Identity-based attacks are on the rise as evidenced by London-based tech provider Finastra’s cybersecurity incident reported this week.
Finastra this month identified suspicious activity in its internally hosted Secure File Transfer Platform, used to send files to its customers, according to a Finastra statement provided to Bank Automation News on Nov. 21.
“We are continuing to investigate root cause, but initial evidence points to credentials that were compromised,” according to the statement. “This incident was limited to one platform and there was not lateral movement beyond it.”
While it was not disclosed which Finastra clients were affected by the breach, Finastra works with more than 8,000 financial institutions including Lloyds Bank, First Citizens Bank and Vystar Credit Union, according to the company.
Safety first
Stolen credentials are being used more frequently by criminals, Aaron Walton, threat intelligence analyst at security solutions provider Expel, told BAN. At Expel, 70% of attacks seen in its security operations center are identity based.
“The majority of malicious emails and the highest volume of malware we see is geared toward stealing credentials,” Walton said, noting that organizations can protect their credentials by:

- Utilizing multifactor authentication;
- Testing infrastructure for security weaknesses; and
- Implementing quick remediation plans.
“When an attacker has credentials it gives them easy access to an organization’s sensitive data, and often just requires an enterprising attacker to leverage those credentials to cause a lot of harm,” Walton said.
Security opportunity
While the Finastra investigation is ongoing and the source of the compromise has not been identified, this an opportunity for Finastra to share its findings to boost industrywide security efforts, Yoni Shohet, CEO at software-as-a-service security company Valence Security, told BAN.
Security teams eventually want to disclose, step-by-step, everything they’ve learned “because it makes the industry better,” he said.
“If we properly understand and analyze the root causes of breaches that happen to similar organizations, then each organization that is in a similar profile can also improve their own security practices.”
Register here for early-bird pricing for Bank Automation Summit U.S. 2025, taking place March 3-4 in Nashville, Tenn. View the full event agenda here.






