FS-ISAC: Cybercriminals and nation-state actors are converging and collaborating

Source: FS-ISAC website. Navigating Cyber 2022
covers cyberthreats in 2021 and 2022.

The Financial Services Information Sharing and Analysis Center (FS-ISAC), a global cyberintelligence-sharing community focused on financial services, expects the trifecta of third-party risk, the growth in zero-day vulnerabilities as an attack vector, and the ability of ransomware groups to adapt despite increased scrutiny by law enforcement to complicate an already challenging cyberthreat environment in 2022.

The findings of its annual Global Intelligence Office report*, Navigating Cyber 2022 also found that rapid digitisation accelerated high-profile cyberattacks targeting third-party suppliers and critical zero-day vulnerabilities.

“As the threat landscape continues to evolve at a rapid pace, cross-border intelligence sharing is critical to help defend financial institutions against cyber threats,” said Steven Silberstein, CEO of FS-ISAC. 

“As the global fincyber utility, FS-ISAC enables industry-wide cross-border sharing to pool resources, expertise, and capabilities to better manage cyber risks that the global financial industry faces on a daily basis.”

Top threats to the industry in 2022 and beyond include:

Third-party attacks**

Several high-profile third-party incidents have impacted the security and availability of products and services used by many financial firms, resulting in significant resources expended.

Zero-day vulnerability exploits

Zero-day exploits are growing due to the diversification of the kill chain***. Criminals increasingly specialise in different stages of cybercrime, making it easy to simply buy (or sell) access to vulnerabilities without needing to know how to find them.

Ransomware 

Ransomware groups operating in safe-haven countries often shut down temporarily to avoid international law enforcement, only to open months later under new names with few repercussions.

Member financial firms reported high levels of phishing and business email compromise, which is the entry point for most attacks, as well as the persistence of notorious malware strains often used to drop ransomware.

“The macro-level cyberlandscape translates into increased cyberthreat activity on a daily basis, as cybercriminals are endlessly inventive in how they gain access and leverage to extort victims,” said Teresa Walsh, Global Head of Intelligence at FS-ISAC. 

“Phishing schemes continue to be one of the most popular tactics threat actors use to access networks. In fact, t24% of FS-ISAC member-reported incidents are phishing campaigns targeting employees.”

Details:

The publicly-accessible version of the report can be found here. 

*Navigating Cyber 2022 is sourced from FS-ISAC's thousands of member financial firms in more than 65 countries and further augmented by analysis by the Global Intelligence Office. Multiple streams of intelligence were leveraged from January 2021 to January 2022. 

**A third-party attack involves cybercriminals gaining access to a victim through third parties such as its partners and sub-contractors.

***A kill chain traces the steps taken by cybercriminals in an attack, from investigating the target all the way to extracting data.