Accenture Security lists five other “extreme but plausible threat scenarios in financial services” in a new report.
Financial institutions have interdependent supply chains that offer a “broad, target-rich attack surface that adversaries can undermine,” a new report from Accenture warns. The firm listed it as the latest security trend gaining significance.
The six threats identified by Accenture are:
- Supply chains, which introduce increasingly interconnected attack surfaces
- Credential and identity theft, which continue to accelerate
- Data theft and data manipulation, which stem from new vulnerabilities and cybercriminal behaviors
- Emerging technologies, especially deepfakes and 5G, advance cyberthreats
- Destructive and disruptive malware attacks, which spur multiparty and cross-sector targeting
- Misinformation that is shaking trust in retail and government-backed banks
Attackers have been conducting supply chain attacks for years, the Accenture report noted. “However, supply chain threats to financial institutions in the past year have primarily involved technology service providers (TSPs), including managed service providers (MSPs) and cloud service providers (CSPs).”
Core financial TSPs and IT service providers have been affected by ransomware incidents, which has disrupted services for some of their financial institution clients, the report said.
The COVID-19 pandemic has rapidly increased the shift from an enterprise infrastructure to a virtual and cloud environment to support remote workforces.
The firm is predicting that adversaries will exploit vulnerabilities across each of the core service categories of cloud—SaaS (software as-a-service), PaaS (platform as-a-service), and IaaS (infrastructure as-a-service).
“These layers often sit on top of one another, chaining together potentially vulnerable environments supporting critical business functions,” the report said. “Protections need to exist both within each layer and holistically to thwart exploitation.”
As cloud proliferates, one of the biggest challenges to securing cloud platforms has been misconfigurations, Accenture
There’s been a surge in cybersecurity activity as companies continue to operate remotely and cybercriminals look to exploit the ongoing coronavirus pandemic.
To mitigate the spread of COVID-19, organizations around the globe have also adopted remote work policies, leaving companies vulnerable to threats via remote networks, pandemic-related malware, and more. In recent months, there’s been a spike in cybersecurity attacks during the pandemic. In April, the FBI reported cybercriminal activity had increased fourfold. At the time, the agency’s Internet Crime Complaint Center was receiving up to 4,000 complaints per day. On Tuesday, Microsoft released its annual Digital Defense Report providing a glimpse of the trends shaping the cybersecurity landscape during the last year.
“This report makes it clear that threat actors have rapidly increased in sophistication over the past year, using techniques that make them harder to spot and that threaten even the savviest targets,” said Tom Burt, corporate VP of customer security and trust, in the report.
SEE: Identity theft protection policy (TechRepublic Premium)
The Digital Defense Report analyzes cybersecurity threats from the second half of 2019 through the first half of 2020. Overall, Microsoft said it blocked more than 13 billion “malicious and suspicious mails” in 2019, with over 1 billion of these being “URLs set up for the explicit purpose of launching a phishing credential attack.”
From October of last year to July 2020, ransomware existed as the most common action spurring Microsoft’s incident response, per the report. Microsoft notes the ever-evolving and broadening nature of IoT threats, stating that such attacks increased by more than one-third “in total attack volume” when comparing the last six months of 2019 to the first half of 2020.
The findings detail ways in which cybercriminals have attempted to exploit the coronavirus pandemic. For example, a total of 16