From data theft to ransomware: threats and protection in the financial sector

Many companies have strengthened their defence measures against cyber attacks and are constantly developing them, just as we do at Deutsche Bank. Nevertheless, we are constantly faced with new methods of attack, such as the current supply chain attack. Here, companies are not attacked directly, but rather partners and suppliers with whom a company works are targeted. The partner or supplier is then used as a springboard to attack the actual target.

Phishing, which is still frequently used, is also a well-known attack pattern that is becoming increasingly sophisticated. Emails are sent that contain a link or attachment that you are supposed to click on. As soon as you click on this link or attachment, the attackers can steal passwords or infect a computer. You could say that the person in front of the computer is under direct attack.

Many companies have strengthened their defence measures against cyber attacks and are constantly developing them, just as we do at Deutsche Bank.Sven Schaumann

In addition to phishing, there is another method called social engineering, or social manipulation, which targets people directly. Hackers also rely on human weaknesses and behaviour. Their aim is to get people to disclose sensitive information or perform certain actions. They build trust, create fear or pose as authority figures.

That's a good point. AI cannot currently attack us directly, but it can help attackers to improve their methods. By using AI, for example, phishing campaigns can be organised more effectively. Publicly available personal data can be used to create personalised emails that are very convincing. With the help of deepfake, it is even possible to use AI to fake people in video conferences.

AI cannot currently attack us directly, but it can help attackers to improve their methods.Sven Schaumann

But we as defenders can also make use of AI to detect attacks as early as possible and thus counteract them very quickly or initiate automatic countermeasures. The challenge here is that for 100 attacks we need to succeed 100 times, while an attacker only needs to succeed once.

To understand the goals of hackers, it is important to understand what motivates them. We often see financial motivation where hackers want to make money by encrypting data, extorting ransom or carrying out fraudulent activities. Or they steal data and intellectual property to gain a market or military advantage. Some hackers act out of purely destructive motives to cause damage or spread chaos.

There are also politically motivated hackers who spread misinformation to cause confusion, manipulate people or achieve specific goals, such as political change or discrediting institutions. There is often an overlap between these motivations and the reasons behind hacker attacks can be complex.

Attacks are a serious threat not only to the financial sector, but especially to banks and insurance companies. Their aim is often to steal data or manipulate payment transactions.

Ransomware attacks are particularly dangerous. For example, criminals use malware to gain access to data and encrypt it. An attack often serves to cripple a company’s systems. Both are devastating and so the criminals have leverage to extort ransom money, for example.

Unfortunately, such malware attacks are a well-established business model for criminals and the fastest growing area of ​​cybercrime. It has already affected various large corporations, but also medium-sized companies, hospitals and local authorities. It can even affect private individuals.

The attacks are becoming more and more professional and when criminals are successful, it costs the victims a lot of time and money.

I'd like to come back to the onion principle, which Petra also explained in the video. Deutsche Bank protects itself against cyber attacks by means of various layers. If one layer of defence fails, another is taking over.

There are different measures to counteract different types of attacks, including ways to quickly restore systems and solid defence. Our team, also known as the Security Operations Center (SOC), works around the clock to protect our clients’ data and the bank's systems. Obviously, that’s all I can really say about that – for security reasons.