Skip links

KELA Cyber Threat Intelligence – proactive protection for financial and banking organizations

Author
Published on:
Published in: Technology News

KELA Cyber Threat Intelligence – proactive protection for financial and banking organizations

Contemporary cybersecurity requires a high level of proactivity, which can only be achieved by using threat intelligence data. Investigations based on such data allow security teams to stay one step ahead of attackers and mitigate risks. In this context, Saftech Innovations has added the KELA Cyber Threat Intelligence platform to its portfolio, a very effective solution for entities in the financial-banking environment.

Europe has seen a 200% annual increase in the types of malware targeting banking apps. In addition, of the 488 publicly reported cyber incidents in the European financial sector between January 2023 and June 2024, the majority (46%) targeted banks (credit institutions), followed by public financial institutions (13%) and individual customers (10%), who were deceived through financial-themed social engineering campaigns. These are just some of the conclusions of the „ENISA Threat Landscape: Finance Sector”, report, published in February 2025, which is also the first report by the European Union Agency for Cybersecurity (ENISA) dedicated exclusively to the European financial sector.

ENISA data shows that the main threats faced by financial entities are Distributed Denial-of-Service (DDoS) attacks, security breaches, social engineering, fraud, ransomware attacks, supply chain attacks and malware attacks. Hackers mainly target banks to steal money through fraudulent transactions, access customers’ personal information, and execute ransomware attacks, subsequently demanding ransoms for data decryption. As a result, financial institutions frequently suffered significant losses, amplified by the costs associated with remediation and regulatory fines.

Threat intelligence solutions respond to security challenges in the financial-banking sector

By integrating threat intelligence solutions into their security strategies, financial and banking institutions can more effectively anticipate and respond to threats, protect sensitive data, reduce operational disruptions, and eliminate financial losses. Below, we have summarized the main risks identified in the report “ENISA Threat Landscape: Finance Sector” and how threat intelligence solutions contribute to combating them:

  • 58% of the DDoS attacks analyzed targeted European banks, causing operational disruptions. Threat intelligence solutions enable early identification of indicators of compromise and traffic patterns that precede DDoS attacks, providing proactive protection.
  • Data breaches and leaks remain a constant problem, with banks being the most affected (39% of cases). The incidents also led to sanctions from the authorities and to great damage to the image. Threat intelligence solutions enable the rapid identification of data leaks, facilitate the identification of causes and thus contribute to the rapid remediation of vulnerabilities and prevention or limitation of damage.
  • Social engineering campaigns (phishing, smishing and vishing) aimed to steal sensitive information and commit financial fraud, affecting both banks (36% of cases) and individuals (38%). Threat intelligence solutions continuously monitor phishing campaigns and other types of social engineering, providing organizations with relevant information about attackers’ tactics.
  • Ransomware attacks mainly targeted less mature financial entities, such as service providers and insurance companies, resulting in financial losses, data exposure, and operational disruptions. Threat intelligence helps organizations identify early signs of a ransomware attack to limit the impact of the attack.
  • The mobile threat landscape is becoming more sophisticated. Banking trojans and spyware were among the top threats, making it easier to compromise devices and carry out fraudulent activities. Threat intelligence technologies continuously monitor mobile malware threats, providing up-to-date and contextual information for the application of proactive solutions that protect banking applications and users.

Choose KELA Cyber Threat Intelligence for continuous proactive protection

KELA Cyber Threat Intelligence is a globally recognized platform for its advanced capabilities, adapted to the requirements of organizations in the financial-banking sector.

KELA has the ability to automatically collect, analyze, and monitor emerging threats from the most inaccessible areas of the cyber underground, from darkweb pages to Telegram groups. Powered by KELA’s complex data lake, built on a huge volume of historical data, the platform offers a complete cyber threat intelligence (CTI) approach, which transforms a fragmented digital ecosystem into a source of clear information.

KELA offers advanced attack surface and asset management capabilities, and detailed alerts, analyzing attackers’ perspectives on organizational or business partner (supply chain) vulnerabilities. The platform provides automatic detection and monitoring of potentially compromised IP addresses and domains involved in cybercrime activities. The platform also detects and flags compromised accounts, allowing them to be blocked before they are used with malicious intent. By centralizing attacker information from multiple web sources, KELA provides contextualized security information, and its intuitive interface, along with concise summaries, supports Security Operations Center (SOC) teams in decision-making. In practice, all this means:

  • Open, Deep & Dark Web monitoring, real-time visibility on Dark Web threats, full access to forums, marketplaces and hidden channels where malicious actors operate. The platform identifies emerging threats before they reach organizations, preventing breaches and attacks, and provides SOC teams with information on which they can act quickly and informed.
  • Threat Intelligence. The platform anticipates threats by monitoring the activity of relevant cyber dangerous entities and provides comprehensive investigations into cybercriminals, which include the analysis of web signatures and online identities.
  • Proactive solutions to reduce exposure to external threats, which include protection against ransomware and phishing attacks, identity protection, cyber investigations, Advanced Persistent Threat Intelligence (Threat Hunting), security for GenAI, and Exposure Management.
  • Third-party Intelligence. The platform identifies risks in the supply chain and attack surface, monitors high-risk suppliers, and provides quick recommendations for remediation or disruption of collaboration, as appropriate.
  • Protection of the identities of customers of financial and banking institutions and intercept of the compromised accounts to prevent fraud. The platform identifies identity theft and fraud involving online payments, chargebacks, bank cards, loyalty programs, and more.
  • Monitor the attempts to impersonate the brand and the illegal trade of bank cards and checks throughout the cybercrime underground.
  • Protection of the digital banking services by blocking suspicious traffic to banking systems with KELA’s Indicators of Compromise (IoC) feeds.

With a modular architecture, KELA Cyber Threat Intelligence is designed to adapt to the security needs of each organization. Modules include:

  • Identity Guard: extensive monitoring of identities within the organization (in illegal Dark Web marketplaces, instant messaging, bot marketplaces),
  • Monitor: automatic threat tracking, alerting, remediation recommendations,
  • Investigate: help in threat hunting through analysis and contextualized information,
  • Threat Actors: information about the attackers (motivations, location, aliases, contact details),
  • Threat Landscape: strategic insights into the dynamic cybercrime ecosystem,
  • Third-Party Risk Management (TPRM): monitoring, assessing and managing the risks associated with suppliers in the supply chain.

Safetech Innovations services for the efficient use of KELA

Safetech Innovations ensures the efficient configuration and use of the modules of the KELA Cyber Threat Intelligence platform, both independently and within a complex security architecture, along with complementary solutions. Our services include requirements analysis and platform configuration, either in salf-managed mode by the client, or in MSSP mode, through Safetech STI CERT services.

By using Safetech’s implementation and support services, you reduce deployment risks, and benefit from customization, scalability, and flexibility, as well as ongoing post-deployment support.

For more details about the KELA Cyber Threat Intelligence solution, as well as about the STI CERT services, you can contact us at sales @ safetech.ro or by phone: +40 21 316 0565.

Powered by  GDPR Cookie Compliance
Overview of Privacy

This website uses cookies to provide you with the best user experience. Cookie information is stored in your browser and serves the purpose of recognizing you when you return to our site, as well as assisting our team in understanding which sections of the site you find more interesting and useful. For more information, you can refer to the General Information Note Regarding the processing of personal data.