights into reducing the likelihood of a ransomware attack in the future.
Namely, AI and machine learning collects and analyses vast amounts of messy (structured and unstructured) data from disparate sources. The challenge for the sector is to understand the volume and variety of the raw data collected from any source to build better protection in the future.
Structured information could be best understood as the clear data we see in a table. For example, the following attendees made a business meeting: first name – Joan, surname – Smith, age – 46. But unstructured information is information presented in a complex manner. For example, ‘there were five people who attended the business meeting, one of whom was forty-six and called Joan Smith’. Naturally, due to the complex nature of the prose, it would be more difficult for a machine to process that data into a digestible format for further risk analysis. This is where AI continues to prove invaluable.
AI uses natural language processing to understand the information provided on the web. As the software continues to evolve, natural language processing reads the information in a way a human would to extract the key information from the text. By incorporating AI and machine learning within an organisation’s IT infrastructure, companies operating within financial services can be better equipped to handle cybercrime.
These tools are flexible and adaptable, they can be configured to analyse different types of data from different sources to curate key insights. This collated information provides a better analysis of the organisation’s exposure, allowing them the opportunity to get upstream in preventing future attacks. This kind of approach is essential to processing listings on WAMs.
The power to analyse data to identify weakness is vital in the battle against cybercrime. It gives organisations a better understanding into what they could expect to see in the future. Hosting the correct data, and with the analytical skills, financial organisations can gain a better understanding of the methodologies and weaknesses in-house that attackers use and exploit to hold them to ransom. Organisations can then use this as a reference to pinpoint compromised endpoints, giving them a chance to reduce access before this route can be exploited and ruin their business.
With cybercrime and ransomware continuing to remain prevalent, it’s vital that financial services companies understand how they can get ahead of the curve and build a robust security platform within their IT infrastructure that can withstand an attack. In 2022, a ransomware attack occurred every 40 seconds. The mindset for the sector needs to be one of when, not if.
Organisations need to be thinking about an attack now – before it’s happened. Pre-planning and preparing for the worst possible outcome from future threats and adversaries. The introduction of AI and machine learning in the fight against cybercrime is a must, and the sooner the industry gets behind in implementing AI, the safer it will be through the next decade.
