Attacks on payment systems and third-party service providers, as well as vulnerabilities in underlying system technologies, are some of the greatest concerns faced by Asia’s banks and financial institutions this year, according to the Financial Services Information Sharing and Analysis Centre (FS-ISAC) H1 2019 Asia Pacific Cyberthreat Review.
FS-ISAC is a non-profit industry consortium dedicated to reducing cyber-risk in the global financial system. Serving financial institutions around the globe and in turn their customers, the organization leverages its intelligence platform, resiliency resources and a trusted peer-to-peer network of experts to anticipate, mitigate and respond to cyber threats.
The Cyberthreat Review is derived from FS-ISAC’s rigorous threat intelligence monitoring maintained by its own intelligence operations team and further augmented through contributions from nearly 7,000-member institutions around the world. Multiple streams of intelligence were leveraged for the curation of the H1 2019 Asia Pacific Cyberthreat Review.
Concerns over attacks on payments systems
FS-ISAC members are consistently concerned about threats or attacks against payment systems, especially international systems, including how attacks against payment systems in less experienced countries may directly affect them.
This includes disruptions to capabilities regarding financial services, the reputational risk to the targeted institutions and the loss of consumer confidence in the sector that could impact economic situations in their home countries. Several banks in Bangladesh encountered attacks on payment systems in the first half of this year.
Increases in business email compromise attempts
FS-ISAC members have seen significant increases in business email compromise attempts and this remains a growing concern for firms in the region. Cyberthreat actors are becoming more creative in their attempts to use “social engineering” to infiltrate organizations through email.
An organization’s staff are often painted as a weak link in cybersecurity and email fraudsters look to exploit this through invoice scams and spear phishing spoof attacks. Similar to how email marketing is becoming more sophisticated, business email compromise attempts are evolving as well, and remain a growing concern for financial institutions in the region.
Third-party service provider suffering attacks that have residual impacts on members
Financial institutions are increasingly apprehensive over the security postures of third-party service providers with recent events such as the Wipro breach (India), ASUS Live Update attack (Taiwan) and LandMark White (Australia).
The Wipro attack was successful due to the attackers planning an advanced phishing campaign and then exploiting Wipro’s global customer base. These included financial institutions and retailers servicing gift and payment cards. Once they had access, they could quickly convert the gift cards into cash, making it difficult to trace.
Zero-day attacks made possible via newly discovered vulnerabilities
Complex systems include unforeseen vulnerabilities for banks and financial institutions. IBM announced it had four vulnerabilities, dubbed Microarchitectural Data Sampling (MDS), consisting of four different attacks. Another recent one is Microsoft’s announcement of a detected Remote Code Execution Vulnerability in Remote Desktop Services.
This particular vulnerability was a major concern for members as it required no user interaction and is ‘wormable’. If bad actors exploit vulnerabilities like this one, it could spread to other systems. Staying up to date on system weaknesses is essential as cyberthreat actors actively look to make the most of newly discovered vulnerabilities before patches are deployed.
“Threat actors have changed the way that they operate,” said Brian Hansen, executive director, FS-ISAC APAC, “We are seeing more time spent on preparation and reconnaissance prior to initiating attacks to ensure attacks are successful and against the best targets, be it a person or information system on a network. These actors are also increasing collaboration on the dark web, selling and seeking services that can be used against financial institutions.”