Cyber IT Supervisory Forum eBook

Internal Use Only

Financial Sector May Not Be Safe…

 There isn’t reporting on attacks targeting financial sector, but that could change (or be under-reported)  Financial sector seems like prime target for causing “societal panic”  It wouldn’t be the first time a nation state targeted the banking sector ‒ From 2011 to 2013, Iran launched denial of-service attacks against 50+ financial institutions in U.S. [13]

17

© 2024 THE MITRE CORPORATION. ALL RIGHTS RESERVED. APPROVED FOR PUBLIC RELEASE. DISTRIBUTION UNLIMITED 23-01698-01.

Internal Use Only

Equally Concerning is the Sophistication of PRC Tactics

 Rapid exploitation of vulnerabilities and use of zero days  Credential stealing and working around multi-factor authentication  Small-office, home office devices and dynamic use of virtual infrastructure  Living-off-the-Land Techniques (hiding in plain sight)  Reports from CISA [14] [15] and Microsoft [16] are worth reading!

18

© 2024 THE MITRE CORPORATION. ALL RIGHTS RESERVED. APPROVED FOR PUBLIC RELEASE. DISTRIBUTION UNLIMITED 23-01698-01.