Cybersecurity company Vectra Networks Inc. today released a new report that suggests that financial institutions are being targeted by sophisticated cyberattackers using what the firm describes as “hidden tunnels” into networks to steal data.

Hidden tunnels are pathways used by hackers to gain access to corporate networks, often hidden in plain sight, that are difficult to detect because a pattern can be found only by observing a series of communications rather than looking at a single request and response.

The finding comes from the 2018 Spotlight Report on Financial Services, which was based on collected metadata from more than 4.5 million devices and workloads from customer cloud, data center and enterprise environments monitored by Vectra, along with data from the 2018 RSA Conference Edition of the Attacker Behavior Industry Report.

Highlighting that financial institutions have become favored targets of hackers, Vectra said it detected twice as many hidden data-exfiltration tunnels per 10,000 devices in financial services than all other industries combined.

For every 10,000 devices across all industries, 11 hidden exfiltration tunnels disguised as encrypted web traffic were detected. But in financial services, that number more than doubled to 23, perhaps because, well, that’s where the money is. From August 2017 through January 2018, hidden exfiltration tunnels disguised as unencrypted web traffic jumped from seven per 10,000 devices to 16 in financial services.

“Cyberattackers build hidden tunnels to break into networks and steal critical data and personal information,” the company said in a statement. “These tunnels are used to remotely control an attack, known as command-and-control, and steal data, known as exfiltration while remaining largely undetected.” Cyberattackers use hidden tunnels “to blend in with normal traffic, evade strong access controls, and exfiltrate financial data,” it said.

The report noted that the same type of attack behaviors led to the now-infamous 2017 Equifax data breach that resulted in the theft of driver’s license numbers, email addresses, Social Security numbers and other personal information from nearly 146 million consumers.

Photo: TJBlackwell/Wikimedia Commons