Financial institutions traditionally have established some of the most secure perimeters and defenses against cybercriminals and nation-state actors, but new studies show how they often struggle to detect or quell ongoing attacks that have infiltrated their internal networks.
CISOs from major financial firms surveyed and interviewed recently by Carbon Black say they’re seeing attackers moving across their networks under the cover of legitimate applications and tools such as Windows PowerShell (89%), Windows Management Interface (59%), and SSH (28%). Those camouflaged, memory-based attacks – aka file less attacks – were used in more than half of successful breaches of the bank networks, according to Carbon Black.
In addition to the usual Windows utility suspects, Google Drive, unsigned digital certificates, and legit processes hiding malicious code (aka process hollowing), each were found in about 10% of cases at banks.
Read more at DarkReading.