US Most Impacted by Data Breaches in the Financial Industry in 2022

The financial sector ranked second across all industries for data breaches in 2022, according to Flashpoint’s 2022 Financial Threat Landscapepublished on December 20, 2022.

The US was the most impacted country, followed by Argentina, Brazil and China.

Approximately 57% of these breaches targeting financial institutions worldwide have been attributed to ‘general hacking.’ In comparison, about 6.5% were as a result of ATM skimming, a PIN-stealing technique targeting credit and debit cards by rigging machines with hidden recording devices.

General hacking includes phishing and e-skimming methods and different types of malware, such as ATM malware and ransomware.

While Flashpoint analysts found that “ATM malware represented one of the most popular malware and service offerings in 2022, [they] have [also] observed that threat actors specializing in ATM fraud often share slightly out-of-date techniques and tools, likely out of a desire to protect the most cutting-edge methods for their private use. Over the past year within Flashpoint’s Telegram collections, for example, multiple threat actors used the same three images to advertise ‘deep insert skimmers,’ suggesting that threat actors are less likely to share new tactics, techniques and procedures for free,” the report reads.

“Advertisements for ATM card skimmers or tutorials on how to employ them are commonly featured on popular markets, such as AlphaBay. They commonly sell for between $500 and $1000.”

Another popular type of malware found by Flashpoint in 2022 was banking trojans. “This year, a number of mobile-based banking trojans re-emerged after varying durations of inactivity. In addition, new banking trojans appeared that masquerade as legitimate mobile applications,” the report reads.

Some of the most popular trojans analysts observed in 2022 were Xenomorph, Sova and Teabot.

Flashpoint also saw a few ransomware groups that targeted financial institutions in 2022, including LockBit, Conti and Corp Leaks, an English-language ransomware group possibly affiliated with REvil. However, “the financial sector was not one of the most-targeted sectors for ransomware activity in 2022.”