Australia has dealt with cyber breaches of some major companies including financial and insurance companies, says QBE Insurance.
A white paper, titled “Cyber Threats to the Financial Services Industry” and written by QBE’s Global Threat Intelligence specialist, Mr Jack Tolliday, says that while Australia has taken steps to improve the resilience of critical sectors, threat actors are still likely to consider Australian and New Zealand companies as weaker targets compared to big firms in Europe or North America.
Asia
In Asia, the geopolitical tension relating to Chinese aspirations over Taiwan has driven a large number of espionage attacks against Taiwanese, Asian and US organisations.
Whilst financial services is less likely to be a focus area for Chinese threat actors compared to government or technology, for example, it nevertheless represents a critical sector that they are likely intent on gaining a foothold in.
Risks
The white paper aims to help businesses stay informed of the latest information in the market to better prepare themselves to face emerging risks by gaining insights into the threats faced by the financial services sector, including ransomware, intrusion vectors, and recent cyber incidents impacting the industry.
The paper also covers cyber threats in North America, South America, Ukraine and Europe, and the Middle East & Africa.
The document highlights the following issues:
-
The threat of extortion-based attacks is unsurprisingly one of the top cyber threats to financial services.
-
In 2023, financial services was the fourth-most targeted sector, with the US being by far the most affected country, according to ransomware leak sites.
-
The exploitation of vulnerabilities, especially before they are disclosed or soon afterward, is a key threat to financial services. Ransomware actors have demonstrated the capability to quickly exploit critical vulnerabilities in popular software used by organisations.
-
Attacks in 2023 and 2024 against financial services businesses have often led to disruption for the wider sector. Given the interconnectedness of the sector, supply chain attacks pose a very high threat.
-
Phishing and credential harvesting remain a key access vector for all sectors, including financial services.
Outlook
Despite the sector being associated with generally higher levels of security investment and maturity, financial services will likely remain a top target for financially motivated threat actors.
As incidents in 2023 showed, some major organisations in the sector were exposed when critical vulnerabilities emerged. This situation is highly likely to continue into 2024 and beyond, given how successful criminal groups have been at weaponising vulnerabilities.
The increasingly complex and interconnected nature of the sector means that when a key provider is breached, and threat actors use ransomware and/or steal data, the disruption may be extensive, as we saw in 2023–2024.
Being a critical sector, the possibility remains that the financial services sector will be targeted during times of heightened geopolitical tension and conflict. Russian actors continue to wield dangerous wiper malware against critical Ukrainian sectors, and there is potential for spillover into other industries and geographies.
The role of artificial intelligence and how it can bolster threat actor capabilities is still being assessed. However, intelligence agencies and firms like Microsoft have taken the position that while it can help to improve the efficiency and effectiveness of tactics like social engineering, code development, and vulnerability research, AI has not yet been observed to provide threat actors with novel, more dangerous, or undetectable malware that cannot be countered. Nevertheless, financial services organisations should continue to monitor this area closely in case this situation changes.