Finance Sector Faces ‘Extreme but Plausible’ Cyber Threats

Financial services firms are major targets of cyber attacks A recent report describes six “extreme but plausible” future cyber threats finance firms need to be aware of

When thinking about which industries are prime targets for cyber security breaches, financial services certainly comes to mind. Firms that deal with all kinds of business and consumer monetary transactions are ideal for cyber criminals to go after. As a result, these businesses always need to be on their guard for the latest threats.

If industry research is correct, companies in the sector have every reason to expect risks to continue increasing. A recent report by professional services firm Accenture, based on research by its Accenture iDefense threat intelligence team, describes six “extreme but plausible” future cyber threats finance firms need to be aware of.

Supply chains introduce increasingly interconnected attack surfaces

Financial institutions have complex and interdependent supply chains, and they offer a broad, target-rich attack surface that adversaries can undermine, the report said.

Bad actors have been conducting supply chain attacks for years, Accenture said. But supply chain threats to financial services institutions over the past year have mainly involved technology partners including managed service providers and cloud service providers.

Service providers have been hit by ransomware incidents, which has disrupted services for some of their financial firm clients. Cyber criminals have repeatedly used vulnerabilities in third-party environments to impact financial institutions, the report noted.

Among the third parties that can be make financial firms vulnerable are telecommunications providers and power companies.

The Covid-19 pandemic has quickly increased the role the cloud will play in supply chain threats to critical infrastructure, including financial services. Cyber attackers are taking advantage as businesses expand their information security focus from an enterprise infrastructure to a virtual and cloud environment to support remote workforces.

Credential and identity theft continue to accelerate

Theft, compromise, and abuse of credentials and identities continue to be cornerstones for targeted attacks and fraud, the report said.

As the pandemic spread, financial institutions quickly adjusted their operations. But cyber criminals also moved rapidly to take advantage of the expanded attack surface presented through largely remote workforces, and new opportunities for fraud from the extensive government funding programs made available through financial institutions.

Incidents of credential-stealing malware increased, including mobile malware capable of stealing customer credentials for more than 200 financial firms. As most financial services firms’ employees moved to remote work locations, there was a rise in reliance on mobile devices, the report said.

Identity theft also continued to grow over the last year, especially as government agencies and financial institutions implemented financial relief programs to help individuals and businesses affected by the pandemic.

Data theft and data manipulation from new vulnerabilities and cyber criminal behavior

While bad actors continue to target data, their motivations often go beyond theft to include destruction and disruption of information, the report said.

A new wave of cyber attacks is resulting in data being destroyed or altered. Cyber criminals can exploit vulnerabilities in systems to compromise servers, manipulate data, or even encrypt all of a victim organization’s data through ransomware.

Threat actors realize that taking multi-pronged approaches against businesses help to sustain ransomware as a lucrative long-term approach. The concept of “naming and shaming” ransomware victims, combined with threatening to release stolen data makes the process of responding to ransomware infections more challenging, the study said.

Cyber criminal groups are cooperating with one another, quickly shifting from commodity malware infections to targeted attacks, Accenture noted. In some instances, it has only taken hours for crimeware to cause devastating ransomware to enter a network.

Emerging technologies advance cyber threats

As technology continues to advance, cyber security teams and cyber criminals alike are looking for ways to use innovative tools. In particular, bad actors have begun using deepfake to increase the effectiveness of their attacks.

Deepfakes involve the use of artificial intelligence (AI) or machine learning to manipulate or generate visual and audio content with the intent to deceive people. For example, criminals can use AI-based deepfake recording software to impersonate an executive’s voice.

As financial institutions continue to combat business e-mail compromise and account takeover attacks, they will need to monitor how adversaries might be using these deception techniques.

Firms should also explore using technological countermeasures in development to prevent adversarial abuse of this emerging technology, the report said.

Destructive and disruptive malware attacks spur multiparty and cross-sector targeting

Threat groups using ransomware are going after multiple related parties at the same time globally, the report said.

Deploying a proactive defense plan that incorporates multi-party attack simulations with industry and cross-industry peers could help financial services firms be better prepared to face this threat, Accenture noted.

The disruptive and destructive impact on financial institutions is a noteworthy recent change in ransomware attacks, according to the study. As third parties fall victim to targeted malware campaigns, bad actors are likely to have a growing negative impact on the availability of some banking and insurance services—on a global scale.

Financial services firms can be affected indirectly by these attacks through the supply chain. They can address the risk by participating in forums that facilitate cross-sector information sharing.

Misinformation shakes trust in retail and government-backed banks

Misinformation is having an impact on the financial sector, according to the report. Multiple U.S. finance entities, have warned of spikes in market manipulation in the wake of the pandemic.

Often, manipulation of trading markets involves elements of disinformation or misinformation directed at influencing unsuspecting investors to aid criminal actors’ objectives, the report said. Some groups undertaking these activities have been connected to cyber intrusions.

Bad actors can take advantage of high market volatility, which could further reduce confidence in the economy. Disinformation has affected the financial sector multiple times in the last year, the study said.

While there’s no evidence that sophisticated actors are spreading misinformation to support a financial or political agenda, it is plausible. As a result, the financial industry should consider how to address both accidental misinformation and highly sophisticated disinformation campaigns.