Reading Time: 4 minutes

Not everyone gets into the holiday spirit, but whether or not your stockings are hung by the chimney with care, there are real world cyber grinches out there looking to steal holiday joy and sensitive data. The Financial Sector in particular is a high-profile target for hackers in the cyber industry year-round but the holiday season has historically attracted a larger quantity of cyber criminals who conduct attacks designed to steal money, social security numbers, addresses, and other sensitive information. The volume of e-commerce and e-banking transactions that occur during the holiday season provide ample opportunities for hostile actors to exploit financial institution networks. Specifically, “attacks on SWIFT—the leading global network for money and security transfers—alone cost $1.8 billion year-to-date” Forbes reports. To understand just how vulnerable banking and financial organizations are, let’s review the attacks that financial cyber teams should look out for and then discuss systemic solutions to safeguard finance networks, companies, and their stakeholders.

Financial institutions are susceptible to any of the following cyber attack types:

  • Distributed Denial-of-Service Attacks (DDoS) – DDoS attacks are a weapon that has historically been leveraged against the financial sector. These attacks occur when multiple systems flood the resources of a single targeted system. One of the most historic DDoS attacks occurred back in 2012 when a whopping 6 banks in the US including Bank of America, JP Morgan Chase, U.S. Bancorp, Citigroup, and PNC Bank, were hit by a string of DDoS attacks. Each bank was hit with an unusually high volume of internet traffic, resulting in customers experiencing difficulty when logging into mobile banking apps. This form of malicious vandalism disrupted service and, like many DDoS attacks, acted as a political statement where the hackers sought to shed light on their perceptions of banking organizations. Past evidence has suggested that DDoS attacks actually increase as the holiday season approaches, as consumers are spending more and utilizing mobile banking more frequently. In fact, security firms report a 150% increase in DDos attacks between the summer months and the end of the year.
  • Ransomware – Ransomware can be delivered through various online channels, including through phishing tactics and Remote Desktop Protocol (RDP). RDP allows computers to connect to each other across a network, so that remote users can gain access to various applications on virtual desktops. Cyber criminals may take advantage of financial institutions by deploying ransomware over the holiday season, at a time when stakeholders (aka consumers) may need increased access to funds for purchases. According to a report by TechTarget, most ransomware attacks typically occur during the holidays when network admins and other IT staff are spread thin.
  • Web-Application Attacks – The expansion of online and digital services, including mobile apps, has increased the surface for web application attacks. A web application attack is just that – a hacker gains access to an app through a system vulnerability and is able to access sensitive information. For financial institutions, this relates to online banking, banking apps, and web applications that banks use such as SWIFT mentioned above. According to a report by Akamai, “Looking at the assorted web application attacks, the number of attacks on Christmas Day were comparable to Cyber Monday…this is likely due to the fact retailers want to track their Christmas sales more than any other day of the year, and web application developers end up including a lot more third-party scripts/content on their sites, and attackers take advantage of that.”
  • Banking Trojans – Due to their popularity and high success rate, banking Trojans remain a weapon of choice for conducting malicious cyber attacks. These kinds of attacks involve redirecting traffic from a genuine app to a network the hacker has access to so that they can easily take sensitive information. Tactics used by hostile cyber actors to deliver banking Trojans continue to evolve, adapting to and implementing any technique that can effectively take advantage of a user. In 2017, the Panda Banking Trojan was observed focusing on non-banking targets using an extensive list of injects clearly designed to capitalize on holiday shopping and activities. Similarly, in 2017, the Ramnit Banking Trojan was extremely active during the holiday season, targeting some of the largest banks and retail e-commerce sites in the world. Both of these trojans continue to reappear each year, targeting financial institutions and their customers.

Systemic Cyber Readiness Solutions for Financial Services

  • Expand your view of cyber risk – A cyber attack doesn’t just mean data is compromised the implications are much deeper than that. You may need to shut down systems during recovery, you might lose existing customers, get a bad reputation, or see a decline in new customer acquisition. A deeper understanding of how a cybersecurity event could impact your financial institution will help you better understand what’s at stake and in turn, take action to better protect your company.
  • Proactive cyber learning and training – Hackers are doing their research and implementing attacks using new technologies and strategies every day. Practicing proactive cyber learning to understand the latest cyber threats safeguard your business.
  • Calculate capital – According to the Deloitte Insights Global Risk Management Survey, most financial institutions calculate economic capital for their financial risks, but only 16% calculate how much capital will be needed to support a cyber security incident. An accurate calculation of how much you may need to recover, both in real and unrecognized revenue, will help you better prepare for looming threats.

Don’t let your financial institution fall victim to a holiday hack. Utilize persistent, hands-on, gamified cyber training to put your cyber teams on the front lines of defense. Circadence’s flagship product, Project Ares, ensures higher user engagement and learning retention through the use of cyber ranges. Project Ares utilizes a library of mission scenarios with specific skill-based learning to accurately measure skills and performance, such as:

  • Operation Wounded Bear – This mission is specifically designed to teach users how to protect a financial institution by identifying and removing malware responsible for identity theft and protecting the network from further infections. Users learn intrusion detection, basic malware analysis, and infection containment and eradication.
  • Operation Crimson Wolf – Crimson Wolf teaches users to stop a ransomware attack from spreading and infecting other boxes in the network. They learn computer network defense, incident response management, data forensics and handling, and so much more.
  • Operation Bold Hermit – As a cyber operator, users defend against web attacks by identifying reconnaissance activity and beacons inside a network and locate the attack vector. Users build skills including network management, infrastructure design, and hacking methodologies.

These missions and more cyber learning activities in Project Ares allow users to gain insight into real-world attack scenarios pertinent to their industry in a safe learning environment. These specific mission scenarios can help to keep financial institutions at the front lines of cyber defense over the holidays and year-round. Just like the grinch’s heart, you can grow your cyber defense to stay happy year-round! To learn more about what Project Ares can do for you, visit


Photo by Helloquence on Unsplash
Photo by M. B. M. on Unsplash
Categories: Blog