Friday, May 30, 2025

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Creators Network
    • Latest Posts
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • Calendar View
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network 

Home » Security Bloggers Network » 2023 State of the Threat for Financial Services and Banks

SBN

2023 State of the Threat for Financial Services and Banks

by Jenn Jeffers on May 18, 2023

Arkose Labs’ extensive analysis in 2022 delved into current threats across various industries, revealing the frequency and types of attacks that plague today’s landscape. Explore valuable insights on emerging threats for financial services and banks, and gain access to recommended best practices for a more secure future.

In the rapidly evolving landscape of financial services, fintechs and online banks are facing a growing number of threats that could compromise their security and disrupt their operations. From cyberattacks and data breaches to regulatory compliance and customer trust, these threats pose significant risks to the stability and longevity of financial institutions.

Fintechs and online banks are particularly vulnerable to cyber threats due to their reliance on digital systems and networks. Further, they are a high value target for scammers, as an account takeover can bring in hefty dollars for a scammer. Both financial models must constantly stay up to date with the latest cybersecurity measures to protect their systems and sensitive customer data from hackers and other malicious actors. 

Techstrong Gang Youtube
AWS Hub

Identifying Threats in Financial Services

Arkose Labs collaborates with a vast global network of customers, using anonymized threat intelligence sourced from over 4.1 billion IP addresses annually to fight cyberattack. From the outset, Arkose Labs provides an extensive database of more than 4,000 characteristic patterns of fraudulent activities. 

After scrutinizing billions of sessions conducted by some of the globe’s most prominent corporations between January 1, 2022, and December 31, 2022, we found an onslaught of potential threats. Our report on the state of threats highlights these dangers and offers insights into the sectors that are most targeted by today’s threat actors and bot attacks. 

Leveraging data-driven insights from the Arkose Labs Global Network™, we aim to identify key trends in cybercrime and online fraud faced by banks, fintechs, and other institutions today and, more importantly, find ways for financial services to overcome them.

To learn more, download our new eBook: 

Bad Bots and Beyond: 2023 State of the Threat Report
RECOMMENDED RESOURCE
Bad Bots and Beyond: 2023 State of the Threat Report
ACCESS

Suspicious Traffic Plagues Finance

In 2022, the finance sector witnessed a considerable upsurge in suspicious traffic rates. Although fintechs and banks were hit with an onslaught of attacks orchestrated by human fraud farms during Q3 and Q4, which accounted for over twice the volume of attacks seen in Q1 and Q2, the real increase came from a 3.5x surge in automated attacks between the first and second half of the year. These alarming statistics highlight the pressing need for robust and innovative measures to counteract these threats, which continue to evolve in complexity and sophistication.

Our threat research team has been monitoring the financial services sector and uncovered a concerning trend—account takeover (ATO) attacks have become increasingly prevalent. In fact, one out of two attack attempts observed by our team were related to ATO threats. Unauthorized access to a bank account can lead to significant financial loss for the victim, including theft of funds, fraudulent transactions, and unauthorized access to personal information. The actual value of the account takeover will depend on factors such as the account balance, available credit, and any additional linked accounts or financial instruments.

To make matters worse, our team discovered that the frequency of ATO attacks had been on the rise in the financial services sector. Some reasons why include:

Increased value of financial data: The financial services sector holds vast amounts of valuable financial data, including bank account information, credit card details, and personal identification data. This information has become increasingly valuable on the black market, attracting cybercriminals who seek to profit from unauthorized access to bank accounts. As the value of financial data rises, so does the frequency of ATO attacks targeting the financial services sector.

Advancements in hacking techniques: Cybercriminals are continually evolving their tactics and techniques to bypass security measures and gain unauthorized access to bank accounts. They leverage advanced hacking tools, exploit software vulnerabilities, and employ social engineering methods to trick individuals into revealing their login credentials. The constant development and availability of hacking resources contribute to the rising frequency of ATO attacks in the financial services sector.

Global interconnectedness and digitalization: The financial services sector operates within a globally interconnected network, facilitating seamless transactions and account access across borders. While this digitalization brings convenience and efficiency, it also presents opportunities for cybercriminals to exploit vulnerabilities. With the increasing number of online banking platforms, mobile payment systems, and digital wallets, the attack surface for ATO attacks expands, leading to a higher frequency of such attacks in the financial services sector.

The rise in attacks shows that it’s important for the industry to stay alert and take action to protect against these threats. This includes implementing strong authentication and identity verification measures.

Automated Attacks vs. Human Fraud Farms

Automated attacks on businesses are not the same as human-driven fraud. While automated attacks are carried out using automated tools, scripts, and bots, human fraud farms involve groups of individuals working together to create and launch various types of online attacks. 

Automated attacks are typically conducted by malicious actors who use software programs to exploit system vulnerabilities, steal data, or carry out other malicious activities without human intervention. Examples of automated attacks include malware infections, DDoS attacks, and automated phishing campaigns. These types of attacks can be launched on a large scale and can be executed rapidly, making them particularly effective at causing widespread damage.

Human fraud farms can comprise dozens or even hundreds of people who are hired by criminal organizations to carry out a range of fraudulent activities, such as creating fake social media profiles, posting fake reviews, engaging in click fraud, or carrying out phishing attacks.

Fraud farms often operate like sweatshops, with workers being paid low wages and forced to work long hours under oppressive conditions. Some workers may not even be aware that they are participating in illegal activities, as they may be misled into believing they are performing legitimate work.

Fraud Farms Are Major Threat to Financial Services Sector

When it comes to payment and monetization-related attacks, our research has shown that the vast majority of these attacks are not automated. In fact, only a minuscule portion of attacks in this category were carried out using automated methods. 

Instead, the most prevalent type of attack in the financial category was human fraud farms. These attacks are often carried out by a group of individuals working together to conduct fraudulent activities, including account takeovers, fake purchases, and other forms of financial fraud. The popularity of human-led attacks in this area emphasizes the need for businesses to implement robust measures to detect and prevent such attacks, such as multi-factor authentication, behavior analysis, and other fraud detection mechanisms.

Financial Services vs. A Host of Attacks

Besides human fraud farms, several significant threats to financial services have come on the scene. Some of the biggest threats today include:

Phishing attacks: These attacks involve sending fraudulent emails or messages to individuals, tricking them into revealing their sensitive financial information or clicking on malicious links that can lead to malware infections.

Account takeover attacks: These attacks involve gaining unauthorized access to an individual’s account, usually through stolen or compromised login credentials, and carrying out fraudulent activities.

Malware attacks: These attacks involve infecting a user’s computer or device with malicious software that can steal sensitive financial information or carry out other malicious activities.

DDoS attacks: These attacks involve overwhelming a financial institution’s website or network with traffic, causing it to become unavailable to legitimate users and disrupting normal operations.

Insider threats: These threats involve malicious actions carried out by employees or contractors of financial institutions, such as stealing sensitive data or carrying out unauthorized transactions.

Third-party attacks: These attacks involve exploiting vulnerabilities in third-party service providers that financial institutions rely on, such as payment processors or cloud service providers.

Discover more about protecting financial services in the case study:

Global Online Payment Company Achieves Significant Cost Savings with Arkose Labs
RECOMMENDED RESOURCE
Global Online Payment Company Achieves Significant Cost Savings with Arkose Labs
ACCESS

How to Protect Financial Services

There are several strategies that financial services can implement to guard against fraud farms and other online threats:

Multi-factor authentication: Requiring users to provide more than one form of identification, such as a password and a biometric identifier, can help prevent account takeover attacks and unauthorized access.

Real-time monitoring: Implementing real-time monitoring and alert systems can help detect and prevent fraudulent activities as they occur, allowing for rapid response and mitigation.

Behavioral analytics: Analyzing user behavior and identifying anomalies can help detect fraudulent activities, such as unusual login patterns or changes to account information.

Encryption: Implementing strong encryption measures can help protect sensitive data from being intercepted or stolen during transit.

Regular security training: Providing regular security training to employees and customers can help raise awareness of online threats and best practices for staying safe online.

Third-party risk management: Conducting regular security assessments of third-party service providers and ensuring they meet industry security standards can help prevent vulnerabilities that could be exploited by attackers.

Fraud intelligence and collaboration: Sharing threat intelligence and collaborating with other financial institutions and industry partners can help detect and prevent attacks and identify new emerging threats.

By implementing a comprehensive security strategy that includes these and other measures, financial services can better protect themselves and their customers from online threats, including fraud farms.

Arkose Labs Secures Financial Sector

The Arkose Labs platform offers customers in finance and fintechs a platform that uses a combination of advanced analytics and user engagement techniques to detect and prevent bot attacks and human fraud. It works by presenting users with interactive challenges from Arkose MatchKey that are designed to differentiate between human users and bots. 

The challenges of Arkose MatchKey are based on a range of factors, including user behavior, device characteristics, and other contextual information. By analyzing how users interact with these challenges, the platform can accurately distinguish between real users and bots or fraudulent actors.

The platform also offers a range of other security features, such as device fingerprinting, IP reputation analysis, and behavioral biometrics. These techniques allow Arkose Labs to build a comprehensive profile of each user, enabling them to detect and prevent fraud and abuse in real-time. As a result, financial services businesses find a highly effective solution for protecting against bot attacks and human fraud, helping to safeguard their assets, reputation, and customers. 

Find out how Arkose Labs protects finance and banks—book a demo.

*** This is a Security Bloggers Network syndicated blog from Arkose Labs authored by Jenn Jeffers. Read the original post at: https://www.arkoselabs.com/blog/2023-state-threat-financial-services-banks/

May 18, 2023May 18, 2023 Jenn Jeffers account takeover, Phishing
  • ← Applying Service Accounts Security Best Practices with Silverfort
  • Top AWS DevOps Tools To Change Your Cloud Build and Deployment Game →

Techstrong TV

Click full-screen to enable volume control
Watch latest episodes and shows

Security Field Day

Upcoming Webinars

How to Spot and Stop Security Risks From Unmanaged AI Tools
Software Supply Chain Security: Navigating NIST, CRA, and FDA Regulations

Podcast

Listen to all of our podcasts

Press Releases

GoPlus's Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

Subscribe to our Newsletters

ThreatLocker

Most Read on the Boulevard

RSA and Bitcoin at BIG Risk from Quantum Compute
Unsophisticated Actors, Poor Hygiene Prompt CI Alert for Oil & Gas 
Understanding the Importance of Incident Response Plans for Nonprofits
Victoria’s Secret Hit By ‘Security Incident’ After Attacks on UK Retailers
FTC Orders GoDaddy to Bolster its Security After Years of Attacks
When AI Fights Back: Threats, Ethics, and Safety Concerns
Massive Data Breach Exposes 184 Million Login Credentials
Building a Secure LLM Gateway (and an MCP Server) with GitGuardian & AWS Lambda
Google Boosts LiteRT and Gemini Nano for On-Device AI Efficiency
Cisco Unveils JARVIS: AI Assistant Transforming Platform Engineering

Industry Spotlight

USDA Worker, 5 Others Charged in Food Stamp Fraud Operation
Cyberlaw Cybersecurity Data Security Featured Governance, Risk & Compliance Identity & Access Industry Spotlight News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight 

USDA Worker, 5 Others Charged in Food Stamp Fraud Operation

May 30, 2025 Jeffrey Burt | Yesterday 0
Victoria’s Secret Hit By ‘Security Incident’ After Attacks on UK Retailers
Cloud Security Cybersecurity Data Security Featured Incident Response Industry Spotlight Malware Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence Threats & Breaches 

Victoria’s Secret Hit By ‘Security Incident’ After Attacks on UK Retailers

May 29, 2025 Jeffrey Burt | 1 day ago 0
Microsoft Opens Windows Update to 3rd-Party Apps
Application Security Cybersecurity Data Privacy Data Security DevOps Endpoint Featured Governance, Risk & Compliance Humor Incident Response Industry Spotlight Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threats & Breaches Vulnerabilities 

Microsoft Opens Windows Update to 3rd-Party Apps

May 29, 2025 Richi Jennings | 1 day ago 0

Top Stories

SentinelOne Outage Leaves Security Teams Hanging for Six Hours
Cloud Security Cybersecurity Data Security Featured Governance, Risk & Compliance Incident Response Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence 

SentinelOne Outage Leaves Security Teams Hanging for Six Hours

May 30, 2025 Jeffrey Burt | Yesterday 0
Zscaler Moves to Acquire Red Canary MDR Service
Cybersecurity Featured News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight 

Zscaler Moves to Acquire Red Canary MDR Service

May 30, 2025 Michael Vizard | Yesterday 0
FTC Orders GoDaddy to Bolster its Security After Years of Attacks
Application Security Cloud Security Cybersecurity Data Privacy Data Security Featured Governance, Risk & Compliance Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence Threats & Breaches 

FTC Orders GoDaddy to Bolster its Security After Years of Attacks

May 28, 2025 Jeffrey Burt | 2 days ago 0

Security Humor

Orange Open Sign on Window

Microsoft Opens Windows Update to 3rd-Party Apps

Download Free eBook

7 Must-Read eBooks for Security Professionals

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Creators Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Cloud Native Now
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2025 Techstrong Group Inc. All rights reserved.
×

Security in AI

Step 1 of 7

14%
How would you best describe your organization's current stage of securing the use of generative AI in your applications?(Required)
Have you implemented, or are you planning to implement, zero trust security for the AI your organization uses or develops?(Required)
What are the three biggest challenges your organization faces when integrating generative AI into applications or workflows? (Select up to three)(Required)
How does your organization secure proprietary information used in AI training, tuning, or retrieval-augmented generation (RAG)? (Select all that apply)(Required)
Which of the following kinds of tools are you currently using to secure your organization’s use of generative AI? (select all that apply)(Required)
How valuable do you think it would it be to have a solution that classifies and quantifies risks associated with generative AI tools?(Required)
What are, or do you think would be, the most important reasons for implementing generative AI security measures? (Select up to three)(Required)

×