Thought Leadership

The Rising Tide of Cyber Threats Facing U.S. Regional Banks

Regional banks play a critical role in the U.S. financial system, providing essential services to local communities. However, they face growing cybersecurity risks. Recent incidents show how sophisticated cybercriminals are targeting regional banks, aiming to exploit any vulnerability. These threats disrupt the financial fabric of the banks' local communities and pose broader economic implications.

Traditional and Novel Cyber Threats

Here is a review of widely known cyber intrusions, as well as emerging threats that confront regional banks today.

  • Ransomware Attacks
    Ransomware continues to be a menace. Attackers encrypt a bank’s systems and demand exorbitant ransoms for decryption keys. The sophistication of these attacks is evolving, with cybercriminals employing more complex ransomware strains and double extortion tactics.

    Real Case: In 2001, the AvosLocker ransomware group attacked a California community bank. It encrypted the bank's computer systems and stole sensitive customer information. The bank notified its customers of the breach and offered credit monitoring services, incurring financial, operational, and reputational costs due to the attack.1

  • Supply Chain Attacks
    In a supply chain attack, cybercriminals target less secure elements in a bank's supply chain to eventually compromise the bank itself. By infiltrating third-party service providers, attackers can gain unauthorized access to the bank's systems.

  • Data Breaches
    Regional banks are repositories of sensitive customer data. Any breach could be a gold mine for cybercriminals. The stolen data can be sold on the dark web or used for identity theft, fraud, or spear phishing campaigns targeting individuals or other institutions.

    Real Case: In an attack on a regional bank in Virginia, cybercriminals gained access to the bank's network and stole $2.4 million. The banks suffered two intrusions into its ATM and debit card network. In both cases, the intruders penetrated an internal workstation via phishing effort and an infected Microsoft Word document.2

  • AI-Powered Cyber Attacks
    The integration of artificial intelligence (AI) by malicious actors to automate and enhance their attack capabilities represents a significant threat. AI can be used to rapidly exploit vulnerabilities, bypass security measures, and conduct social engineering attacks at scale.

  • Distributed Denial of Service (“DDoS”) Attacks
    DDoS attacks overwhelm bank websites with junk traffic, denying legitimate users access to online services. These attacks can serve as a smokescreen for other malicious activities, diverting attention from data exfiltration attempts.

    Real Case: Cybercriminals used a botnet and attacked vulnerable servers to overwhelm a bank's website. The attack generated over 20 gigabits per second of traffic, leveraging protocols and IPsec tunnels to amplify the assault. The threat, however, was averted.3

  • Cryptojacking
    Cryptojacking involves the unauthorized use of a bank's computing resources to mine cryptocurrencies. This results in financial losses and can result in financial losses but can also degrade system performance and cause service disruptions.

  • Insider Threats
    Insiders with malicious intent can abuse their access privileges to siphon off funds or leak sensitive information to external cybercriminals. The damage from insider threats can be monumental, often going unnoticed until it is too late.

  • Zero-Day Exploits
    Zero-day exploits are attacks that take advantage of vulnerabilities unknown to the vendor. Regional banks may be ill-equipped to defend against unknown vulnerabilities, making zero-day exploits a notable threat.

Impacts and Implications of Cyber Attacks

The real-life case examples above briefly touch upon the negative effects banks can suffer at the hands of hackers and other cybercriminal archetypes. If not equipped to fend off attacks on their technology infrastructure, most banks will experience one or more of the following consequences:

  • Financial Losses
    The financial repercussions from cyber incidents can be substantial, with losses potentially extending beyond immediate recovery costs. According to recent research, financial firms lose nearly $6 million per data breach.

  • Reputational Damage
    Novel cyber threats can lead to high-profile incidents, resulting in severe reputational damage and loss of customer confidence. Negative attention from mainstream and social media spreads quickly. The perception that a bank cannot securely protect a customer’s assets or information could be disastrous for its bottom line.

  • Service Disruption
    Disruptions to critical services from cyber threats can have wide-ranging impacts on both the bank and the communities they serve.

Legal and Regulatory evolution

The legal and regulatory landscape is evolving to curb cyber threats. Regional banks now face stringent compliance requirements with laws like the New York Department of Financial Services Cybersecurity Regulation setting a precedent. While becoming cyber compliant is an expense for regional banks, it is an exceedingly small price to pay compared with the financial and reputational cost of a successful cyber-attack.

A Necessary Investment

Ultimately, regional banks must commit to a standard of cybersecurity that sufficiently protects themselves and their customers from adverse cyber incidents. Here are some of the most basic measure to implement.

  • Robust Security Controls
    Implementing multi-layered security measures such as advanced threat detection and response systems, alongside traditional measures like tokenization and end-to-end encryption, is crucial.

  • Cybersecurity Training
    A joint study by Stanford University professor Jeff Hancock and firm Tessian found employee mistakes cause 88% of data breaches. Training programs should evolve to address the novel threats, especially those that educate employees on recognizing and mitigating emerging risks.

  • Incident Response Plan
    Developing a flexible incident response plan that can adapt to diverse types of cyber threats is essential for minimizing damage and ensuring rapid recovery.

Fostering a Culture of Cybersecurity

The emergence of novel cyber threats targeting U.S. regional banks accentuates the urgent need to enhance cybersecurity measures. By fostering a culture of continuous learning, adapting to the evolving regulatory landscape, and investing in advanced security technologies, regional banks can significantly mitigate the risks posed by both traditional and emerging cyber threats. These measures can safeguard the trust of the communities they serve and fortify the broader financial ecosystem against burgeoning cyber threats.

Contact us for a complimentary assessment of your reputation risk framework Let's Connect
1
Source: Community Banking Connections, “Recent Trends in Ransomware,” (by Chad Siegrist and Jason Tarnowski, 2022). https://www.communitybankingconnections.org/articles/2022/i3/ransomware-year-in-review

2
The information regarding the cyber attack on a regional Virginia bank, specifically the National Bank of Blacksburg, which lost $2.4 million due to a cyber-heist, is sourced from a Threatpost article dated July 26, 2018. The attack affected the STAR ATM and debit network following a successful phishing attack that compromised the bank's internal networks. Source: Threatpost, “Regional Virginia Bank Falls Victim to Coordinated $2.4M ATM Heist,” (by Tara Seals, July 26, 2018). https://threatpost.com/regional-virginia-bank-falls-victim-to-coordinated-2-4m-atm-heist/134425/

3
Source: Infosec Resources, “Inside a DDoS attack against a bank: What happened and how it was stopped,” (by Bianaca Gonzalez, November 7, 2022) - https://resources.infosecinstitute.com/topics/general-security/ddos-attack-bank/