In a recent report, security researchers have stated that geopolitical tensions, credentials theft, ransomware and other cyberattacks are now threatening the financial sector here in the United Kingdom.

Malicious actors are increasingly drawn to the financial industry, with businesses operating within it presenting attractive targets for rich rewards when schemes and scams are successfully executed.

Attacks aimed at UK financial institutions and service

In a recent report published by the dedicated security team of KELA, researchers examined the attacks and associated cybersecurity issues that occurred last year and in the early months of 2022. The report focused on financial services and banks in the UK.

Britain was among the first nations to stand alongside Ukraine after the Russian invasion. As a result, UK organisations have become a tempting target for malicious actors that side with Russia. Such entities include advanced persistent threat (APT) attackers with state sponsorship and hacktivists. The UK’s National Cyber Security Centre (NCSC) has previously issued a warning to British businesses to bolster their cybersecurity defences and measures following the Russian assault on Ukraine.

APTs are commonly responsible for attacks unleashed on the financial sector. User account credentials, payment card numbers, and customers’ personally identifiable information (PII) are useful to them for social engineering attacks and identity theft, making fraudulent purchases and card cloning.

APT groups target organisations on a global scale and those based in Britain are not an exception. In recent years, APTs like the China-based APT31 and APT40 have made use of vulnerabilities like ProxyLogon to attack British businesses.

Researchers at KELA commented:

“In general, APTs may target the financial sector to commit fraud, burglarise ATMs, execute transactions, and penetrate organisations’ internal financial systems. Although specific threats to the UK financial sector have not been identified, there is no doubt that the UK has occasionally been a target of APT groups during 2021.”

UK data in great demand

After exploring forums on the dark web, the researchers also found that exposed corporate data from the UK is a commodity much in demand by cybercriminals, especially those hunting for internal data, user access credentials and PII.

For instance, in January last year, a user on the Russian hacker forum known as ExploitIn requested a “UK database leak.” The same forum this year hosted another order for data, asking for targeted bank leads for the UK, listing details desired like dates of birth, full names, bank names and sort codes, along with addresses and postcodes.

The security team at KELA commented on how British company’s data is disclosed:

“As the UK plays a significant role in the global economy, often providing services to international companies and organisations, it is likely that breaches related to foreign companies would affect UK firms.”

Between the dates January 2021 and February 2022, researchers at KELA tracked almost 16,000 unique, leaked user credentials connected to UK financial organisations that had appeared online. The information included data leaked during headline breaches like those involving RedCappi, Oxfam and ParkMobile.