Latest News

VMware report reveals increasingly aggressive attacks against Finance sector

Fifth annual Modern Bank Heists report highlights a drastic increase in destructive attacks and ransomware, as financial leaders grapple with more aggressive, sophisticated attack 

VMware, Inc. today released its fifth annual Modern Bank Heists report which takes the pulse of the financial industry’s top CISOs and security leaders on the changing behaviour of cybercriminal cartels and the defensive shift of the financial sector. The report found that financial institutions are facing increased destructive attacks and falling victim to ransomware more than in years’ past, as sophisticated cybercrime cartels evolve beyond wire transfer fraud to now target market strategies, take over brokerage accounts and island hop into banks.

In the Modern Bank Heists report, 63% of financial institutions admitted experiencing an increase in destructive attacks, with cybercriminals leveraging this method as a means to burn evidence as part of a counter incident response. Additionally, 74% experienced at least one ransomware attack over the past year, with 63% paying the ransom. When asked about the nation-state actors behind these attacks, the majority of financial instructions stated that Russia posed the greatest concern, as geopolitical tension continues to escalate in cyberspace.

The report also found that once cybercriminals gain access into a financial organisation, they’re no longer after wire transfers or access to capital as traditionally assumed. Cybercriminal cartels are now seeking nonpublic market information, such as earnings estimates, public offerings, and significant transactions. In fact, 2 out of 3 (66%) financial institutions experienced attacks that targeted market strategies. This modern market manipulation aligns with economic espionage and can be used to digitise insider trading.

Additional key findings from the 2022 Modern Bank Heists Report include:

  • 60% of financial institutions experienced an increase in island hopping, a 58% increase from last year. The increase represents a new era of conspiracy where hijacking the digital transformation of a financial institution via island hopping to attack its constituents has become the ultimate attack outcome.
  • 67% of financial institutions observed the manipulation of time stamps, an attack called Chronos named after the god of time in Greek mythology. Notably, 44% of Chronos attacks targeted market positions.
  • 83% are concerned with the security of cryptocurrency exchanges. The advantage for cybercriminals of targeting cryptocurrency exchanges is that successful attacks can be immediately and directly turned into cyber cash.
  • The majority of financial institutions plan to increase their budget by 20-30% this year. Top investment priorities include extended detection and response (XDR), workload security, and mobile security.

Tom Kellermann, head of cybersecurity strategy, VMware said: “Security has become top-of-mind for business leaders amid rising geopolitical tension, an increase in destructive attacks utilising wipers and Remote Access Tools (RATs), and a record-breaking year of Zero Day exploits. Financial institutions now understand that today’s attackers are moving from heist to hijack, from dwell to destruction, and leaving their mark on an extremely vulnerable sector. Collaboration between the cybersecurity community, government entities and the financial sector is paramount to combat these emerging, increasing threats.”


Jeremy Sheridan, former assistant director, the U.S. Secret Service adds: “The Secret Service, in its investigative capacity to protect the nation’s financial payment systems and financial infrastructure, has seen an evolution and increase in complex cyber-enabled fraud. There are a variety of reasons for the opportunities, motives, methods, and means related to criminal activity. At the forefront is the swelling profitability of these crimes which, of course, motivates criminal actors. The persistent, inadequate security of systems connected to the internet provides opportunity and methodology. Finally, the proliferation of digital money payment systems has created a global, instantaneous, and pseudo-anonymous means to facilitate their actions. All of these factors have facilitated the maturation of a cybercriminal ecosystem that has not been sufficiently suppressed. We see these trends continuing into the future and utilising greater anonymising techniques such as peer to peer networks, privacy coins, encrypted communications, and darknet marketplaces to further expand cybercrime capabilities and reach.”


Rick McElroy, principal cybersecurity strategist, VMware concluded: “Cryptocurrencies are real currencies, but consumers often treat them as if they’re not. People trust exchanges that are new to the game even though they aren’t providing adequate protection to their currency or even their own admin accounts. In a crypto-based world, consumers should assume a certain level of responsibility in the protection of their cryptocurrency. There are no assurances that cybercriminals won’t target the exchanges, the warm wallets or cold storage. Assume wherever the money is, there will also be criminals trying to steal it.”


VMware Report Methodology

VMware conducted an online survey in February 2022 about evolving cybersecurity threats

facing financial institutions. 130 financial sector CISOs and security leaders from around the world participated. 41 percent of the financial institutions (FIs) are headquartered in North

America, 29 percent are in Europe, 16 percent in Asia-Pacific, 12 percent in Central and South

America, and 2 percent in Africa. Respondents were asked to select only one response per



About the Report Author, Tom Kellermann

Tom Kellermann is the Head of Cybersecurity Strategy for VMware Inc. Tom held the position of Chief Cybersecurity Officer for Carbon Black prior to its acquisition by VMware in 2019. In 2020, he was appointed to the Cyber Investigations Advisory Board for the United States Secret Service. On January 19, 2017, Tom was appointed the Wilson Center’s Global Fellow for Cyber Policy.

Tom previously held the positions of Chief Cybersecurity Officer for Trend Micro; Vice President of Security for Core Security and Deputy CISO for the World Bank Treasury. In 2008, Tom was appointed a commissioner on the Commission on Cyber Security for the 44th President of the United States. In 2003, he co-authored the Book “Electronic Safety and Soundness: Securing Finance in a New Age.”


About VMware  

VMware is a leading provider of multi-cloud services for all apps, enabling digital innovation with

enterprise control. As a trusted foundation to accelerate innovation, VMware software gives

businesses the flexibility and choice they need to build the future. Headquartered in Palo Alto,

California, VMware is committed to building a better future through the company’s 2030

Agenda. For more information, please visit