India launches first Digital Threat Report 2024

Context: 

Recently, the Ministry of Electronics and Information Technology (MeitY) launched India’s first Digital Threat Report for the Banking, Financial Services and Insurance (BFSI) Sector.

More on the News

• The report was developed by the Indian Computer Emergency Response Team (CERT-In-MeitY) in collaboration with Computer Security Incident Response Teams (CSIRT-Fin) and SISA (a global, forensics-driven cybersecurity company). 

Key Focus of the Report

This report represents insights from cybersecurity leaders into the evolving attack methods, bringing together the strengths of frontline solution providers, national agencies, and expert responders.

It focuses on the major attacks the BFSI sector is facing in the form of Data Exfiltration, Ransomware attacks exposing sensitive client data, Insecure API exploitation leading to unauthorized access, threat of Quantum Computing, third-party data breaches compromising personal information, Internal Threats, etc.

It provides a unique perspective on sector-wide security gaps while delivering a forward-looking analysis of anticipated cyber risks, equipping financial institutions. 

The BFSI sector’s digital expansion is both a growth engine and a vulnerability. The report addresses this duality by:

• Analysing prevalent threats and future risks
• Studying attacker methodologies that affect core systems
• Highlighting gaps that need urgent attention

The report aims to: 

• Illuminate Adversaries’ Playbooks:  Offer insights into the methods, tactics, and procedures (TTPs) employed by threat actors, including how they exploit vulnerabilities, use AI to enhance their attacks, and target organizations through novel means.
• Anticipate Future Attacks: Predict potential future breaches based on current trends, dark web chatter, and the evolution of attack techniques, enabling organizations to proactively prepare for emerging threats.
• Assess the Impact of AI in Breaches: Explore how AI and machine learning are being utilized by attackers to develop sophisticated malware, automate attacks, create convincing deepfakes, and lower the barriers for cybercriminal activities.
• Recommend Preventive and Detective Controls: Provide actionable recommendations and key controls that organizations can implement across the pillars of people, process, and technology. 
• Highlight Current Trends and Select Cases: Examine recent breaches, including those affecting organizations with robust security postures, to understand how and why these incidents occurred despite strong defenses.

Methodology & Sources of the Report

The report is based on a synthesis of various sources, including

• Direct Observations from SISA’s DFIR Investigations
• Observations of CSIRT-Fin and CERT-In
• Research and Analysis:
• Cybersecurity Reports and Data Pointers.

Key Threat Trends in 2024 as per Report:

1. Rise in Sophisticated Attacks

• Surge in AI-enhanced phishing, deepfake scams, and Business Email Compromise (BEC).
• Phishing attacks saw a staggering 175% rise compared to the same period in 2023.
• Emergence of chatbot phishing, deepfake impersonations, and AI-generated malware.

2. Supply Chain & Third-Party Attacks

• Exploitation of software vendors, open-source libraries, and managed file transfer (MFT) services like MOVEit & GoAnywhere.
• Trusted relationships misused to introduce vulnerabilities.

3. Ransomware Evolution

• Double extortion tactics (data theft + ransom).
• Attacks targeting core banking systems via supply chain infiltration.

4. Insider Threats

• Misuse of dormant accounts and privileged access by employees.
• Long-term fraud cases detected after data manipulation and cover-ups.

5. IoT Security Risks

• BFSI’s increased reliance on connected ATMs, wearable payment devices, and kiosks expands attack surface.

Mitigation Strategies as per the Report: 

• Multi-Factor Authentication (MFA): Enforce MFA for accessing critical systems. 
• Network Segmentation: Segment and segregate networks into security zones to protect sensitive information and services. 
• Application Whitelisting: Enforce whitelisting on endpoints to prevent unauthorized software execution. 
• Virtual Patching: A security technique that mitigates vulnerabilities in software or operating systems by implementing security policies or rules which will help in safeguarding legacy systems and networks. 
• Deploy Filters: Implement web and email filters to block known malicious domains, sources, and addresses. Scan all emails, attachments, and downloads with a reputable antivirus solution at both host and gateway levels. 
• Log Monitoring and Retention: Audit and monitor logs to detect unusual patterns or behaviors in events and incidents. Redesign log retention policies to store logs for at least 180 days to ensure availability for incident investigations.
• Cross-Origin Resource Sharing (CORS) Configuration: Properly configure CORS to restrict API access to specific domains, preventing unauthorized cross-origin requests.
• Strong Authentication: Use robust mechanisms like API keys, OAuth, or JSON web token (JWT) with secure token management practices, appropriate expiration times, and granular access control based on user roles and permissions.
• Hash Sensitive Details: Include sensitive payment details like card numbers, transaction amounts, and statuses in the hash or checksum transmitted with transaction data.

Banking Financial Services and Insurance (BFSI) Sector

• It encompasses sectors involved in providing financial products and services, including banking institutions, financial markets, insurance companies, mutual funds, stock exchanges, and other financial service providers.
• The BFSI sector is projected to generate $3.1 trillion by 2028—accounting for 35% of total banking revenue. 
• In 2024, the BFSI sector witnessed a surge in cyberattacks, with the average cost of a data breach reaching an all-time high of $4.88 million globally, which is a 10% increase from 2023 and $2.18 million in India, the financial stakes have never been higher.