cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Cyber criminals and nation-state actors reportedly converging and collaborating

The Financial Services Information Sharing and Analysis Center (FS-ISAC), has announced the findings of its annual Global Intelligence Office report, Navigating Cyber 2022, which found that the rapid digitisation of the financial services sector has led to a rise in global cyber threats in 2021.

user iconReporter
Mon, 14 Mar 2022
Cyber criminals and nation-state actors reportedly converging and collaborating
expand image

The rapid acceleration of high-profile cyber attacks targeting third-party suppliers and critical zero-day vulnerabilities led FS-ISAC to increase its Regional Cyber Threat Levels an unprecedented three times in 2021.

Looking ahead to 2022, FS-ISAC expects the trifecta of third-party risk, the growth in zero-day vulnerabilities as an attack vector, and the ability of ransomware groups to adapt despite increased scrutiny by law enforcement to complicate an already challenging cyber threat environment.

According to Steven Silberstein, CEO of FS-ISAC, as the threat landscape continues to evolve at a rapid pace, cross-border intelligence sharing is critical to help defend financial institutions against cyber threats.


"As the global fincyber utility, FS-ISAC enables industry-wide cross-border sharing to pool resources, expertise, and capabilities to better manage cyber risks that the global financial industry faces on a daily basis," Silberstein said.

The report outlined top threats to the industry in 2022 and beyond, including:

  • Third-party attacks: Several high-profile third-party incidents have impacted the security and availability of products and services used by many financial firms, resulting in significant resources expended.
  • Zero-day vulnerability exploits: In addition to rapid digitisation, zero-day exploits are growing due to the diversification of the kill chain. Criminals increasingly specialise in different stages of cyber crime, making it easy to simply buy (or sell) access to vulnerabilities without needing to know how to find them.
  • Ransomware: Ransomware groups operating in safe-haven countries often shut down temporarily to avoid international law enforcement, only to open months later under new names with few repercussions.

Member financial firms reported high levels of phishing and business email compromise, which is the entry point for most attacks, as well as the persistence of notorious malware strains often used to drop ransomware.

FS-ISAC is a global cyber intelligence sharing community solely focused on financial services and has observed global cyber threats accelerating in the sector with third-party risk, zero-day vulnerability exploits. Their research revealed that ransomware will remain at the forefront of the cyber threats facing financial institutions in 2022, after discovering that cyber criminals and nation-state actors converging and collaborating.

The FS-ISAC members represent over $35 trillion in assets under management in more than 65 countries and the company aims to leverage its intelligence platform, resiliency resources, and a trusted peer-to-peer network of experts to anticipate, mitigate, and respond to cyber threats.

As Teresa Walsh, global head of intelligence at FS-ISAC, explained the macro level cyber landscape translates into increased cyber threat activity on a daily basis, as cyber criminals are endlessly inventive in how they gain access and leverage to extort victims.

"Phishing schemes continue to be one of the most popular tactics threat actors use to access networks. In fact, 24 per cent of FS-ISAC member-reported incidents are phishing campaigns targeting employees."

The Navigating Cyber 2022 report is sourced from thousands of FS-ISAC member financial firms in more than 65 countries, and is further augmented by analysis by the Global Intelligence Office. Multiple streams of intelligence were leveraged for the curation of the round-up, which examined data from January 2021 to January 2022.

[Related: Chainalysis accelerates launch of 2 free sanctions screening tools]

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.