Nation-states and cybercriminals may be wittingly leveraging each other’s tools and tactics, leading to an increase in cross-border attacks targeting financial services suppliers.
FS-ISAC (Financial Services Information Sharing and Analysis Center) is warning that banks will encounter growing threats this year from converging nation-state and criminal hackers, as well as supply chain risks and cross-border attacks.
In a new report, FS-ISAC found that nation-states and cybercriminals may be wittingly leveraging each other’s tools and tactics, leading to an increase in cross-border attacks targeting financial services suppliers.
The report notes that third-party risk is an upward trend, warning that suppliers to financial firms will continue to be lucrative targets for threat actors.
Cross-border attacks will also increase, it says, noting that cyber criminals commonly test their attack in one country before hitting multiple continents and sub-verticals. This was shown by a DDoS extortion campaign that targeted about 100 financial institutions in months.
Given that the pandemic has accelerated digitisation and connectivity, the financial sector increasingly needs a trusted conduit of real-time cyber information between institutions and third-parties, the report says.
“Organisations properly practicing defense-in-depth with multi-layered controls are still vulnerable to large-scale and even systemic issues through third party suppliers,” said J.R. Manes, Global Head of Cyber Intelligence at HSBC.
“Ensuring and encouraging the sharing of cyber threat intelligence is a vital part of the defense of not only the financial sector, but the whole business ecosystem that runs on top of the Internet,”
The FS-ISAC community provides its members the visibility into emerging threats that could impact customers and business, even when they are not directly exposed.
Accellion, itself at the center of a number of recent supply chain breaches, said it used FS-ISAC to brief the financial sector on the situation.
FS-ISAC anticipates more supply chain risks in 2021.
The full report is available here.