FS-ISAC Report Finds Cybercriminals and Nation-State Actors Are Converging, Increasing Cross-Border and Supply Chain Attacks

Recent incidents underscore need for a trusted conduit between financial services and third parties

SYDNEY, AUSTRALIA – Media OutReach – 31 March 2021
– FS-ISAC, the only global
cyber intelligence sharing community solely focused on financial services,
announced today the findings of its latest report, which found
that wittingly or otherwise, nation-states and cybercriminals are leveraging
each other’s tools and tactics, leading to an increase in cross-border attacks
targeting financial services suppliers.

The pandemic has accelerated digitization, connectivity,
and the sector’s interdependence, as demonstrated by recent supply chain incidents.
Increasingly, the financial sector needs a trusted conduit of real-time cyber
information between institutions and third parties.

“FS-ISAC was the logical host for us to
brief the financial services sector to reach a critical mass of institutions
around the world all at once,” said Jonathan Yaron, CEO of Accellion.
“This way, we could ensure that the industry received critical and correct
information via a trusted source, enabling it to act quickly to mitigate the
impact of the incident.”

“Organizations
properly practicing defense-in-depth with multi-layered controls are
still vulnerable to large-scale and even systemic issues through third
party suppliers,” said J.R. Manes, Global Head of Cyber Intelligence at HSBC.
“The FS-ISAC community provides its members the visibility into emerging
threats that could impact customers and business, even when they are
not directly exposed. Ensuring and encouraging the sharing of cyber threat
intelligence is a vital part of the defense of not only the financial sector,
but the whole business ecosystem that runs on top of the Internet.”

 

FS-ISAC’s report outlines today’s top threats:

• Convergence of nation-states and cybercriminals: Nation-state actors
  are leveraging the skills and tools of cyber criminals, either knowingly or
  not, to enhance their own capabilities.
• Third-party
  risk on an upward trend:
  Suppliers to financial firms will continue to be lucrative targets for threat
  actors, as shown by three highly visible incidents in the last two quarters.
• Cross-border
  attacks will increase:
  Cyber criminals test their attack in one country before hitting multiple continents
  and sub-verticals, as shown by a DDoS extortion
  campaign targeting ~100 financial institutions in months.

“Trying to outpace evolving cyber threats diverts resources from a
financial firm’s core business,” said Steve Silberstein, FS-ISAC CEO.
“As the global fincyber utility, FS-ISAC enables industry-wide cross-border
sharing to pool resources, expertise, and capabilities to manage cyber risks
and incident response.”

 

More on the report’s methodology here.