Cybercriminals Target Financial Institutions: Breaches and Solutions

Financial services firms are favorite targets for cyber criminals. The firms are a treasure trove of tradeable data varying from credit card credentials, customer information, and corporate data that can be abused or sold on the dark net. Compared to other industries, the financial sector still remains extremely vulnerable. Overall, the chance of a financial institution being breached is 300 times higher than that of other organizations. While US companies in general are attacked around 4 million times a year, American financial institutions are victimized at a staggering 1 billion times per year. Recovering from an attack is costly, with the latest estimations calculating the price of $18 million USD per financial institution.
Major Financial Institution Breaches in 2018
Target | Date | Attack | Fallout /Damage |
Cosmos Bank, India | August 2018 | Hackers use malware compromising the bank's ATM server to steal the credit card information of customers, alongside SWIFT codes required for transactions. | During the first wave, $11.5 million USD was stolen in multiple countries. During the second wave on the same day, $2 million USD was stolen via debit card transactions across India. |
Bank of Montreal, Canada | May 2018 | Hackers used spear phishing attack to get access and then exploited a vulnerable server. | Hackers stole data of 50,000 bank customers and blackmailed the bank by threatening to make the data public unless $1 million USD in ransom was paid. |
SunTrust Bank, USA | April 2018 | A SunTrust Bank employee (no longer with the bank) stole customer data. | 1.5 million records were stolen including names, addresses, phone numbers and account balances. |
Sheffield Credit Union, UK | February 2018 | It has been reported that the Hackers accessed the computer systems using a so-called "brute-force" attack. | The personal data of about 15,000 members were stolen including names, addresses, national insurance numbers and bank details. |
City Union Bank, India | February 2018 | Hackers accessed a SWIFT system to transfer money to banks in 3 different countries using Standard Chartered Banks. | Hackers made 3 illegal transfers in total of $1.8 million USD to banks in Dubai (via a Standard chartered Bank in New York), in Turkey (via a Standard Chartered Bank in Frankfurt), and in China (via a Standard Chartered Bank in New York). |
The breaches outlined above show that cyberattacks on financial institutions are multi-faceted. The simple stealing of credit card details via phishing attempts is still effective, but has become less profitable. The rules of supply and demand also apply in the dark net economy, and the price per stolen credit card has dropped dramatically from the early days of cybercrime. Furthermore, credit card owners and credit institutions have become more vigilant and have taken security measures.
That’s why virtual bank heists in the form of ATM jackpotting has become popular with hacker groups. Let’s have a closer look at the Cosmos attack which occurred two months ago on August 11th.
Spotlight on the Cosmos Bank Attack
The Cosmos Bank breach in August 2018 demonstrates how sophisticated modern cyberattacks have become.
First Wave of the Attack
Hackers began with patient-zero compromise and lateral movement, infiltrating the bank’s internal and ATM infrastructure. They used malware to install malicious ISO8583 libraries and process code injections, creating a rogue ATM/POS switching system. This allowed them to sever connections between the central banking system and backend systems.
With the system compromised, the attackers authorized fraudulent ATM withdrawals totaling $11.5 million USD across 28 countries. They utilized 450 cloned debit cards for nearly 15,000 transactions, bypassing fraud detection systems by manipulating transaction replies.
Second Wave of the Attack
Hackers escalated their operation by compromising the bank’s SWIFT system to send three fraudulent MT103 messages. These transactions transferred approximately $2 million USD to a Hong Kong-based entity.
Improving Cybersecurity in the Financial Sector
Financial institutions are taking significant steps to improve cybersecurity. Enhanced monitoring systems now detect and mitigate cyberattacks more effectively, enabling swift recovery. However, the challenge remains due to the dual threat posed by crime-for-profit and state-sponsored actors. Cooperation between private institutions, regulators, and law enforcement—ideally on an international scale—is essential to preventing financial crises.
How Cymulate Helps Financial Institutions Stay Secure
Cymulate’s Breach & Attack Simulation (BAS) platform empowers financial institutions to test their cybersecurity defenses in a safe, controlled manner. The platform offers eight different assessments, including:
- Immediate Threat Alert Assessment: Tests vulnerabilities against the latest threats.
- Lateral Movement Assessment: Identifies potential for attackers to move within a Windows Domain Network.
- Phishing Assessment: Evaluates employees’ susceptibility to socially engineered attacks.
- Data Exfiltration Assessment: Checks outbound data control to prevent sensitive information exposure.
These simulations can be run on-demand or scheduled in advance, allowing organizations to regularly assess and strengthen their cybersecurity posture.
Book a DemoFeatured Resources
Subscribe to Our Blog
Subscribe now to get the latest insights, expert tips and updates on threat exposure validation.