F cybersecurity and resilience in the global financial system , has announced the findings of its annual Global Intelligence Office report , Navigating Cyber 2024 .
software
INTELLIGENT
APAC cyberattacks up 15 % in 2023 : Surge in ransomware attacks a key driver software
SECURITY
One in 20 APAC organisations were hit by ransomware in 2023 , with financial services as the fourth most targeted sector .
S-ISAC , the member-driven , not-forprofit organisation that advances
F cybersecurity and resilience in the global financial system , has announced the findings of its annual Global Intelligence Office report , Navigating Cyber 2024 .
FS-ISAC ’ s latest annual report on the cyberthreat landscape revealed that cyberattacks are on the rise in APAC , with ransomware leading the charge . In 2023 , the financial sector emerged as the fourth most commonly targeted by ransomware in the region . Other findings from the report paint a concerning picture : a 15 % year-on-year increase in cyberattacks across the region , more sophisticated tactics by threat actors , and a growing vulnerability in the financial services supply chain . Averaging 1,963 attacks per week , APAC organisations were hit hard in 2023 , a pattern that is set to continue in 2024 in the region , mirroring global trends .
“ As we look ahead to a critical year marked by emerging technology and heightened geopolitical tensions , the best way to maintain the integrity , security and trust of the sector is through global information sharing .”
In addition to long-standing threat vectors , new threats are continuing to emerge that will have disruptive implications for the sector . These include :
• Increased geopolitical hacktivism : Threat actors are expected to launch misinformation campaigns and DDoS attacks against critical infrastructure , capitalising on on-going geopolitical conflicts and a ‘ super election ’ year , as five national elections take place across the globe . DDoS attacks are continuing to increase in size , scope and sophistication , with 35 % of all DDoS attacks targeting the financial services sector in 2023 .
• New extortion tactics in response to global regulations : Threat actors have noted the implementation of key legislation in 2023 and are monitoring pending global regulations in 2024 and
2025 , adjusting their tactics accordingly . Cybercriminals may weaponise new disclosure requirements , pushing companies to fulfil extortion demands ahead of the required reporting deadline .
• Intensified focus on establishing cryptographic agility : Recent quantum computing and AI advancements are expected to challenge established cryptographic algorithms . In response , the financial services sector must have an increased focus on developing new encryption methods that can be rapidly adopted without altering the bottomline system infrastructure .
• Improvement of supply chain ’ s cybersecurity posture : Zero-day vulnerabilities in the supply chain continue to leave the sector unprotected , as attacks on providers disrupt various systems across the sector , such as those of clearing , trading , payments and backoffice service operations . In response , the sector should work closely with suppliers to establish communication channels for incident response and bolster suppliers ’ greater cybersecurity posture .
The report details the increasing sophistication of adversarial tactics , techniques and procedures ( TTPs ) leveraged by threat actors , such as social engineering , SEO poisoning , malvertising and QR code phishing . It also focuses on the use of evolving technology by threat actors , as they look to leverage Generative AI for increased scale and automation of attacks and effectiveness of lures , as well as to poison , manipulate and exploit Generative AI tools themselves .
“ Each year , a new set of threats comes to light , requiring the financial services sector ’ s mitigation strategies to advance at an equal if not faster pace than threat actors ’ tactics ,” said Steven Silberstein , CEO of FS-ISAC .
WWW . INTELLIGENTCISO . COM 61