APAC Cyberattacks Up 15% in 2023: Surge in Ransomware Attacks a Key Driver
One in 20 APAC organisations were hit by ransomware in 2023, with financial services as the fourth most targeted sector
Posted: Thursday, Mar 28
  • KBI.Media
  • $
  • APAC Cyberattacks Up 15% in 2023: Surge in Ransomware Attacks a Key Driver
APAC Cyberattacks Up 15% in 2023: Surge in Ransomware Attacks a Key Driver

Australia, 28 March 2024 โ€“ FS-ISAC, the member-driven, not-for-profit organisation that advances cybersecurity and resilience in the global financial system, today announced the findings of its annual Global Intelligence Office report, Navigating Cyber 2024.

FS-ISAC’s latest annual report on the cyber threat landscape revealed that cyberattacks are on the rise in APAC, with ransomware leading the charge. In 2023, the financial sector emerged as the fourth most commonly targeted by ransomware in the region. Other findings from the report paint a concerning picture: a 15% year-on-year increase in cyberattacks across the region, more sophisticated tactics by threat actors, and a growing vulnerability in the financial services supply chain. Averaging 1,963 attacks per week, APAC organisations were hit hard in 2023, a pattern that is set to continue in 2024 in the region, mirroring global trends.

The report details the increasing sophistication of adversarial tactics, techniques, and procedures (TTPs) leveraged by threat actors, such as social engineering, SEO poisoning, malvertising, and QR code phishing. It also focuses on the use of evolving technology by threat actors, as they look to leverage generative AI for increased scale and automation of attacks and effectiveness of lures, as well as to poison, manipulate, and exploit generative AI tools themselves.

โ€œEach year, a new set of threats comes to light, requiring the financial services sectorโ€™s mitigation strategies to advance at an equal if not faster pace than threat actorsโ€™ tactics,โ€ said Steven Silberstein, CEO of FS-ISAC. โ€œAs we look ahead to a critical year marked by emerging technology and heightened geopolitical tensions, the best way to maintain the integrity, security, and trust of the sector is through global information sharing.โ€

In addition to long-standing threat vectors, new threats are continuing to emerge that will have disruptive implications for the sector. These include:

  • Increased geopolitical hacktivism: Threat actors are expected to launch misinformation campaigns and DDoS attacks against critical infrastructure, capitalising on ongoing geopolitical conflicts and a โ€œsuper electionโ€ year, as five national elections take place across the globe. DDoS attacks are continuing to increase in size, scope, and sophistication, with 35% of all DDoS attacks targeting the financial services sector in 2023.
  • New extortion tactics in response to global regulations: Threat actors have noted the implementation of key legislation in 2023 and are monitoring pending global regulations in 2024 and 2025, adjusting their tactics accordingly. Cybercriminals may weaponise new disclosure requirements, pushing companies to fulfil extortion demands ahead of the required reporting deadline.
  • Intensified focus on establishing cryptographic agility: Recent quantum computing and AI advancements are expected to challenge established cryptographic algorithms. In response, the financial services sector must have an increased focus on developing new encryption methods that can be rapidly adopted without altering the bottom-line system infrastructure.
  • Improvement of supply chainโ€™s cybersecurity posture: Zero-day vulnerabilities in the supply chain continue to leave the sector unprotected, as attacks on providers disrupt various systems across the sector, such as those of clearing, trading, payments, and back-office service operations. In response, the sector should work closely with suppliers to establish communication channels for incident response and bolster suppliersโ€™ greater cybersecurity posture.

โ€œThreat actors will exploit vulnerabilities in critical infrastructure and will leverage any tool available to destroy trust in the security of our systems,โ€ said Teresa Walsh, Chief Intelligence Officer and Managing Director, EMEA, of FS-ISAC. โ€œThe financial services sector operates in a cyber landscape that is endlessly dynamic, as cybercrime and fraud converge, and emerging technologies create additional opportunities for exposure. In order to maintain trust in the sector, companies must prioritise proactive cyber hygiene to ensure operational resilience in the face of an attack.โ€

Methodology

The Navigating Cyber 2024 report is sourced from FS-ISAC’s thousands of member financial firms in 75 countries and further augmented by analysis by the Global Intelligence Office. Multiple streams of intelligence were leveraged for the curation of the round-up, which examined data from January 2023 to January 2024. The publicly accessible version of the report can be found here. The full report is only available to member financial institutions.

About FS-ISAC

FS-ISAC is the member-driven, not-for-profit organisation that advances cybersecurity and resilience in the global financial system, protecting the financial institutions and the people they serve. Founded in 1999, the organisationโ€™s real-time information-sharing network amplifies the intelligence, knowledge, and practices of its members for the financial sectorโ€™s collective security and defences. Member financial firms represent $100 trillion in assets in 75 countries.

Contacts for Media

media@fsisac.com

Share This