FINRA Warns of Rising Risks as Third-Party Cyberattacks Threaten Financial Services
2024-9-26 05:28:43 Author: www.trustwave.com(查看原文) 阅读量:7 收藏

3 Minute Read

Earlier this month, the Financial Industry Regulatory Authority (FINRA) posted a cybersecurity advisory highlighting the recent cybersecurity risks of third parties impacting its members and financial services organizations. The recently released Trustwave SpiderLabs 2024 Trustwave Risk Radar Report: Financial Services Sector underscores FINRA's concern about the escalating threat landscape facing the financial industry.

FINRA, which first warned of supply chain attacks in 2005, noted in the advisory that it has observed an increase in third-party attacks and outages due to other causes in the last year. To counter this and remain safe, it reminded its member obligation to establish and maintain a supervisory system, including written supervisory procedures, for any activities or functions performed by third-party providers that are reasonably designed to achieve compliance with applicable securities laws and regulations and with applicable FINRA rules.

FINRA is a non-profit organization that regulates the securities industry in the US to protect investors and ensure the integrity of the securities markets. FINRA writes and enforces rules for broker-dealers and brokers, examines firms for compliance, and educates investors. FINRA also administers qualifying exams for securities professionals and has enforcement capabilities. Sanctions can include fines, suspensions, restitution, and bars from FINRA membership.

Financial Services Under Attack

Trustwave SpiderLabs report showed ransomware is the preferred malware of threat groups, as evidenced by the fact that 20% of all ransomware attacks struck banking institutions and 65% of all ransomware attacks took place against targets located in the US. The ransomware threat is pertinent to FINRA's concern about third-party vulnerabilities, which can be traced to the fact that some of the most prominent ransomware attacks over the last several years began with an attack on the victim's supply chain.

In May 2021, one of the most publicized supply chain attacks occurred when the threat group DarkSide struck the fuel distribution company Colonial Pipeline by exploiting a vulnerable component within a legacy VPN that the company should have decommissioned. The group inserted ransomware and shut down the company's ability to supply fuel causing chaos in several US states as consumers panicked.

In the July 2021 attack on Kaseya, the company said the attacker exploited zero-day vulnerabilities in its VSA product enabling it to bypass authentication and run arbitrary command execution.  This move allowed the attackers to leverage the standard VSA product functionality to deploy ransomware to endpoints.  Attackers accessed Kaseya and pushed ransomware out to the company's clients.

Trustwave SpiderLabs analyzed ransomware incidents targeting the financial services sector and identified  and LockBit as the predominant groups operating in this space. Last year, ALPHV accounted for 10% of attacks, but this year their share has increased to 24%. Similarly, LockBit's share was 24% last year, compared to 23% this year.

Third-Party Threat Warnings Ignored

However, despite the potential for an attack against individual members and the broader FINRA membership and their obligation to shore up their supply chain security, the organization has noted several negative recurring themes during examinations of third-party provider risk management procedures among some members. These issues include:

  • Not establishing adequate third-party provider risk management policies
  • Not conducting initial or ongoing due diligence on its third-party providers that support key systems
  • Not validating data protection controls in third-party provider contracts
  • Not involving third-party providers that support key systems in the testing of their Incident Response Plan
  • Not having procedures that address the return or destruction of firm data at the termination of a third-party provider contract
  • Not addressing third-party providers' use of vendors (i.e., fourth-party providers) that may handle firm data.

How to Defend Against Third-Party Attacks

Trustwave SpiderLabs, in its report, and FINRA noted in its advisory that it is possible for firms that experienced a cybersecurity incident related to a third-party provider to successfully respond, recover, and prevent further damage by implementing several key actions in their cybersecurity programs.

The Trustwave SpiderLabs handbook of mitigation cites:

  • Financial services organizations must ensure their own systems and those belonging to third-party partners are secure and protected by the latest security measures. This can be achieved through regular penetration tests and vulnerability scans.
  • Maintain an inventory management system for all software, including vendor-developed software components, operating systems, version and model numbers.
  • Implement a routine vulnerability scan before installing any new applications, devices, or technology onto the IT environment.

FINRA Recommends:

  • Conducting ongoing monitoring and risk assessments of third-party providers
  • Segmenting networks and using identity checks along with multi-factor authentication (MFA)
  • Implementing MFA for employees through an authentication application while reducing the time limits on users' session tokens
  • Prioritizing patching efforts and applied fixes to address high-risk vulnerabilities.

Additionally, FINRA said financial services that successfully recovered from a third party attack proactively created a catalog of data types and assessed whether personally identifiable information (PII) or firm-sensitive information was transmitted to or accessed by a third-party provider.  They also performed ongoing monitoring for lookalike website domains and phishing emails, and quickly identified anomalous behavior related to credential misuse and incorporated this behavior into employee phishing tests to raise threat awareness.

Furthermore, firms refined incident response and business continuity plans to prepare for scenarios where a third-party provider is taken offline or unable to operate and identified alternative communication channels to contact providers outside of the network. They regularly tested for failover situations and practiced recovery scenarios from offline backups or when data was rerouted to alternative locations.

Stay Informed

Sign up to receive the latest security news and trends straight to your inbox from Trustwave.


文章来源: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/finra-warns-of-rising-risks-as-third-party-cyberattacks-threaten-financial-services/
如有侵权请联系:admin#unsafe.sh