KELA's 2021-2022 UK Financial Sector Dark Web Threat Landscape Report Details ATPs Targeting the Region

Kela's 2021-2022 UK Financial Sector Dark Web Threat Landscape Report

KELA, the leading provider of cybercrime threat intelligence, has released their 2021-2022 UK Financial Sector Dark Web Threat Landscape Report. The research sheds light on the cyber threats targeting the UK's financial sector, which is following the trend of transporting banking and financial services online, putting itself at risk of being cyberattacked.

UK firms have been recently warned over possible Russian cyberattacks against western countries, the UK included, placing a scrutinizing spotlight on the UK's cybersecurity. Eastern European geopolitics is far from being the UK's only cyber threat. Various threat actors often target the UK for multiple reasons, including its wealth and importance to the world's economy. 

With the financial sector in the UK being the most likely sector to hold the personal data of customers, the question of this sector's state of cybersecurity is of utmost importance. In addition, the research describes threats that UK companies have faced during 2021 and early 2022 and provides information on APTs that have targeted the UK recently.

"This report sheds light on the multiple, varying cyber threats posed to UK companies and organizations in general, and the UK financial sector in particular. Through 2021, both financial and other UK companies have been subject to multiple ransomware attacks, and credentials and compromised accounts belonging to British entities were often offered for sale on cybercrime forums," said Irina Nesterovsky, Chief Research Officer at KELA.

Key Findings:

  • Leaked credentials: From Jan. 17, 2021, to Feb. 17, 2022, almost 17,000 credentials pertaining to UK's top financial businesses were leaked. The majority of the credentials (27%) were leaked in the RedCappi breach, which occurred on Dec. 6, 2021, and 17% of all credentials belonging to UK financial institutions in the ParkMobile breach. The OXFAM Australia breach caused the leak of 16% out of all credentials.
  • Compromised accounts: From Jan. 17, 2021, to Feb. 17, 2022, around 2,000 accounts were compromised. Most of those accounts got listed on the TwoEasy and Russian Market botnet markets.
  • Network Access: From January 2021 to February 2022, KELA observed around 60 instances of access to UK companies and organizations being sold on the dark web; three of these offers promised network access to UK companies in the financial sector.
  • Ransomware incidents: In 2021, KELA observed 135 UK companies experiencing ransomware attacks, placing the UK in fourth place on the list of known ransomware victims of 2021, as 4.83% of all ransomware victims that year were UK-based. 

Monitoring such sources, as KELA's technology does in real-time, could provide UK-based defenders with significant intelligence value. It can allow a more proactive approach to threats by learning and understanding new tactics used by threat actors and taking measures to protect against them.

To read the full report, please visit:

Media Contact 

Holly Hitchcock

[email protected] 

Source: KELA


Tags: cybercrime, dark web, threat intelligence

About Front Lines Media

View Website