Financial Services Industry Threat Report 1H 2013

Financial Services Industry Threat Report 1H 2013 A look at the top cyber threats plaguing the financial services industry, based on data from 925 financial institutions including banks, credit unions, savings and loans and insurance companies 90,000,000,000 Raw security events were processed by SilverSky between January - June 2013 900,000 Potential security incidents identified during the first half of the year Medium- and high-severity incidents (likely and confirmed compromises) took place. This study focuses exclusively on these medium- and high-severity incidents 1,513 Top 10 Threats Security Incidents 1619 1628 Security incidents decreased 11.30% Blackhole Exploit Kit from 56% in 1H 2012 to 47% 1513 1H 2013 as financial institutions 9.65% Darkleech Exploit Kit become savvier at blocking access to unrated Web domains - greatly reducing the number of 4.76% Palevo Command & Control Activity 2012 1H 2012 2H 2013 1H client-side attacks 4.56% BlackDragon BEK2 Exploit Kit Affected Institutions 4.36% ZmEu Vulnerability Scan Organizations experiencing at least one security incident 6. 3.50% TDL4/TDSS Command & Control Activity 67% 57% 40% 2.58% Andromeda Command & Control Activity of large financial institutions mid-size institutions small institutions 2.38% ZeuS Command & Control Activity (assets between $250M and $1B) (assets less than $250M) (assets above $1B) 2.38% Posible Bot: Malicious Domain Average number of security incidents by institution size 4 3 10 1.78% Stabuniq Trojan Activity Threat Level Attacks continued to climb each Monthly month between January and June - Trends with the majority of institutions "“hit" during the spring and summer months Geographic Distribution of Offending Sources 10 Top 10 Offenders 1 United States 2 Germany 3 China 4 Russian Federation 5 United Kingdom 6 Ukraine 7 Canada 8 Netherlands 9 Australia 10 Sweden 54% 49 of threats and attacks originated inside the U.S.* countries housed offending IP addresses followed by Germany (7%) and China (6%) "A majority of financial institutions in this study are based in the U.S., so in some cases, traffic to/from non-U.S. IP addresses is blocked Malicious Activity by Country U.S. Germany China • 29.7% 0 29.7% 019.0% O 31.8% 029.5% 0 25.0% O 57.1% 040.5% 09.8% 0 3.1% 08.7% 0 9.1% 04.5% 0 2.4% Serving Exploit Kits Hosting Malicious Contents Forced-Login Attempts Exclucing Explot Kits Launching Scans O Botnet C&C O Others To read the entire SilverSky 1H 2013 Financial Institution Report,visit silversky.com/blog/silversky-1h-2013-financial-institution-threat-report Methodology: SilverSky, the expert cloud provider information security solutions, processed approximately 15 billion raw security events from January to June 2013. Each month, approximately 150,000 potential security incidents were recorded and categorized into low-, medium- and high-severity incidents. The majority of recorded incidents were information-gathering or reconnaissance-related activities (low-severity), and a small number of incidents were likely or confirmed system compromises (medium- and high-severity). This graphic focuses exclusively on medium- and high-severity incidents - 1,513 in total – collected from 925 financial institutions. SilverSky.com SilverSky SECURITY FROM THE CLOUD