Vulnerable supply chains introduce increasingly interconnected attack surfaces

Accenture Security lists five other “extreme but plausible threat scenarios in financial services” in a new report.

Image: lucadp, Getty Images/iStockphoto

Financial institutions have interdependent supply chains that offer a “broad, target-rich attack surface that adversaries can undermine,” a new report from Accenture warns. The firm listed it as the latest security trend gaining significance.

The six threats identified by Accenture are:

Supply chains, which introduce increasingly interconnected attack surfaces
Credential and identity theft, which continue to accelerate
Data theft and data manipulation, which stem from new vulnerabilities and cybercriminal behaviors
Emerging technologies, especially deepfakes and 5G, advance cyberthreats
Destructive and disruptive malware attacks, which spur multiparty and cross-sector targeting
Misinformation that is shaking trust in retail and government-backed banks

Attackers have been conducting supply chain attacks for years, the Accenture report noted. “However, supply chain threats to financial institutions in the past year have primarily involved technology service providers (TSPs), including managed service providers (MSPs) and cloud service providers (CSPs).”

SEE:
Credential stuffing attacks on global media companies are spiking

(TechRepublic)

Core financial TSPs and IT service providers have been affected by ransomware incidents, which has disrupted services for some of their financial institution clients, the report said.

Cloud misconfigurations

The COVID-19 pandemic has rapidly increased the shift from an enterprise infrastructure to a virtual and cloud environment to support remote workforces.

The firm is predicting that adversaries will exploit vulnerabilities across each of the core service categories of cloud—SaaS (software as-a-service), PaaS (platform as-a-service), and IaaS (infrastructure as-a-service).

“These layers often sit on top of one another, chaining together potentially vulnerable environments supporting critical business functions,” the report said. “Protections need to exist both within each layer and holistically to thwart exploitation.”

As cloud proliferates, one of the biggest challenges to securing cloud platforms has been misconfigurations, Accenture said.

For example, a failure to deploy multifactor authentication (MFA) for all cloud services and disable legacy services threat actors can manipulate to bypass controls contributed to the majority of cloud intrusions that the Accenture Cyber Investigation and Forensics Response (CIFR) team responded to in 2019.

It is likely this trend will continue; unprecedented usage of PaaS, SaaS, and IaaS solutions due to the COVID-19 pandemic foreshadow large cloud breach disclosures in the future, the report stated.

Credential and identity theft continue to accelerate

Credential and identity theft, compromise and abuse continue to be cornerstones for targeted attacks and fraud. As COVID-19 spread across the globe, financial institutions moved rapidly to adjust their operations.

“Cybercriminals also moved swiftly to take advantage of the expanded attack surface presented through largely remote workforces and rich feeding ground for fraud from the extensive government funding programs extended through financial institutions to small businesses in greatest need,” the report said. “Credential-stealing malwares surged, including mobile malwares such as EventBot19 and Cerberus, which are collectively capable of stealing customer credentials for more than 200 financial institutions.”

Data theft and data manipulation

Threat actors have expanded their arsenal, combining data theft and data extortion during ransomware attacks. They realize that multi-pronged approaches against businesses help to sustain ransomware as a lucrative long-term approach, the report stated.

The concept of “naming and shaming” ransomware victims, coupled with threatening to release stolen data makes the process of responding to ransomware infections more challenging, the report noted.

Emerging technologies

As technology rapidly advances, cyber defenders and adversaries are all exploring use cutting-edge tools. In particular, malicious actors recently used deepfake to increase the effectiveness of their campaigns, Accenture said.

Further, as financial institutions continue to combat business email compromise (BEC) and account takeover (ATO) attacks, they will need to track the emerging tactics, techniques and procedures (TTPs) that adversaries may use to stay a step ahead.

As fifth generation mobile networks are adopted, threat actors will also seek to gain new advantages with 5G technology.

“The opportunities for 5G in financial services abound. 5G will become a general-purpose technology for financial services organizations, providing new opportunities to create, store, and protect value, to move money, and to access credit.”

Another emerging threat comes from financial technology (FinTech) disruptors, which have rapidly expanded to new markets, Accenture said. This increases “the level of dependence the broader financial sector has on these companies to deliver their core products and services. In the future, it is these areas on the periphery of financial institutions and markets, like FinTech, where large scale, disruptive attacks may originate.”

Disruptive and destructive malware attacks

The disruptive and destructive impact upon financial institutions is a noteworthy recent change in ransomware attacks, the report stated. Two UK-based organizations, integral to global financial organizations, were affected by ransomware in December 2019 and March 2020, respectively.

One was a foreign exchange market leader and the other a financial services TSP, according to Accenture. Both had to take systems offline following the cyberattacks, which left services disrupted for their global banking clients, the report said.

“As third parties fall victim to targeted malware campaigns, actors are likely to have a growing negative impact on the availability of some banking and insurance services on a global scale.”

Misinformation

Disinformation and misinformation is not only a threat to efforts to manage COVID19, but it also impacts the financial sector. Multiple US entities, including the Nasdaq, the Securities and Exchange Commission (SEC), and FINRA have warned of spikes in market manipulation in the wake of the COVID-19 pandemic, according to the report.

In light of evolving threats and adversaries, security leaders have an opportunity to reimagine their strategy and technologies from the ground up, the report said.

“Security leaders are in pole position to act as decision makers and key influencers to help their institutions to be safe and secure and guide people to adapt to new ways of working that improve security in the long term,” Accenture said. “By adopting the attributes of adaptive security, security leaders can put the right controls in place to create a working environment that builds resilience.”