Pablo Castillo, Cyber Threat Research Analyst at Constella Intelligence, offers Finance Monthly his insight into the cyber threats facing the financial services sector in 2021.

Unsurprisingly, financial services firms and their troves of sensitive data were a big target for threat actors in 2020. The rapid shift to remote work, coupled with insufficient budgets and a lack of training and awareness to mitigate attacks, led to an increased risk for many sectors. Despite the need for cybersecurity and the cost savings it can bring over the long haul (breaches are expensive, especially for financial organisations), businesses prioritised other functions and operations which more directly affected their bottom lines this past year.

Hacker groups took full advantage of these uncertain times. According to VMware Carbon Black, in the first half of 2020, banks faced a 238% surge in attacks. Further, Keeper Security recently revealed that 70% of financial services organizations reported experiencing a cyber-attack in the past year, with a majority of the 370 UK IT respondents suggesting that COVID-related conditions contributed to the increase in severity of attacks.

US Financial Services Subcommittee Chairman Emanuel Cleaver (D-Mo.) explicitly stated back in June 2020, “criminal actors [are] redoubling their efforts to target families, financial institutions, and even governments.” Below, I’ll highlight some of the notable threats these criminal actors pose, specifically as it relates to financial institutions.


Last September, it was reported that one in four Americans received a COVID-19-related phishing email. That number has only risen as we’ve made our way through 2021. The marked increase in phishing scams this past year even led to the American Bankers Association launching the #BanksNeverAskThat campaign. Further, the Financial Crimes Enforcement Network (FinCEN) issued a notice in December alerting financial institutions about the potential for fraud, ransomware attacks, or similar types of criminal activity related to COVID-19 vaccines and their distribution – such as phishing schemes luring victims with fraudulent information about vaccines.

Last September, it was reported that one in four Americans received a COVID-19-related phishing email. That number has only risen as we’ve made our way through 2021.


Per FinCEN, “cybercriminals, including ransomware operators, will continue to exploit the COVID-19 pandemic alongside legitimate efforts to develop, distribute, and administer vaccines.” FinCEN warned financial institutions to stay alert to ransomware targeting vaccine delivery operations, as well as the supply chains required to manufacture the vaccines. There are a myriad of examples of ransomware affecting the fintech industry this past year, and it’s a significant threat to all businesses and individuals across the globe.

Business Email Compromise (BEC)

Another top threat, especially amid COVID-19, is BEC. Among Kroll’s cases impacting the FinServ sector, email compromises were the most observed threat. A July 2020 FinCEN advisory outlined the various ways threat actors are exploiting the pandemic and singled out BEC schemes. Threat actors look to convince banks and lenders, for instance, to redirect payments to new accounts, “while claiming the modification is due to pandemic-related changes in business operations.” Often, these sorts of schemes are preventable, but it comes down to training and awareness to combat social engineering.


According to Accenture’s 2020 Future Cyber Threats report, “disinformation and misinformation is not only a threat to efforts to manage COVID-19, it also impacts the financial sector.”

NASDAQ and Financial Industry Regulatory Authority (FINRA), to name a few, have warned of increases in market manipulation as a result of the pandemic. “Often, market manipulation involves elements of disinformation or misinformation directed at influencing unsuspecting investors to aid criminal actors’ objectives,” the report states. There are a plethora of examples, including a UK bank (pre-COVID, it should be noted) having to reassure its customers of its financial health after its share price dropped 9% due to false rumors spreading on WhatsApp that the bank was shutting down, calling for customers to empty their accounts.

“Disinformation and misinformation is not only a threat to efforts to manage COVID-19, it also impacts the financial sector.”

Mobile Banking Exploitation

The pandemic has accelerated the adoption of digital payments – the Internet Crime Complaint Center (IC3) put out a PSA stating that mobile banking usage has surged as much as 50%. Threat actors look to exploit these platforms, namely via app-based banking trojans and fraudulent apps, but the simple solution to combat these types of threats is to remain vigilant for suspicious activity and verify an app is legitimate before downloading.

Distributed Denial-of-Service (DDoS)

We are seeing a significant increase in DDoS attacks on institutions in banking and across a wide range of sectors, from healthcare to energy. DDoS attacks can, among other things, freeze the operations of financial institution customers. Not long ago, New Zealand’s Stock Exchange Market (NZX) faced a barrage of DDoS attacks, disrupting trading for four consecutive days.

Underground Markets

This past year, my organization also noticed a significant rise in the number of threads, items offered for sale, and hacking information related to COVID-19 on deep and dark web forums. This includes the sale of banking information and tools to exploit physical devices (e.g, ATMs for carding).

Financial organisations can stave off money laundering, account takeover, and identity theft attacks, but it requires a two-pronged approach. Organisations must proactively monitor, detect and uncover identity information found in open sources on the surface, social, deep and dark web. Understanding your digital footprint, as well as your adversaries, is important. However, human error also plays a major role in mitigating cyber threats. Simply training employees on cybersecurity awareness can make a world of a difference. Everyone should understand the signs of a scam and remain vigilant. As we move past the pandemic and transition back to “normal” life, we must not let our guard down – especially when it comes to COVID-19 or cyber safety.


Pablo Castillo is a Cyber Threat Research Analyst at Constella Intelligence – a digital risk protection company that works in partnership with some of the world’s largest organisations to safeguard what matters most and defeat digital risk.