Security teams in the financial services sector are experiencing even more exacting demands as they defend their organizations in a world under a new and unexpected threat — a global pandemic, says a new Accenture report, "2020 Future Cyber Threats: The latest extreme but plausible threat scenarios in financial services."
Malicious threat actors are taking advantage as organizations reconfigure vulnerable supply chains and offer more digital experiences. Working from home has opened a pandora’s box of new attack vectors and workforce challenges — including those from insider threats. And there are challenges around rethinking culture and collaborative practices as organizations seek to outmaneuver uncertainty in the future. The 2020 Accenture research revisits the trouble spots for security leaders.
The report is based on research by the Accenture cyber threat intelligence team. The six threats are:
- Supply chains introduce increasingly interconnected attack surfaces. Financial institutions have complex, interdependent supply chains. These offer a broad, target-rich attack surface that adversaries can undermine. Attackers have been conducting supply chain attacks for years. However, supply chain threats to financial institutions in the past year have primarily involved technology service providers (TSPs), including managed service providers (MSPs) and cloud service providers (CSPs). Core financial TSPs and IT service providers have been affected by ransomware incidents, disrupting services for some of their financial institution clients.
- Credential and identity theft continue to accelerate. Credential and identity theft, compromise and abuse continue to be cornerstones for targeted attacks and fraud. As novel coronavirus, COVID-19 spread across the globe, financial institutions moved rapidly to adjust their operations. Cybercriminals also moved swiftly to take advantage of the expanded attack surface presented through largely remote workforces and rich feeding ground for fraud from the extensive government funding programs extended through financial institutions to small businesses in greatest need. Credential-stealing malwares surged, including mobile malwares such as EventBot19 and Cerberus which are collectively capable of stealing customer credentials for more than 200 financial institutions. The premier seller of Cerberus noted their sales increased exponentially in early April 2020, netting them more profit in a single week than the prior four months combined.
- Data theft and data manipulation stems from new vulnerabilities and cybercriminal behaviors. While threat actors continue to target data their motivations often go beyond theft to include destruction and disruption. A new wave of cyberattacks sees data no longer simply being copied, but being destroyed—or changed—breeding distrust. In late 2019, security researchers disclosed a Microsoft Azure vulnerability referred to as BlackDirect. If not remediated, threat actors could exploit this vulnerability to steal sensitive data, compromise production servers, manipulate data, or even encrypt all of a victim organization’s data (ransomware). This vulnerability disclosure came as financial institutions and regulators were scrutinizing cloud security vulnerabilities and related cyber threats following the large scale data theft from a major United States financial institution
- Emerging technologies, especially deepfakes and 5G, advance cyberthreats. As technology rapidly advances, cyberdefenders and adversaries alike are exploring means of using cutting-edge tools. In particular, malicious actors recently used deepfake to increase the effectiveness of their campaigns. As the world adopts fifth generation mobile networks, threat actors will seek to gain new advantages with 5G technology. The opportunities for 5G in financial services presents risks, including those raised by governments including supply chain threats, software vulnerabilities, organized cybercrime, espionage as well as cross-sector threats.
- Destructive and disruptive malware attacks spur multiparty and cross-sector targeting. Threat groups leveraging ransomware are targeting multiple related parties at once globally. On August 16, 2019, more than 20 entities in Texas, United States, reported ransomware attacks, prompting a coordinated state and federal response to a multi-jurisdictional cybersecurity event that was the first of its kind.37 Testing the resilience of the affected entities, this multiparty attack is a bellwether indicating the likelihood of additional concurrent, disruptive attacks. A proactive cyberdefense plan that incorporates multiparty attack simulations with industry and crossindustry peers could help financial institutions be better prepared to face this threat.
- Misinformation shakes trust in retail and government-backed banks. Disinformation and misinformation is not only a threat to efforts to manage COVID19, it also impacts the financial sector. Multiple United States entities, including the NASDAQ, Securities Exchange Commission and FINRA have warned of spikes in market manipulation in the wake of the COVID-19 pandemic. Often, market manipulation involves elements of disinformation or misinformation directed at influencing unsuspecting investors to aid criminal actors’ objectives. Some groups undertaking these activities, as well as pumping and dumping (a form of securities fraud that involves artificially inflating the price of a stock through false positive statements), have been connected to cyber intrusions in the past. Bad actors can take advantage of high market volatility which could further reduce confidence in the economy.
Valerie Abend Managing Director, Accenture Security, says that the main takeaway from the report is that the financial services sector continues to be a top target for cybercriminals, who have become more brazen, targeted and sophisticated in their attack methods.
"The mass move to a remote working during the global pandemic has created a hotbed of cybercrime activity. As a result, credential and identity theft have surged. We’re also seeing destructive and disruptive malware attacks, including ransomware, that are resulting in cascading impacts due to greater interdependency and interconnectedness across financial services. Additionally, threat actors are exploiting vulnerabilities in third-party environments to inflict harm. Looking ahead, we believe the next frontier of attacks could come from emerging technologies, such as deepfakes and 5G. In the face of these evolving threats, security leaders need to ensure persistent control enforcement across their newly expanded footprints and manage the risk to the broader ecosystem of their third parties to enable cyber resilience."
To read the full report, with more findings and best practices, click here.