Financial Sector Cyberthreat Landscape

The Financial Services Information Sharing and Analysis Center (FS-ISAC) recently released its annual report, "Navigating Cyber 2024," which highlights the increasing sophistication of cyber threats facing the global financial system. The report emphasizes the need for the financial sector to evolve its security strategies to keep pace with these threats.

The report highlights the growing complexity of tactics, techniques, and procedures employed by cyber threat actors. These include social engineering, search engine optimization poisoning, advertising, and QR code phishing. Moreover, threat actors are increasingly exploiting evolving technologies, such as generative AI, to scale and automate attacks, enhance the effectiveness of lures, and even manipulate and exploit the AI tools themselves.

The CEO of FS-ISAC, Steven Silberstein, highlights the necessity for the mitigation measures used by the financial services industry to advance at a rate that is at least as rapid as that of threat actors' strategies. Silberstein emphasizes the significance of international information sharing to uphold the sector's integrity, security, and trust in light of the upcoming year that will be characterized by growing technology and increased geopolitical tensions.

The report also identifies new threats that continue to emerge, posing disruptive implications for the sector. These include:

• Geopolitical Hacktivism: With ongoing geopolitical conflicts and a “super election” year, threat actors are expected to launch misinformation campaigns and Distributed Denial of Service (DDoS) attacks against critical infrastructure. In 2023, 35% of all DDoS attacks targeted the financial services sector.
• New Extortion Tactics: In response to global regulations, threat actors are adjusting their tactics. They may weaponize new disclosure requirements, pushing companies to fulfill extortion demands before the required reporting deadline.
• Cryptographic Agility: The financial services sector must focus on developing new encryption methods that can be rapidly adopted without altering the system infrastructure, in response to challenges posed by recent advancements in quantum computing and AI.
• Supply Chain Cybersecurity: Organizations should work closely with suppliers to establish communication channels for incident response and bolster suppliers’ cybersecurity posture, as zero-day vulnerabilities in the supply chain continue to disrupt various systems across the sector.

The financial services sector operates in a continually changing cyber landscape where cybercrime and fraud converge, and emerging technologies create additional opportunities for exposure. The sector must remain vigilant and proactive to maintain trust and ensure resilience.

To learn more about other threats and safeguarding your data, we invite you to explore our Client Security Center!

References: Navigating Cyber: Annual Threat Review and Predictions