SECURITY SOLUTIONS

One in 20 APAC organisations were hit by ransomware in 2023 , with financial services as the fourth most targeted sector .

FS-ISAC ' s latest annual report on the cyberthreat landscape revealed that cyberattacks are on the rise in APAC , with ransomware leading the charge . In 2023 , the financial sector emerged as the fourth most commonly targeted by ransomware in the region . Other findings from the report paint a concerning picture : a 15 % year-on-year increase in cyberattacks across the region , more sophisticated tactics by threat actors , and a growing vulnerability in the financial services supply chain . Averaging 1,963 attacks per week , APAC organisations were hit hard in 2023 , a pattern that is set to continue in 2024 in the region , mirroring global trends .

The report details the increasing sophistication of adversarial tactics , techniques and procedures ( TTPs ) leveraged by threat actors , such as social engineering , SEO poisoning , malvertising and QR code phishing . It also focuses on the use of evolving technology by threat actors , as they look to leverage Generative AI for increased scale and automation of attacks and effectiveness of lures , as well as to poison , manipulate and exploit Generative AI tools themselves .

“ Each year , a new set of threats comes to light , requiring the financial services sector ’ s mitigation strategies to advance at an equal if not faster pace than threat actors ’ tactics ,” said Steven Silberstein , CEO of FS-ISAC . “ As we look ahead to a critical year marked by emerging technology and heightened geopolitical tensions , the best way to maintain the integrity , security and trust of the sector is through global information sharing .”

In addition to long-standing threat vectors , new threats are continuing to emerge that will have disruptive implications for the sector . These include :

• Increased geopolitical hacktivism : Threat actors are expected to launch misinformation campaigns and DDoS attacks against critical infrastructure , capitalising on on-going geopolitical conflicts and a ‘ super election ’ year , as five national elections take place across the globe . DDoS attacks are continuing to increase in size , scope and sophistication , with 35 % of all DDoS attacks targeting the financial services sector in 2023 .

• New extortion tactics in response to global regulations : Threat actors have noted the implementation of key legislation in 2023 and are monitoring pending global regulations in 2024 and 2025 , adjusting their tactics accordingly . Cybercriminals may weaponise new disclosure requirements , pushing companies to fulfil extortion demands ahead of the required reporting deadline .

• Intensified focus on establishing cryptographic agility : Recent quantum computing and AI advancements are expected to challenge established cryptographic algorithms . In response , the financial services sector must have an increased focus on developing new encryption methods that can be rapidly adopted without altering the bottomline system infrastructure .

• Improvement of supply chain ’ s cybersecurity posture : Zero-day vulnerabilities in the supply chain continue to leave the sector unprotected , as attacks on providers disrupt various systems across the sector , such as those of clearing , trading , payments and backoffice service operations . In response , the sector should work closely with suppliers to establish communication channels for incident response and bolster suppliers ’ greater cybersecurity posture . � www . intelligentfin . tech

53