Cybercriminals set their sights on financial services and technology firms in the year to June 2023, research by CrowdStrike has found.
Globally, the study found that financial service firms suffered an 80% increase in cyber-attacks. When it comes to the APJ region, most of the attacks targeted technology companies with 26% of all attacks directed towards them. They were closely followed by telecommunications companies with 12%, retail with 11%, financial services with 8%, and manufacturing with 7%.
There was an 80% increase in the volume of interactive intrusion activity against the financial services industry this year compared to the previous year. CrowdStrike noted that this was the largest jump for the financial services industry observed to date, surpassing the telecommunications industry in being the second-most targeted sector by cyber-attacks.
The study further showed that most of the attacks were identity-based attacks, with 62% of the interactive intrusions involving cybercriminals abusing valid accounts. There was a 160% increase in attempts made to retrieve secret keys and other credentials through cloud instance metadata APIs.
Adversaries based in North Korea were the most aggressive state-sponsored adversaries to target the financial sector. They primarily targeted financial and financial technology organizations.
Cybercriminals also now only take an average of 79 minutes to breach systems, a 6% decrease from the 84-minute average in the previous year. The fastest breakout of the year only took a total of 7 minutes.
In a survey conducted by Kroll in 2022, 36% of Asia Pacific organizations did not have an incident response plan in order to mitigate and neutralize cybercrime threats should they occur, an article by The Register said. Sixty percent of the organizations also reported a shortage of cyber security professionals, which could leave them vulnerable to further attacks in the near future.
