The UK’s financial sector is facing a new threat due to the ongoing geopolitical war between Ukraine and Russia that sparked the interest of threat actors to perform cybercrime. Ukraine has been backed by the UK during the earliest period of Russia’s invasion, thus making them another target for cybercriminals.
For the financial sector, advanced persistent threat groups are the ones to attack usually, aiming to steal account credentials and card numbers. These threat groups also target customers’ personally identifiable information or PII since it can aid them in social engineering procedures and use someone else’s identity to commit fraud.
The previous years have seen records of APT groups such as APT40 and APT31 targeting different organisations worldwide, including those in the UK. The Chinese-based APTs have utilised critical vulnerabilities to launch attacks on UK businesses.
APT groups have targeted the financial sector mainly to carry out fraudulent activities, such as hacking victims’ bank accounts to do illegal transactions or infiltrate the internal financial systems of companies.
Researchers noticed massive exposed data from the UK being a sought-after product for underground clients that search for PIIs, banking credentials, and other internal data on the dark web.
A record of at least 16,000 leaked credentials associated with UK financial firms has surfaced online from January 2021 to February 2022. The leaked data involved in these findings include those from RedCappi, Oxfam, and ParkMobile.
The analysts also added that since the UK has contributed significantly to the global economy, foreign companies impacted by cyberattacks would likely affect the UK businesses. For instance, many threat actors were seen selling network access from the UK’s fintech companies, listed for about $300 in underground marketplaces.
Aside from trading the data of the UK’s fintech firms on the dark web, ransomware operators have also posed threats against the country’s financial sector. In 2021, there was a record of 135 UK financial firms being hit with ransomware attacks. This number of discovered companies might only be a fraction of the total number of firms victimised by cybercriminals in the UK.
Researchers noted that the most notorious threat groups that hit the UK include Conti, LockBit, Pysa, and Sodinokibi.
