Cyberattacks on payment systems,TSPs increasingly worrying Asian banks:FS-ISAC

Attacks on payment systems and third-party service providers, as well as vulnerabilities in underlying system technologies are some of the greatest concerns faced by banks and financial institutions in the Asia Pacific region, said Financial Services Information Sharing and Analysis Centre (FS-ISAC).

FS-ISAC, a non-profit industry body in the Asia Pacific region that works on reducing cyber-risk in the global financial system, conducted a half-yearly review to find out the concerns faced by its member organizations.

In its “H1 2019 Asia Pacific Cyberthreat Review”, FS-ISAC founded that its members are consistently concerned about threats or attacks against payment systems, especially international systems, including how attacks against payment systems in less experienced countries may directly affect them. For example, several banks in Bangladesh encountered cyberattacks in the first half of this year.

Besides, the review also discussed about the disruptions to capabilities regarding financial services, the reputational risk to the targeted institutions and the loss of consumer confidence in the sector that could impact economic situations in their home countries.

FS-ISAC members have also witnessed a sharp rise in business emails getting compromised as ‘cyberthreat actors’ or ‘hackers’ are becoming more creative in their attempts to use “social engineering” to infiltrate organizations through email. The attackers often target and exploit employees of an organization through invoice scams and spear phishing spoof attacks.

“Threat actors have changed the way that they operate. We are seeing more time spent on preparation and reconnaissance prior to initiating attacks to ensure attacks are successful and against the best targets, be it a person or information system on a network. These actors are also increasing collaboration on the dark web, selling and seeking services that can be used against financial institutions,” said Brian Hansen, executive director, FS-ISAC APAC.

He further staying up to date on system weaknesses is essential as cyberthreat actors actively look to make the most fof newly discovered vulnerabilities before patches are deployed.

Regarding the third-party service providers (TSPs), FS-ISAC said that its members are increasingly getting worried over the TSPs’ security postures with recent events such as the Wipro breach (India), ASUS Live Update attack (Taiwan) and LandMark White (Australia).

The Wipro attack, it said, was successful due to the attackers planning an advanced phishing campaign and then exploiting Wipro’s global customer base that included financial institutions and retailers servicing gift and payment cards. Once they had access, they could quickly convert the gift cards into cash, making it difficult to trace, the review said.

Meanwhile, global IT giant IBM had announced it had four vulnerabilities, dubbed Microarchitectural Data Sampling (MDS), consisting of four different attacks. Another recent one is Microsoft’s announcement of a detected Remote Code Execution Vulnerability in Remote Desktop Services.

“With these groups banding together, it is imperative for financial institutions in Asia to embrace information sharing. They must work with each other across national boundaries to protect themselves and, more importantly, the public they serve,” the review stated.

Related Posts