The Financial Cyber Threat Landscape
In our last report, we detail seven top cyber threats that organizations in the financial services industry will face in 2022. Some of them, like ransomware, are not new but remain a serious threat nonetheless. Others, like decentralized finance (DeFi) and cryptocurrencies, are newer, so to speak, and show how threat actors rely on blockchain technology to ensure their perceived anonymity.
New or not, one thing is certain: companies in the financial sector, and their partners and customers in the periphery, are in a constant battle against an increasingly sophisticated and constantly evolving threat landscape.
Here are the top 7 threats to the financial services industry in 2022
From retail, commercial and internet-native banks to credit unions, credit card companies, investment brokers, insurance companies and mortgage lenders, these are the threats we believe will be the most important, the most malicious and the most sophisticated.
Each of them was selected by Flashpoint intelligence analysts for a variety of factors, such as their dominant or emerging presence in our data collections as well as their impact in the current cyber threat ecosystem.
- Ransomware. Threat actors continue to hold stolen data in exchange for large salaries, putting organizations in the financial industry, as well as their partners and customers, at constant risk.
- Third-party risks. A more concentrated third-party vendor landscape – from cloud and payment services to virtual access networks and software – provides threat actors with a smaller window but also greater potential for access.
- Malware, e-skimmers and formjacking. Threat actors use malicious code to exploit various payment platforms and processes, including e-commerce forms where highly sensitive data is shared.
- Compromised bank credentials. Threat actors are constantly exploiting stolen bank logs, putting pressure on financial organizations to be able to quickly detect and protect against fraud.
- Synthetic identities. By combining legitimate and fraudulent data, threat actors test the ability of financial organizations to detect impersonators who may apply for credit under a false identity, among other types of fraud.
- DeFi and cryptocurrency. Threat actors transact in cryptocurrency due to its perceived anonymity via blockchain technology, which can obscure forensics. They also target crypto holders via social engineering scams.
- Data Breaches. According to our data collections, threat actors attempt to “hack” companies in the financial sector more than any other sector except healthcare.
For a complete view of these threats, download our free report.