Financial services hit by rise in cyber attacks in 2022

While ransomware and DDoS attacks hit financial services hard in 2022; Malware-as-a-Service, AI, and crypto are forecast to have the most impact on cybersecurity this year.

Last year, Denial-of-Service (DoS) and Distributed DoS (DDoS) attacks increased globally, as did ransomware attacks, according to a new report from the Financial Services Information Sharing and Analysis Center (FS-ISAC). “What 2022 lacked in innovation, it made up for in volume”, it says.

The report’s research suggests rising attacks are likely to be blamed on Ransomware-as-a-service (RaaS) providers, in which affiliates get access to the malware in exchange for a cut of the illegal profits.

Business email compromise (BEC) became one of the most common and costly frauds globally. In 2021, the FBI’s Internet Crime Complaint Center received complaints of BECs totalling nearly $2.4bn in damages in the US – with ransomware damages accounting for $49.2m of that. According to FS-ISAC member reporting, BECs increased 300% between 2021 and 2022.

And, says the report, the threats will continue to grow, as Malware-as-a-Service (Maas), artificial intelligence, and cryptocurrency are predicted to transform the global threat landscape in 2023.

Hacktivist activity

However, the most significant impact on the financial services cyber threat landscape last year came from Russia’s invasion of Ukraine. That “sparked a flood of hacktivist activity that continues unabated”, including attacks on multiple suppliers to the financial sector.

“Unfortunately, the growing involvement of non-state actors attacking on an ideological basis and the manipulation of information by malicious actors will continue to sow uncertainty across the landscape in actual and perceived security threats,” said Steven Silberstein, CEO of FS-ISAC.

Analysis from FS-ISAC, including the recent DNS report, showed that manufacturing and professional, scientific, and technical services sectors were targeted most by ransomware threat actors, and the finance and insurance sector third. However, professional, scientific, and technical services also represent the majority of third-party suppliers and vendors to the financial sector.

“What 2022 lacked in innovation, it made up for in volume.”

 The Navigating Cyber 2023 report

“Cybercriminals are endlessly inventive, and aided by technological advances,” said Teresa Walsh, Global Head of Intelligence at FS-ISAC. “The emergence of new technologies and malware delivery tactics will require institutions to ensure they keep up with evolving cyber threats on a continuous basis and focus on resilience so they can keep operating no matter what happens.”

In the cloud company Akamai’s report The Evolution of DDoS: Return of the Hacktivists, the volume of DDoS attacks on financial firms was shown to have increased 22% since last year. And even worse in Europe, where the total attacks have risen 73%, and 50% for financial services.

“Though DDoS attacks have been around for some time, we are seeing that they are evolving in new, innovative and aggressive ways,” said Steve Winterfeld, Advisory CISO at Akamai. 

Predictions for 2023

Going forward, geopolitical tensions are predicted to escalate in 2023, with more non-state actors attacking on an ideological basis. MaaS, AI and cryptocurrency are identified as the three biggest areas to effect financial services security.

With the current rising cyber threats, it’s believed that supply chain threats also will continue to grow because of easy access to Maas, including opportunities to affect third-parties that are connected to financial services. That includes breaches, both in volume and impact, against third-party key software suppliers, authentication providers and services, technology services and providers, and cloud and managed software service.

“The emergence of new technologies and malware delivery tactics will require institutions to ensure they keep up with evolving cyber threats on a continuous basis and focus on resilience so they can keep operating no matter what happens.”

Teresa Walsh, Global Head of Intelligence at FS-ISAC

And with social engineering attacks becoming more sophisticated, it’s believed that those attacks will continue to increase too. Possibly amplified by deepfake technology and new-generation AI bots.

Another trend is the rising involvement of hacktivists acting in response to geopolitical tensions, which “will cause a further fragmentation in the threat landscape”. Those attacks are also likely to increase the cyber and reputational risk to financial firms that are affiliated with nations engaged in conflict.

AI and crypto challenges

The use of AI also increases the danger of cyberattacks becoming easier to orchestrate. As emerging AI tools lower barriers for hacking, its use within social engineering will make it harder to detect fraudulent communications and to verify identities.

The popular ChatGPT has already been used to successfully write malicious code and design phishing lures. But it’s not the only one. Other generative language models have already been used to create infostealer malware, encryption tools, and other dark web marketplace automations for illegal goods too.

Earlier this month, The UK government organisation NCSC urged caution over the embrace of Large Language Models (LLMs). The NCSC said: “LLMs are undoubtedly impressive for their ability to generate a huge range of convincing content in multiple human and computer languages. However, they’re not magic, they’re not artificial general intelligence, and contain some serious flaws”.

Cryptocurrencies will also continue to present a range of challenges to financial institutions globally, remaining be a prime channel for cybercriminals to finance their operations.  

Future challenges

To handle the future challenges, the report points to three key areas that financial firms need to consider: increased regulation, the future of cyber insurance, and the ongoing cybersecurity talent shortage.

Still, increased regulation will possibly impose new challenges for multinational firms too, with a constant tension between growing cybersecurity requirements and the allocated resources.

Another question is how cyber insurance will evolve. Australia, which is working hard to be the most cyber secure country in the world, is currently discussing the introduction of legislation to make ransom payments illegal.

“The best tool available for financial institutions to combat this is intelligence sharing, allowing collaboration across the global industry and ensuring better cyber preparedness. Cyber threats often evolve faster than the tools we use to combat them, but our strength is in our community”, said Steven Silberstein, CEO of FS-ISAC.