Financial Services remain a target for cyberattacks

In 2019 Accenture issued a major cybersecurity report titled ‘The Future Cyber Threats: Extreme but Plausible Threat Scenarios in Financial Services‘. Now the company revisit the territory to see if the same cyber-risks remain or whether the landscape has altered, for better or for worse, under the coronavirus pandemic.

Accenture’s 2020 report details the top extreme but plausible future cyber threats along with relevant recommendations for financial services firms. The analysts see credential and identity theft continue to accelerate while new vulnerabilities and cybercriminal behavior increase data theft and data manipulation.

In addition, the report considers emerging technologies, such as deepfakes and 5G, and how these are advancing cyberthreats. The review further considers how destructive and disruptive malware attacks are spurring multiparty and cross-sector targeting and report on how misinformation is affecting trust in retail and state-owned banks.

For 2020’s review, one new area has joined our list of key threats: the topic of vulnerable supply chains and new interdependent attack surfaces that adversaries can undermine.

From the report, the primary areas of concern are:

Supply chain vulnerabilities, including cloud and technology suppliers

While the benefits of the cloud are clear, security concerns remain and many firms are overlooking possible cloud misconfigurations that hackers could manipulate to bypass controls. In fact, a failure to deploy multifactor authentication (MFA) for all cloud services and disable vulnerable legacy services contributed to the majority of cloud intrusions that the Accenture Cyber Investigation and Forensics Response (CIFR) team responded to in 2019.

Surge in FS credential and identity theft

While the FBI recently issued a warning to financial institutions, it’s clear that credential stealing continues (popular malware sellers earned more profit in a single week in April than the prior four months combined) and the digital fingerprint marketplace, whereby bad actors are able to buy, sell and exchange compromised data and login credentials is thriving.

Deepfakes and 5G could offer next wave of attacks

Voice-spoofing attacks, whereby criminals imitate an executive’s voice, in particular, could be the next frontier of attacks against banks. With 5G, the small handful of providers amplifies the impact a single malicious campaign can have globally on financial institutions.