Tag: interconnected

02
Oct
2020
Posted in technology

Vulnerable supply chains introduce increasingly interconnected attack surfaces

Accenture Security lists five other “extreme but plausible threat scenarios in financial services” in a new report.

financial graphs background

Image: lucadp, Getty Images/iStockphoto

Financial institutions have interdependent supply chains that offer a “broad, target-rich attack surface that adversaries can undermine,” a new report from Accenture warns. The firm listed it as the latest security trend gaining significance.

The six threats identified by Accenture are:

  • Supply chains, which introduce increasingly interconnected attack surfaces
  • Credential and identity theft, which continue to accelerate
  • Data theft and data manipulation, which stem from new vulnerabilities and cybercriminal behaviors
  • Emerging technologies, especially deepfakes and 5G, advance cyberthreats
  • Destructive and disruptive malware attacks, which spur multiparty and cross-sector targeting
  • Misinformation that is shaking trust in retail and government-backed banks

Attackers have been conducting supply chain attacks for years, the Accenture report noted. “However, supply chain threats to financial institutions in the past year have primarily involved technology service providers (TSPs), including managed service providers (MSPs) and cloud service providers (CSPs).”

SEE: 
Credential stuffing attacks on global media companies are spiking

 (TechRepublic)   

Core financial TSPs and IT service providers have been affected by ransomware incidents, which has disrupted services for some of their financial institution clients, the report said.

Cloud misconfigurations

The COVID-19 pandemic has rapidly increased the shift from an enterprise infrastructure to a virtual and cloud environment to support remote workforces.

The firm is predicting that adversaries will exploit vulnerabilities across each of the core service categories of cloud—SaaS (software as-a-service), PaaS (platform as-a-service), and IaaS (infrastructure as-a-service).

“These layers often sit on top of one another, chaining together potentially vulnerable environments supporting critical business functions,” the report said. “Protections need to exist both within each layer and holistically to thwart exploitation.”

As cloud proliferates, one of the biggest challenges to securing cloud platforms has been misconfigurations, Accenture