Connect with us

Hi, what are you looking for?

Tech & Science

Ransomware incidents reported to UK financial regulator have doubled

Ransomware remains a scourge for every sector and every security team.

An Apex Legends event was postponed by organizers after two players appeared to be hacked and given unwanted cheat devices
An Apex Legends event was postponed by organizers after two players appeared to be hacked and given unwanted cheat devices. — © AFP/File Denis Charlet
An Apex Legends event was postponed by organizers after two players appeared to be hacked and given unwanted cheat devices. — © AFP/File Denis Charlet

The number of security incidents and ransomware incidents reported to the UK financial services regulator, the Financial Conduct Authority (FCA) – obtained by Freedom of Information request – appear to be increasing. The request was made by the security firm Picus, who have used the information to perform a level of analysis.

Picus submitted a Freedom of Information (FoI) request to the UK Financial Conduct Authority (FCA) to understand the degree to which cybercrime has impacted the finance sector in the first six months of 2023. The data we obtained reveals a resurgence in ransomware-related incidents following a quieter 12 months in 2022. This highlights the vulnerabilities faced by financial services.

As part of the request process, Picus received month-by-month data on the number and type of incidents reported to the FCA by financial organizations. This information can be compared to previous FCA data breach statistics, including Picus requests for FCA data in 2021 and 2022.

The analysis reveals how the FCA received 51 cyber incident reports in 2023, which was up 10 percent compared to 2022. There were twice as many ransomware incidents were reported in 2023 compared to the same period in 2022.

In terms of the types of security risks, nearly a third of all cyber incidents reported in 2023 were categorized as ransomware (31 percent). This percentage is up from 11 percent in the equivalent period for 2022.

Far more cyber incidents are reported to the FCA in March than in any other month. Since 2021, 12.8 reports, on average, have been submitted in March. December is the quietest month for FCA cyber incident reports (2.5).

Commenting on the findings, Dr. Suleyman Ozarslan, Co-Founder and VP of PicusLabs states: “Ransomware remains a scourge for every sector and every security team. Our data reflects a common pattern seen in recent years. Ransomware gangs burst onto the scene, scale up their campaigns, and put a target on their backs. After the coordinated crackdowns and arrests from global government agencies, ransomware activity can start to die down until the next group looks to fill the void left by their predecessor.”

Considering the impact of these events, Ozarslan adds: “The first six months of 2023 was a hectic period for financial services security teams. This sector has always been one of the biggest targets for both politically and financially motivated cybercriminals. Cl0p Ransomware, for example, is known to target major banks.”

Looking at the reasons for the incidents further, Ozarslan identifies: “Two major Microsoft vulnerabilities may have also contributed to more incidents than usual this year, as was the case in 2021 when the Hafnium hacking group was actively exploiting another Microsoft Exchange Server bug. The increasing complexity of malware deployed by adversaries may also be a factor. The Picus Red Report 2023 found that modern malware is now capable of performing far more actions across the cyber-kill chain, to more effectively evade defences. More than one-third of malware samples exhibit more than 20 individual Tactics, Techniques and Procedures.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Tech & Science

Artificial intelligence built on mountains of potentially biased information has created a real risk of automating discrimination.

Entertainment

Kevin Costner launches his sprawling self-funded Western and Demi Moore returns in a gore-filled body horror.

Business

A stranded cargo ship that has been blocking one of America's busiest ports will be removed Monday.

World

For a decade, French former childcare worker Sophie Rollet carried out her own, lonely investigation to make Goodyear accountable.