Financial services CISOs are increasingly turning to active threat hunting, a new survey from Carbon Black shows.

A notable 47 percent of CISOs surveyed said their organizations are operating threat hunting teams, an increase of 27 percent.

The shift was highlighted in a financial services-focussed threat report from the Massachusetts-based endpoint security specialist today.

It comes as respondents reported a 160 percent surge in cyberattacks on FS companies that appear to have purely destructive, rather than financial intent. (The survey included CISOs from four of the top 10 banks in the world, Carbon Black said).

(The report comes after US-based independent email provider VFEmail said a hacker had destroyed the company by formatting all the disks on ever server on both its primary and backup systems in an as-yet unexplained incident…)

What is Threat Hunting?

Threat hunting is manual (albeit often “machine”-assisted) interrogation of a network based on the assumption of breach. Its rise comes as Carbon Black reports a surge in attacks that are aimed at destroying data or holding financial services entities to ransom, rather than “old-fashioned” theft.

“Financial institutions are grappling with some of the most sophisticated cyber crime syndicates. Perhaps the most concerning indication from this report is the stark increase in destructive attacks, which are rarely conducted for financial gain,” said Tom Kellermann, the report’s author and Chief Cybersecurity Officer at Carbon Black.

He added: “Rather, these attacks are launched to be punitive by destroying data. Cybercriminals have formed sophisticated approaches to gain access to confidential banking and financial information and organisations need to be aware of the impending threats.”

Among other findings in the report, Carbon Black said attackers are increasingly using highly reputable domain resources, such as content delivery networks (AWS, Akamai, Cloudflare, Google Cloud, etc), to open covert channels, allowing them to bypass content filters as those locations are generally trusted.

“This is referred to as Domain Fronting, and the traffic is often encrypted using HTTPS making it difficult to detect and prevent.”

The survey also found that 62 percent of surveyed financial services CISOs report to the CIO, a fact that Kellermann said should raise eyebrows.

“This represents a potential governance crisis. CISOs must be empowered with greater authorities and separate budgets in order to preserve safety and soundness in the financial sector. CISOs should report to CEOs or CROs as their defensive mindset often conflicts with the uptime, availability, and content driven goals of CIOs”.

The report’s release comes a day after Carbon Black announced that it was teaming up with Alphabet’s new entrant to the cybersecurity market, Chronicle. The partnership will see Carbon Black’s endpoint detection and response (EDR) data shared with Backstory, Chronicle’s recently announced security analytics product.