Financial Services and Energy sectors are more susceptible to cyberthreats from nation-state actors than ever before

Reston, VA, March 10, 2022 NEWSWIRE — LookingGlass Cyber Solutions, the leader in providing actionable threat intelligence, today released two new reports identifying and summarizing vulnerabilities, exposures, and botnet infections currently seen across the Financial Services and Energy sectors. These sector-level reports also identify which items have the most pressing ties to Russian nation-state or affiliated threat actors.

Leveraging LookingGlass’ external attack surface monitoring solutions, the reports feature the following across both critical infrastructure sectors:

  • A U.S. heatmap of the sector’s cybersecurity vulnerabilities and exposures
  • Most prevalent verified vulnerabilities
  • Significant exposures that violate cyber best practices
  • Most prevalent bot infections

The reports move beyond assumptions about the cybersecurity posture of U.S. critical infrastructure and highlight key cyber risks that need to be addressed.

The Financial Services report shows a significant number of infections across the sector.

While Minerpanel, a botnet associated with cryptomining, is most pervasive across financial services at 27%, the depth of Sality – a botnet associated with the Russian actor group SALTY SPIDER that is currently infecting 13% of the sector – is highly concerning.

“Sality has been tracked to a cyber-criminal group believed to be operating out of Russia, and we can’t overstate how dangerous it is,” said David Marcus, Senior Director of Cyber Intelligence at LookingGlass. “Malware like this allows threat actors to prey on an organization’s network beyond simply using their resources, including exfiltrating data and executing remote code. Sality can wreak the sort of havoc that’s detrimental to your business and others unless remediated.”

The Energy sector also has widespread Minerpanel and Sality infections, at 12.55% at 11.87%, respectively. However, the most prevalent bot infection is Pony (Ponyloader), seen in 20.65% of energy institutions. Pony has been highly successful at stealing usernames and passwords as well as loading additional malware onto infected machines. In 2014, Pony was attributed to stealing more than 700,000 credentials, including more than 800 Remote Desktop credentials.

“As geopolitical tensions mount and nation-state threat actors continue weaponizing their cyber capabilities, U.S. critical infrastructure must take proactive measures to identify and address their vulnerabilities and exposures,” says LookingGlass CEO Gilman Louie. “There’s never been a more pressing time for these organizations to improve their cybersecurity posture. Based on our findings, I would urge critical infrastructure organizations to immediately update and patch their systems to fix these issues.”

About LookingGlass Cyber Solutions, Inc.

LookingGlass is the global cybersecurity leader that provides public and private sector clients with a comprehensive view of their attack surfaces layered with tailored, actionable threat intelligence. For more than a decade, the most advanced organizations in the world have trusted LookingGlass to help them protect their financial, economic, and national security interests. 

Find out how we can help your organization at

Media Contact

Cole Christy

Gregory FCA

[email protected]


Contact Us