Four security threats affecting FSIs in 2020
This time last year nobody predicted that the world would be battling a pandemic and fighting off hordes of cybercriminals using the pandemic as a topical way of peddling their wares.
Despite what some may call uncharted territory in terms of phishing scams claiming to be from the WHO or financial institutions, there are familiar culprits in the 2020 Future Cyber Threats report, published by Accenture.
“ Malicious threat actors are taking advantage as organisations reconfigure vulnerable supply chains and offer more digital experiences,” states Accenture Security’s Joseph Failla.
“Working from home has opened a pandora’s box of new attack vectors and workforce challenges—including those from insider threats. And there are challenges around rethinking culture and collaborative practices as organisations seek to outmanoeuvre uncertainty in the future.”
The report illustrates six extreme (yet plausible) threats that could affect the global financial services sector:
- Supply chains introduce interconnected attack surfaces
- Credential and identity theft keeps growing
- Data theft and manipulation from new vulnerabilities and trends in cybercrime behaviour
- Emerging technologies such as deepfakes and 5G prop up cyber threat evolution
- Malware attacks are becoming more destructive and disruptive as they spur multi-party and cross-sector targeting
- Misinformation campaigns create distrust and unease about retail and government-backed banks
Here we discuss four of these threats.
Financial institutions’ supply chains have interdependent and often complex relationships - there are now relationships with technology service providers (TSPs), managed service providers (MSPs), and cloud service providers (CSPs). These relationships are extremely attractive to cybercriminals, who have been profiting off supply chain attacks for years - and even more so in the last 12 months.
According to the report, there are several ways that criminals could exploit supply chains. One way involves the exploitation of global navigation satellite systems (GNSS), which provides data about financial transactions to financial institutions - including stock exchanges. Attackers could spoof data or jam systems, meaning that transactions are not timestamped. If attackers brought GNSS systems down, it would mean that transactions could fail and ATMs wouldn’t work.
“GNSS’s are controlled by a handful of nations across the globe and have attracted nation-state interference including by countries that have been suspected culprits of state-sponsored cyberattacks against the financial sector in the past,” the report warns.
Criminals are not just copying data, they are changing or destroying it too, suggesting that not every attack is about theft.
In late 2019 researchers discovered Microsoft Azure vulnerability called BlackDirect which could allow attackers to steal, manipulate, or encrypt data, and compromise production servers.
“ This vulnerability disclosure came as financial institutions and regulators were scrutinising cloud security vulnerabilities and related cyber threats following the large scale data theft from a major United States financial institution.”
Cybercriminals dealing in ransomware are also using a multi-pronged approach that allows them to ransomware as a lucrative long term moneymaker.
The report suggests that the ‘collective offense’ of cybercriminals will remain a formidable threat to FSIs and all industries.
Deepfake recording software has been used in everything from fake presidential videos to impersonating the chief executive at a real company. It’s a new wave of business email compromise scams - and it can be even more difficult to stomp out when you ‘hear’ the CEO’s voice at the other end of the line.
5G will be great for network speeds, but also presents risks like supply chain threats, vulnerabilities, and espionage.
“Governments and think tanks have also voiced concern around the potential for nation-states to willfully exploit technological vulnerabilities present in software and hardware manufactured by companies within the reach of their influence,” the report notes.
In order to beat the risk from deepfakes and 5G, organisations will need to track emerging tactics and procedures that cybercriminals use. Organisations should also explore technologies they could use to prevent cybercriminals from abusing these technologies.
Disinformation and misinformation progress far beyond politics and COVID - they have very real impacts on the financial sector. Even the NASDAQ warned of market manipulation spikes, often due to disinformation or misinformation.
Some groups engage in ‘pumping and dumping’ - that is they artificially inflate stock prices through false news, then cash out when those prices skyrocket.
In India, the central bank announced the consolidation of many public sector banks (PSBs). Criminals then spread false information that nine PSBs would be closed permanently and encouraged people to withdraw their money.
The banks managed to correct these false statements, but it does show how financial markets are at risk of manipulation.
So what should you do about all of these security threats? The report suggests a proactive, collective defence. That means security leaders should:
- Adopt a secure mindset
- Secure the new perimeter
- Become agile and adaptive
- Focus on Nth party risks
- Collectively respond and act
To get the full picture, read the Accenture 2020 Future Cyber Threats report here.