PRESS RELEASE
RESTON, Va., March 27, 2024 /PRNewswire/ — FS-ISACthe member-driven non-profit organization that promotes cybersecurity and resilience in the global financial system, today announced the findings of its annual Global Intelligence Office report, Navigating Cyber 2024.
The report details the growing sophistication of adversary tactics, techniques and procedures exploited by threat actors, such as social engineering, SEO poisoning, malvertising and QR code phishing. It also focuses on threat actors’ use of evolving technology, as they seek to leverage generative AI to increase the scale and automation of attacks and decoy effectiveness, as well as to poison, manipulate and exploit the same generative artificial intelligence tools.
“Every year a new set of threats comes to light, requiring the financial services industry’s mitigation strategies to advance at an equal if not faster pace than the threat actors’ tactics,” said Steven Silberstein, CEO of FS -ISAC. “As we look ahead to a critical year characterized by emerging technologies and rising geopolitical tensions, the best way to maintain the integrity, security and trust of the industry is through global information sharing.”
In addition to long-standing threat vectors, new threats continue to emerge that will have disruptive implications for the industry. These include:
-
Rise in geopolitical hacktivism: Threat actors are expected to launch disinformation campaigns and DDoS attacks against critical infrastructure, taking advantage of ongoing geopolitical conflicts and a “super election” year, as five national elections will be held around the world. DDoS attacks continue to increase in size, scope and sophistication, with 35% of all DDoS attacks targeting the financial services industry in 2023.
-
New extortion tactics in response to global regulations: Threat actors have noted the implementation of key legislation in 2023 and are monitoring pending global regulations in 2024 and 2025, adapting their tactics accordingly. Cybercriminals could weaponize the new disclosure requirements, pushing companies to comply with extortion demands before the reporting deadline.
-
Increased focus on developing cryptographic agility: Recent advances in quantum computing and artificial intelligence are expected to challenge established cryptographic algorithms. In response, the financial services industry must focus more on developing new encryption methods that can be adopted quickly without altering the revenue system’s infrastructure.
-
Improving supply chain cybersecurity posture: Zero-day vulnerabilities in the supply chain continue to leave the industry unprotected, as attacks on suppliers disrupt various systems across the industry, such as clearing, trading, payments and back-office service operations. In response, the industry should work closely with vendors to establish communication channels for incident response and strengthen vendors’ enhanced cybersecurity posture.
“Threat actors will exploit critical infrastructure vulnerabilities and leverage any available tool to destroy confidence in the security of our systems,” said Teresa Walsh, Chief Intelligence Officer and Managing Director, EMEA, at FS-ISAC. “The financial services industry operates in an infinitely dynamic cyber landscape, where cybercrime and fraud converge and emerging technologies create further opportunities for exposure. To maintain trust in the sector, companies must prioritize proactive cyber hygiene to ensure operational resilience in the face of an attack.”
Methodology
The Navigating Cyber 2024 report is sourced from thousands of FS-ISAC member financial firms across 75 countries and further enriched by analysis from the Global Intelligence Office. Multiple intelligence streams were leveraged to curate the summary, which examined data from January 2023 to January 2024. The publicly accessible version of the report can be found Here. The full report is only available to member financial institutions.
About FS-ISAC
FS-ISAC is the member-driven nonprofit organization that promotes cybersecurity and resilience in the global financial system, protecting financial institutions and the people they serve. Founded in 1999, the organization’s real-time information sharing network amplifies the intelligence, knowledge and practices of its members for the financial sector’s collective security and defenses. Member financial firms represent $100 trillion in assets across 75 countries.