Breaking bank security: Record theft rises to new heights

Recorded data breaches impacting the financial sector have close to tripled since 2016, new research suggests.

The financial sector has long been a lucrative target for criminals of all types and this will not be changing anytime soon.

However, it is not just dodgy insider dealings, scam artists, and bank robberies that can cause players in the financial sectors a headache -- now, it is the threat of cyber intrusion, surveillance, and data breaches.

Banks, investment firms, and financial services all handle sensitive data, including account details, home addresses, contact details, Social Security numbers, information relating to investment portfolios, and more. If these records end up in the wrong hands, this can result in social engineering, account hijacking, and potentially ID theft or the batch sale of records in the Dark Web.

Direct attacks, too, can be launched simply to drain financial entities of funds, such as in the $80 million Bangladeshi bank heist or the recent theft of $13.5 million from India's Cosmos Bank.

Like moths to a flame, this data is an attractive lure, and as such, cyberattacks levied against financial institutions are on the rise and will likely to continue to do so in the future.

TechRepublic: How mobile, AI, and omnichannel tech will revolutionize the future of banking

According to new research released by cloud security firm Bitglass, from January to August this year, there were close to three times as many reported data breaches in the sector in comparison to the same period of time in 2016.

The report, which examines the current state of cybersecurity in the financial sector and uses information aggregated data from the Identity Theft Resource Center (ITRC) and the Privacy Rights Clearinghouse (PRC), says that 37 data breaches were reported in 2016, and 103 incidents have been reported so far in 2018.

See also: ATM jackpotting reaches US shores | ATM hacking becomes a priority in IBM cybersecurity facilities | You can buy Bitcoin ATM malware for $25,000 in the Dark Web

According to Bitglass, attacks involving hacking, exploits, and the deployment of malware were responsible for close to 75 percent of all data breaches recorded in the financial sector over the course of this year. This has raised from roughly 20 percent over the past several years, in which breaches may have also been caused by insiders, human error, and third-party compromise or security failures.

CNET: Playing the face card: Dad didn't expect gigantic bank card photo

Guaranteed Rate, SunTrust, and RBC's Travel Rewards were among the financial services this year which lost the most records due to a successful cyberattack.

A successful phishing attack at mortgage firm Guaranteed Rate ensured the theft of over 187,000 customers and staff records in which names and Social Security numbers were exposed.

In the case of SunTrust, a former employee stole -- and potentially shared -- 1.5 million customer records which included names, addresses, phone numbers, and account balances. The company rapidly signed up all of its customers to identity protection services.

60,000 users of RBC's Travel Rewards website were also involved in a data breach which exposed payment card information.

Bitglass' analysis suggests that the top threats facing the financial sector this year are the WannaCry ransomware and the modular banking Trojan Emotet, as well as more general cloud-based cryptojacking schemes and ransomware-as-a-service platforms.

See also: Fancy Bear LoJax campaign reveals first documented use of UEFI rootkit in the wild

"Breaches can harm organizations' reputations and, consequently, revenues," Bitglass says. "Financial services firms that want to succeed simply cannot afford to maintain a lax security posture. Because of careless and malicious insiders, evolving malware, new phishing schemes, and much more, financial services firms face a wide variety of threats.'

Last month, an academic study revealed that many popular password managers, in use today by both consumers and businesses on the Android operating system, can be tricked by phishing schemes and malicious applications.

Many mobile password managers have trouble associating a user's stored website credentials with a mobile app and creating a link between legitimate services, a weakness which has become ripe for exploit.

Previous and related coverage