Headlines

Six of seven cyber threats flagged last year now operational: BFSI report | India News


Six of seven cyber threats flagged last year now operational: BFSI report

NEW DELHI: Six of the seven emerging cyber threats predicted for banks and financial institutions barely a year ago have already reached full-scale realisation, with artificial intelligence, stolen identities and manipulated payment workflows enabling attacks that increasingly resemble legitimate activity, India’s second Digital Threat Report for the BFSI sector has warned.The Digital Threat Report 2025-26, released by electronics and IT secretary S Krishnan, says the traditional progression of a cyber threat — from research and experimentation to large-scale exploitation — is breaking down. Threats are now being operationalised in months or even weeks, allowing attackers to innovate, scale and monetise faster than many financial institutions can respond.The report, prepared jointly by CERT-In, CSIRT-Fin and cybersecurity firm SISA, says social engineering, credential theft, supply-chain compromise and cloud exploitation, which were considered emerging or episodic risks in the previous edition, are now established attack methods. Only quantum risk among the seven predictions has not reached full-scale realisation, though “harvest now, decrypt later” strategies are already active.Its central concern is that the most damaging cyberattacks may no longer look like breaches. They can surface as authenticated user sessions, approved payments, routine account activity, compromised vendor actions or apparently normal business workflows, remaining indistinguishable from genuine transactions until the damage has occurred.The report groups the evolving risks into three broad clusters — AI and human deception, software and systems, and infrastructure and economy.Under AI and human deception, it flags industrial-scale deepfakes, synthetic identities, AI-generated phishing, business email compromise, credential theft and session hijacking. It says attackers are no longer crafting scams manually but generating, testing and deploying them at machine speed, weakening identity checks that depend on what a person sees or hears.The report also identifies “AI asymmetry” as a defining risk, warning that capabilities such as vulnerability discovery, exploit generation and attack orchestration, which earlier required specialist teams and weeks of work, are increasingly available to comparatively low-resource actors. At the same time, AI models used for credit, fraud detection, KYC and onboarding are themselves becoming attack surfaces through prompt injection, model probing and adversarial manipulation.“Cybersecurity is one of the most important concerns that we have to address if we have to preserve all the benefits that we have derived from digitisation,” Krishnan said. He said attacks could affect individuals through cybercrime, cripple organisations through ransomware and, at their highest level, create national-scale disruption.“We have to treat cybersecurity as an enterprise-wide systemic risk against which institutions need to constantly guard,” he said, adding that digital governance, including AI governance, must give primacy to cybersecurity and operational resilience. Krishnan also stressed the need to build domestic technological capacity, strengthen identity and account access systems, and use AI more effectively to enable defenders to act faster.On software and systems, the report warns of supply-chain compromise, poisoned software dependencies, cloud misconfigurations, insecure development pipelines and the manipulation of payment and API business logic. It says attacks can exploit OTP race conditions, parallel transaction triggering, object-level authorisation failures and exception pathways without using malware or breaching a network perimeter.The third cluster covers systemic risks to financial infrastructure, including ransomware, crypto-enabled monetisation, firmware and IoT compromise, and long-term threats to encrypted data from quantum computing.A major finding is what the report calls the “compliance-security translation gap”. Institutions may pass periodic assessments while remaining exposed because controls drift from their original intent, cover only part of the actual attack surface or fail to keep pace with cloud, AI, container and machine-identity risks.To explain how breaches escalate, the report introduces a four-layer “Anatomy of Cyber Failure” framework covering design, enforcement, signal and response gaps. It identifies four recurring failure chains — trusted entry breaches, privilege escalation, logic abuse and invisible attacks operating beyond an institution’s telemetry.The report lays out an 18-month roadmap. During the first six months, institutions should deploy phishing-resistant authentication for high-risk accounts, identify service and machine identities, test payment workflows against adversarial manipulation, strengthen secrets and encryption-key management, and automate incident containment.Over six to 12 months, they should introduce continuous session assurance, behavioural transaction monitoring, cloud identity controls, runtime software validation and quarterly post-audit attack simulations. The final phase calls for passwordless privileged access, controls over AI-model and training-data supply chains, stronger oversight of vendors’ vendors, runtime integrity attestation and post-quantum cryptography migration planning.The report’s message is that financial institutions must move from periodically proving that security controls exist to continuously proving that they work under real attack conditions.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *