Assessing the threat to the Asset and Wealth Management sector

The Asset and Wealth Management (AWM) sector plays a vital role in managing the world’s financial capital, and is estimated to be worth USD 145 trillion by 2025.1 It is this level of wealth that attracts cyber criminal threat actors, making financially motivated crime the top threat facing AWM organisations.

We've recently seen private equity firms targeted by ransomware operations, like DoppelPaymer against a US organisation and Maze against a French organisation. Both cases involved the exfiltration of sensitive data from the victims’ networks prior to the encryption of their files.

This reflects a growing trend by ransomware actors of using the threat to expose stolen data on their “leak sites” to increase the level of coercion on victims to pay the attackers’ ransom demands. This also means that victims of such an attack must add the regulatory impact of a ransomware-leveraged data breach to the disruption caused by system outages caused by the malware itself.

Cyber security threats facing the AWM sector

The significant funds managed by the AWM sector are likely to attract those seeking direct monetary gain, where high-value fraud attempts via business email compromise (BEC) and ransomware attacks remain popular attack vectors. The ‘cyber’ element of such attacks allows them to be conducted with lower risk and higher reward. Increasingly, cyber criminals are working towards more targeted attacks, choosing larger and more lucrative targets, and spending more time learning about their victims to increase their chances of success.

With rising costs and new players in the market, the increasing competition in the AWM sector is also putting pressure on individual organisations to survive – and incentivising criminal behaviour. Traditional methods of industrial espionage have now shifted over to the cyber domain. Knowledge of future transactions, for example, could result in large financial gain for rival firms or individuals operating in the same market. Similarly, proprietary data such as investment research, predictive models and algorithms are likely to carry a high value to competitors.

The FinTech revolution has also broadened the threat landscape and opened up new avenues for attack. An increasingly interconnected environment has created opportunities for threat actors to move across victim networks. As the sector looks to develop and embrace new technologies, innovative research in this area is likely to be highly sought after, giving those in a competitive scenario a market edge.

What methods are threat actors using?

BEC attacks are one of the most popular methods used to target investors. In this specialised form of spearphishing, threat actors attempt to imitate a real person in order to trigger payment into an account under its control. We have observed a rise in targeted BEC attacks in recent years, making use of extensive social engineering techniques to coerce victims into making payments. The most sophisticated attempts involve the hijacking of a legitimate email account, making it difficult to differentiate fraudulent transactions from the legitimate ones. In May 2020, a Norwegian investment fund was targeted by a threat actor impersonating a microfinance institution, successfully managing to divert USD 10 million in “funding” from the victim.2

Ransomware is also an increasingly prominent threat, with the operators behind some of the most prevalent ransomware families updating their tactics to steal information from victims, in addition to encrypting files. The perceived wealth of the sector combined with its handling of sensitive data makes AWM organisations a prime target for this type of attack. We do not recommend that organisations pay a ransom demand unless there is a threat to life, since there is no guarantee that encrypted data will be recovered or stolen data deleted. This payment also funds the continued activity of cyber criminals.

The theft of sensitive data can take many forms. Access to email accounts, for example, could provide a wealth of information on sensitive business operations. However, the theft of more specialist datasets such as future transactions, investment models and algorithms, often requires access and knowledge specific to the organisation's environment. As such, many historical incidents affecting the sector have often been enabled by an insider element.

Knowing which cyber threats are relevant to a given sector is an important step toward strategically directing investment in appropriate defences. Analysis of how these threats would navigate your organisation’s infrastructure can help to identify the gaps that exist in your security controls, and enable you to tailor your preparation efforts appropriately.

Follow us