Monday, July 13, 2026
40.4 C
New Delhi

Six of seven cyber threats flagged last year now operational: BFSI report

Six of seven cyber threats flagged last year now operational: BFSI report

.

NEW DELHI: Six of the seven emerging cyber threats predicted for banks and financial institutions barely a year ago have already reached full-scale realisation, with artificial intelligence, stolen identities and manipulated payment workflows enabling attacks that increasingly resemble legitimate activity, India’s second Digital Threat Report for the BFSI sector has warned.The Digital Threat Report 2025-26, released by electronics and IT secretary S Krishnan, says the traditional progression of a cyber threat — from research and experimentation to large-scale exploitation — is breaking down. Threats are now being operationalised in months or even weeks, allowing attackers to innovate, scale and monetise faster than many financial institutions can respond.The report, prepared jointly by CERT-In, CSIRT-Fin and cybersecurity firm SISA, says social engineering, credential theft, supply-chain compromise and cloud exploitation, which were considered emerging or episodic risks in the previous edition, are now established attack methods. Only quantum risk among the seven predictions has not reached full-scale realisation, though “harvest now, decrypt later” strategies are already active.Its central concern is that the most damaging cyberattacks may no longer look like breaches. They can surface as authenticated user sessions, approved payments, routine account activity, compromised vendor actions or apparently normal business workflows, remaining indistinguishable from genuine transactions until the damage has occurred. The report groups the evolving risks into three broad clusters — AI and human deception, software and systems, and infrastructure and economy.Under AI and human deception, it flags industrial-scale deepfakes, synthetic identities, AI-generated phishing, business email compromise, credential theft and session hijacking. It says attackers are no longer crafting scams manually but generating, testing and deploying them at machine speed, weakening identity checks that depend on what a person sees or hears.The report also identifies “AI asymmetry” as a defining risk, warning that capabilities such as vulnerability discovery, exploit generation and attack orchestration, which earlier required specialist teams and weeks of work, are increasingly available to comparatively low-resource actors. At the same time, AI models used for credit, fraud detection, KYC and onboarding are themselves becoming attack surfaces through prompt injection, model probing and adversarial manipulation.“Cybersecurity is one of the most important concerns that we have to address if we have to preserve all the benefits that we have derived from digitisation,” Krishnan said. He said attacks could affect individuals through cybercrime, cripple organisations through ransomware and, at their highest level, create national-scale disruption.“We have to treat cybersecurity as an enterprise-wide systemic risk against which institutions need to constantly guard,” he said, adding that digital governance, including AI governance, must give primacy to cybersecurity and operational resilience. Krishnan also stressed the need to build domestic technological capacity, strengthen identity and account access systems, and use AI more effectively to enable defenders to act faster.On software and systems, the report warns of supply-chain compromise, poisoned software dependencies, cloud misconfigurations, insecure development pipelines and the manipulation of payment and API business logic. It says attacks can exploit OTP race conditions, parallel transaction triggering, object-level authorisation failures and exception pathways without using malware or breaching a network perimeter.The third cluster covers systemic risks to financial infrastructure, including ransomware, crypto-enabled monetisation, firmware and IoT compromise, and long-term threats to encrypted data from quantum computing.A major finding is what the report calls the “compliance-security translation gap”. Institutions may pass periodic assessments while remaining exposed because controls drift from their original intent, cover only part of the actual attack surface or fail to keep pace with cloud, AI, container and machine-identity risks.To explain how breaches escalate, the report introduces a four-layer “Anatomy of Cyber Failure” framework covering design, enforcement, signal and response gaps. It identifies four recurring failure chains — trusted entry breaches, privilege escalation, logic abuse and invisible attacks operating beyond an institution’s telemetry.The report lays out an 18-month roadmap. During the first six months, institutions should deploy phishing-resistant authentication for high-risk accounts, identify service and machine identities, test payment workflows against adversarial manipulation, strengthen secrets and encryption-key management, and automate incident containment.Over six to 12 months, they should introduce continuous session assurance, behavioural transaction monitoring, cloud identity controls, runtime software validation and quarterly post-audit attack simulations. The final phase calls for passwordless privileged access, controls over AI-model and training-data supply chains, stronger oversight of vendors’ vendors, runtime integrity attestation and post-quantum cryptography migration planning.The report’s message is that financial institutions must move from periodically proving that security controls exist to continuously proving that they work under real attack conditions. Go to Source

Hot this week

Quote of the day by Muhammad Ali, “The Greatest”: “I try not to speak about all the charities and people I help, because…” –...

Muhammad Ali (Image: Wikipedia) Fame gave Muhammad Ali one of the largest platforms of the twentieth century, and he chose, deliberately, not to use most of it to talk about his own charity work. Read More

‘Your prayers, efforts gave us strength’: Indian Embassy thanks Vietnam as bodies of boat tragedy victims return home

The accident occurred on Saturday when a speedboat carrying 32 Indian tourists and four local crew members capsized near Hon May Rut Ngoai, off Phu Quoc Island (Image credit: AP) NEW DELHI: The mortal remains of the 15 Indian touris Read More

Sam Neill’s Death Brings Rare Blood Cancer Into Focus; What Is AITL And It’s Symptoms

Show Quick Read Key points generated by AI, verified by newsroom Sam Neill’s diagnosis highlighted rare, aggressive blood cancer. AITL presents ambiguous symptoms, making early diagnosis challenging. Read More

Inside Patrick Swayze and Lisa Niemi’s decades-long love story

Inside Patrick Swayze and Lisa Niemi’s decades-long love story, from teenage sweethearts to soulmates: ‘The moment I looked in his eyes…’ Patrick Swayze and Lisa Niemi’s love story remains one of Hollyw Read More

Fans face 3 hour delay at Jay Z’s concert

Jay Z apologizes after Sunday concert faces a three-hour delay. While Jay Z is currently on his ongoing 30th anniversary series tour, one of his latest performances ended up drawing considerable criticism. Read More

Topics

Quote of the day by Muhammad Ali, “The Greatest”: “I try not to speak about all the charities and people I help, because…” –...

Muhammad Ali (Image: Wikipedia) Fame gave Muhammad Ali one of the largest platforms of the twentieth century, and he chose, deliberately, not to use most of it to talk about his own charity work. Read More

‘Your prayers, efforts gave us strength’: Indian Embassy thanks Vietnam as bodies of boat tragedy victims return home

The accident occurred on Saturday when a speedboat carrying 32 Indian tourists and four local crew members capsized near Hon May Rut Ngoai, off Phu Quoc Island (Image credit: AP) NEW DELHI: The mortal remains of the 15 Indian touris Read More

Sam Neill’s Death Brings Rare Blood Cancer Into Focus; What Is AITL And It’s Symptoms

Show Quick Read Key points generated by AI, verified by newsroom Sam Neill’s diagnosis highlighted rare, aggressive blood cancer. AITL presents ambiguous symptoms, making early diagnosis challenging. Read More

Inside Patrick Swayze and Lisa Niemi’s decades-long love story

Inside Patrick Swayze and Lisa Niemi’s decades-long love story, from teenage sweethearts to soulmates: ‘The moment I looked in his eyes…’ Patrick Swayze and Lisa Niemi’s love story remains one of Hollyw Read More

Fans face 3 hour delay at Jay Z’s concert

Jay Z apologizes after Sunday concert faces a three-hour delay. While Jay Z is currently on his ongoing 30th anniversary series tour, one of his latest performances ended up drawing considerable criticism. Read More

Shubman Gill Details Chat With Virat Kohli, Mentions Rohit Sharma And World Cup 2027 Plans

Show Quick Read Key points generated by AI, verified by newsroom Recent T20 losses will not affect the ODI team’s different goals. Read More

Bangkok Bar Fire: 27 Dead As Thick Smoke Traps Guests With No Fire Escape

Show Quick Read Key points generated by AI, verified by newsroom Bangkok pub fire killed 27, injuring 63 others. Blaze started near stage, rapidly filling pub with smoke. Many victims found in restrooms, lacked fire escapes. Read More

Russia-Ukraine War: ‘Coalition Of The Willing’ Meets In Paris To Reaffirm Support For Kyiv

Show Quick Read Key points generated by AI, verified by newsroom Ukrainian drone strikes killed three near Moscow, injured two. Russia foiled Ukraine’s drone attacks on two airbases. Read More

Related Articles