Threat Intel Flash: Sisense Data Compromise: ARC Labs Intelligence Flash

Get the Latest


Researchers Warn of APTs, Data Leaks as Serious Threats Against UK Financial Sector

Researchers say that geopolitical tension, ransomware, and cyberattacks using stolen credentials threaten the UK’s financial sector. On Monday, KELA’s security team published a report examining the cybersecurity issues and attacks that surfaced in 2021 and early 2022, specifically focused on the United Kingdom’s banks and other financial services.

The UK was one of the first countries to stand with Ukraine after the invasion by Russia. This could make UK organizations a tempting target for threat actors siding with Russia — whether by state-sponsored Advanced Persistent Threat (APT) groups or hacktivists. The National Cyber Security Centre (NCSC) previously warned businesses to shore up their cybersecurity following Russia’s assault. APTs are often responsible for attacking the financial sector: account credentials, card numbers, and the Personally Identifiable Information (PII) of customers are useful not only in social engineering and identity theft but also to make fraudulent purchases or for card cloning. APTs target organizations worldwide, and those located in the UK are no exception. Over the past few years, APTs, including the Chinese APT40 and APT31, have utilized vulnerabilities, including ProxyLogon, to compromise UK businesses.

Analyst Notes

APTs target a range of organizations outside government and defense organizations, and although they are sometimes in possession of sophisticated zero-day exploits, these are usually only burned on the highest value targets for their mission. More commonly, APTs will get a foothold on a network just like any other threat actor, using phishing, or brute forcing RDP or VPN services exposed to the public Internet. Train employees to spot and report suspicious emails, and to never enable macros on Office documents unless they are absolutely certain there is a business need. Use mandatory two-factor authentication for accounts on RDP or VPN services and require employees to use long, unique, randomly generated passwords stored in a password manager. It is also recommended to have endpoint monitoring set up using an EDR solution with the alerts triaged either by a 24/7 internal SOC or a service like Binary Defense.