Dan Kitwood/Getty Images
show image

Oscar Williams

News editor

Hackers are trying to launch Equifax-style attacks on the finance sector

Cyber criminals are attempting to launch Equifax-style attacks on financial services firms across western Europe, a new report has revealed.

Researchers at Vectra, a security vendor, found that hackers are seeking to steal companies’ critical data and personally identifiable information by building ‘hidden tunnels’ into their networks.

During the attacks, malicious payloads are cloaked in legitimate web traffic and, as such, have traditionally been difficult to detect. But using machine learning tools, the researchers were able to identify the malicious activity.

They found that for every 10,000 devices across all industries, there were 11 hidden HTTPs tunnels. In financial services, the figure rose to 23.

“Financial service providers typically have very robust security postures and that involves locking down what can come in and out of the organisation,” Vectra’s Matt Walmsley tells NS Tech. “But one thing they can’t block is web traffic, which they need for legitimate business.”

“Because they’ve locked down the other pathways, perhaps it isn’t surprising that a very highly targeted industry like finance is seeing the bad actors hiding within legitimate web traffic,” he adds.

To complicate matters further, hackers try to evade detection by stealing data over prolonged periods, sometimes taking just a few bytes at a time, the research reveals.

Last year, the US credit-rating agency Equifax announced that more than 145 million US citizens’ personal data had been stolen by hackers. They had exploited a vulnerability in an open-source framework used to build web apps, in order to exfiltrate data via web traffic.

Vectra’s Chris Morales said cyber criminals will tailor their attacks to the behaviour of the employees of their target business. “Attackers will mimic and blend in with these behaviors, making them difficult to expose,” he warned.

“What stands out the most is the presence of hidden tunnels, which attackers use to evade strong access controls, firewalls and intrusion detection systems,” he added. “The same hidden tunnels enable attackers to sneak out of networks, undetected, with stolen data.”