According to a recent report from the Financial Services Information Information Sharing and Analysis Center (FS-ISAC), the most significant impact on the financial services cyber threat landscape in 2022 was the Russia-Ukraine war. FS-ISAC’s Cyber Threat Level, an industry barometer of cyber threats facing financial services, remained at Elevated for much of the year across all regions and remained Elevated for longer in Europe, Middle East and Africa (EMEA). As the global volume of cybercrime rose, financial services organizations remained a prime geopolitical target.
2022 trends:
Geopolitical conflict goes cyber at scale as existing tensions, exacerbated by Russia’s invasion of Ukraine, sparked a flood of hacktivist activity that continues unabated. China and its goal of Taiwan unification, and Iran’s ideologically motivated attacks on Western financial institutions contribute to the geopolitical cyber threat landscape.
Denial-of-Service (DoS) and Distributed DoS (DDoS) attacks are increasing globally due to the increased availability of ‘as-a-service’ options and are frequently associated with extortion. While most of these attacks have low or no impact, the financial services sector remains one of the most targeted.
Ransomware attacks regularly dominated headlines throughout 2022. Almost all security vendors agree that ransomware attacks are getting worse. Ransomware-as-a-service (RaaS) providers, who give affiliates access to their ransomware suite in exchange for a cut of the illegal profits, are likely to blame for this growth.
Business email compromise (BEC) has become one of the most common and costly frauds impacting firms around the world. BEC can take several forms but the most reported to FS-ISAC are payroll diversion requests or fraudulent payment requests, either as part of an impersonation scam or vendor fraud.
Cryptocurrencies present a range of challenges to financial institutions globally. Threat groups finance their operations using cryptocurrency in ransom demands, among other methods. The increase in cryptocurrency investment holdings highlights the need for better oversight and protections for this asset class.
Supply chain threats impacted a more digitized business environment. Open banking and APIs, mobile banking apps, and exposure to partner breaches contributed to making financial services organizations vulnerable to hackers via third-parties. In 2022, the most prevalent supply chain attacks reported by members were the hijacking of software updates, fraudulent code signing, and the compromise of open-source code.
Member financial firms reported on the top malware strains hitting the financial sector, as well as emergent attack methods such as using Microsoft OneNote Attachments, telephone-oriented attack delivery, and “Adversary-in-the-Middle Attacks.” In Asia Pacific, cyber incidents related to impersonation are on the rise, but ransomware remains the top concern for APAC members.
2023 predictions
Where geopolitical tensions escalate in 2023, we will see a further fragmentation in the cyber landscape via the increased involvement of non-state actors attacking on an ideological basis. The use of mis-, dis- and mal-information – potentially leveraging generative text engines to spread – will continue to sow uncertainty, both politically and in the perceived impact of hacktivist campaigns.
In turn, this is likely to increase the cyber and/or reputational risk to financial sector firms operating in (or affiliated with) the nations engaged in conflict. As DDoS as-a-service subscriptions get cheaper and cheaper, it will be easier for threat actors to launch devastating attacks anonymously and disrupt business uptime. Accordingly, third-party risk management is likely to become a more important part of an organization’s overall strategy for managing risks.