DIGITAL THREAT

DIGITAL THREAT
REPORT
REPORT 2024
2024
For
Forthe
theBanking
BankingFinancial
Financial Services
Services
and
andInsurance
Insurance(BFSI)
(BFSI) Sector
Sector

A COLLABORATIVE EFFORT OF SISA, CERT-IN & CSIRT-FIN.

A 1COLLABORATIVE EFFORT OF SISA, CERT-IN & CSIRT-FIN. DIGITAL THREAT REPORT 2024

1 DIGITAL THREAT REPORT 2024

CONTENTS
01 Preface

02 Introduction

03 Point of View

04 Highlights
Methodology & Sources

05 Threat Landscape Overview

Shift Tow
T ards Social Engineering and Credential Theft
Impact of Artificial Intelligence on Cyber Threats
Increase in Supply Chain and Third-Party Attacks
Exploiting Weak Links: Security Lapses and Cloud Vulnerabilities

06 Inside the Breach: Key Cybersecurity

Breaches and Attack Vectors

Case 1: The Reward Heist: Exploiting System Vulnerabilities for

Financial Fraud
Case 2: The Silent Heist : Low-Volume Fraud Ta
T rgeting Small
Entities in BFSI Sector
Case 3: The Silent Infiltration: Ransomware Through the Core
Banking Supply Chain
Case 4: The Wallet Exploit
Case 5: The Cashback Manipulation
Case 6: The Webshell Breach - Exploiting XSS to Infiltrate Cloud
Infrastructure 09 Gazing Through the Crystal Ball for 2025
Case 7: The Insider Threat: Manipulating Dormant Accounts for Anticipated Attack 1: Rise of Deep Fakes and AI-Generated Content
Financial Gain
Anticipated Attack 2: Growing Threat of Supply Chain Attacks and
Securing the Expanding IoT
o Frontier in BFSI: A Growing Imperative
oT Malicious Libraries
Case 8: T
Turning a $2 Million Hack into a Hardware-Hacking Anticipated Attack 3: Emerging Threat of LLM Prompt Hacking in
Milestone Applications
Anticipated Attack 4: Influence of Adversarial LLMs Enhancing
Attack Capabilities
07 Regulatory Focus: A Special Feature
Anticipated Attack 5: Quantum Computing - A Looming Threat to
2025 and Beyond: Navigating Evolving Cryptography
Regulations in the Digital Payments Landscape
Anticipated Attack 6: Crypto: A New Frontier for Cyber Threats
Suggestions to Policy Makers
Anticipated Attacks 7: IoT
oT
oT
T,, the Emerging Threat to Embedded
Devices
08 Insights Across Layers of Defense
Seen in BFSI Sector
10 Recommendations: Strengthening Your Cybersecurity Posture
Frequently Observed Control Gaps in
Building a Resilient People - Force: Strengthening Cybersecurity
Financial Institutions (India & Global)
Through TTraining, Governance, and Remote Security
Evaluating Security Maturity: Technical
T
Trends and Gaps in the BFSI Sector Strengthening Cybersecurity Through Proactive Processes
and Layered Defenses
• Perimeter Security / Network Security
• Application Security Technology: Building Resilient Cyber Defenses
T
• Secure Configuration
• Cloud Security
• Monitoring & Response 11 Conclusion
• Identity and Access Management Security
• Endpoint Security 12 Acknowledgements
• Data Protection and Encryption
• Vulnerability and Penetration Testing
T 13 References

2 DIGITAL THREAT REPORT 2024

PREFACE
Finance sector not just in India but order to get beyond traditional defenses.
across the globe is undergoing rapid The cyber security landscape is changing
digital transformation and adopting new in tandem with the spread of cutting-
technology-driven solutions. Though, edge technologies like cloud computing,
technology intervention helps streamline Application Programming Interfaces
processes and customer service delivery, it (APIs), and Artificial Intelligence/Machine
also expands the security threat landscape, Learning (AI/ML). Notable findings also
necessitating need for a robust and effective show that some firms still struggle with
cyber security framework. basic cyber hygiene procedures and do
not follow established security policies and
As the sector continues to adopt Fintech procedures.
and digital solutions, cyberattacks are
growing more sophisticated, frequent, The report prepared by CERT-In, CSIRT-Fin
and targeted. A cyberattack on a financial and SISA offers an in-depth analysis of the
institution can have disastrous results. evolving cyber threat landscape, focusing
Cyberattacks in financial institutions can on the methods, tactics, techniques and
have systemic effects that are exacerbated procedures (TTPs) employed by threat
by technological and financial ties between actors targeting the BFSI sector. It provides
other financial and non-financial institutions, a comprehensive overview of the methods
resulting in exponential losses. malicious actors use to exploit vulnerabilities
in BFSI organizations. The report outlines
Thus, efficient, and effective response to practical, actionable recommendations
and rapid recovery from a cyber incident that organizations in the BFSI sector can
by financial organisations are essential to implement across three pillars of the people,
limit these financial stability risks. Further, process, and technology. These include key
considering the interconnectedness and security controls and mitigation strategies
interdependency of financial entities and designed to fortify defenses and reduce
the borderless nature of cyber incidents, the vulnerabilities.
cyber risk of any given entity is no longer
limited to the entity’s owned or controlled The report’s timely insights will help
systems, networks, and assets. Further organizations to better safeguard their
entities which were not the primary target or assets by taking proactive steps in
source of disruption may also be affected. enhancing their security postures and
Hence, it becomes much more important for preparing for potential future breaches
authorities to coordinate at sector/national before they occur. The report also
level. promotes sector-wide collaboration,
allowing organizations to learn from each
CERT-In and CSIRT-Fin are playing a critical other’s experiences and improve resilience
role by coordinating with various global & of individual organizations as well as
national financial organisations, regulators, strengthen the BFSI sector as a whole by
national CERTs and other government facilitating team work through a collective
agencies in rendering a timely and efficient response to emerging cyber threats.
cyber incident response to contain, reduce,
or even eliminate cyber risk.

CERT-In and CSIRT-Fin have noticed a

clear pattern in which cyberattacks in the S. KRISHNAN, I.A.S.
financial industry are becoming more Secretary,
complicated and sophisticated. Malicious Ministry of Electronics & Information
actors use sophisticated tactics, techniques Technology, (MeitY),
and procedures to plan these attacks in Government of India

3 DIGITAL THREAT REPORT 2024

INTRODUCTION
Welcome to the 2024 Digital Threat The BFSI and digital payments industries lie
Report for the BFSI Sector. This report at the heart of global digital transformation.
represents a convergence of insights from Projected to generate $3.1 trillion by
cybersecurity leaders, bringing together 2028—accounting for 35% of total banking
the strengths of frontline solution providers, revenue—this sector’s transition from cash
national agencies, and expert responders. to digital transactions introduces immense
By pooling real-world data, early threat opportunities alongside heightened risks.
detection capabilities, and incident handling As digital payments grow, they increasingly
expertise, we have created a comprehensive attract malicious actors who exploit system
view of the most critical risks facing the vulnerabilities, making this sector a prime
industry today. The collaborative nature focus for cyberattacks.
of this report ensures that organizations
gain visibility from multiple vantage From threats targeting cloud identities
points—providing a holistic understanding and infrastructure to sophisticated attack
of adversary tactics, techniques, and patterns on digital applications, the report
procedures. explores how adversaries adapt to evolving
technological landscapes. It not only
In an era where cyber threats evolve at details these emerging threats but also
an unprecedented pace, resilience is no offers practical strategies for emulating
longer optional—it is the foundation of and mitigating these risks—empowering
organizational strength. This resilience businesses to enhance detection and
emerges when compliance and security response capabilities.
are viewed not as separate endeavors
but as interconnected pillars of a unified Our mission is to bridge the gap between
strategy. When harmonized, they empower awareness and action, equipping
organizations to anticipate vulnerabilities, organizations to refine their approach to
respond proactively, and build a formidable threat detection, response, and long-term
defense against emerging threats. resilience. This report delivers intelligence
designed to help security teams stay one
The 2024 Digital Threat Report for the BFSI step ahead, ensuring they are prepared not
Sector reflects this principle, combining just for today’s challenges but for those that
intelligence from root cause analysis of lie ahead.
cyber incidents conducted by CSIRT-Fin
team, and forensic investigations conducted Together, let’s transform challenges into
by SISA. It serves as a vital resource for opportunities, safeguarding the digital
navigating a landscape where security payments ecosystem to ensure it remains
and compliance are not just essential secure, resilient, and ready for the future.
but mutually reinforcing. It underscores
the growing interdependence between
regulatory frameworks and security
practices. The insights offered are not
merely reactive; they are forward-looking,
designed to help organizations anticipate
challenges and drive sustained readiness for DHARSHAN SHANTHAMURTHY
the future. Founder & CEO, SISA

4 DIGITAL THREAT REPORT 2024

POINT OF VIEW
Technology has been a driving force in The Digital Threat Report 2024, developed
shaping the securities market, enabling by SISA in collaboration with CERT-In and
greater efficiency, accessibility, and CSIRT-Fin, provides critical insights into
affordability. However, with swift the evolving attack methods, reinforcing
technological advancements, protection the urgency for market participants to
of IT infrastructure and data has become adopt robust security measures, strengthen
a key concern for the securities market compliance protocols, and enhance threat
regulator Securities and Exchange Board of detection capabilities.
India (SEBI) and its Regulated Entities (REs).
In order to strengthen the cybersecurity In my opinion, the research findings
measures and to ensure adequate cyber mentioned in the report will augment
resiliency against cybersecurity incidents/ the CSCRF framework towards the
attacks in Indian securities market, SEBI has implementation of various solutions for
issued Cybersecurity and Cyber Resilience. cybersecurity and cyber resiliency, thus
promoting digital trust, innovation, and
Framework (CSCRF). CSCRF is a standards sustainable growth.
based framework and broadly covers the
five cyber resiliency goals, viz. Anticipate
Withstand, Contain, Recover, and Evolve,
which are adopted from CERT-In Cyber AVNEESH PANDEY
Crisis Management Plan (CCMP), for Chief General Manager and CISO
countering Cyber Attacks and Cyber Securities and Exchange Board of India
Terrorism. (SEBI)

The digital payments landscape is evolving This report, developed by SISA in

at an unprecedented pace. While these collaboration with CERT-In and CSIRT-
advancements improve accessibility and Fin, offers insights into the evolving
the efficiency of various payment platforms, threat landscape, stressing the urgency
they also require continuous vigilance. for payment networks, banks, and fintech
players to adopt zero-trust architectures,
As a key enabler of India’s digital payments strengthen compliance frameworks,
infrastructure, the National Payments and enhance cyber resilience and fraud
Corporation of India (NPCI) understands detection capabilities.
that cybersecurity and resilience are crucial
to maintaining public trust and financial I commend the collaborative effort behind
stability. this report and encourage all stakeholders
across the digital payments industry to
The key threats identified in the Global use these insights to strengthen security
Threat Report 2024 for the BFSI Sector measures, build cyber resilience, and
highlight the growing risks to payment maintain consumer trust in our fast-growing
networks, such as real-time fraud, API digital economy.
security gaps, and targeted attacks on
financial infrastructures. With the increasing
reliance on AI-driven transactions and
embedded finance models, safeguarding
the payments ecosystem from phishing,
malware, and supply chain vulnerabilities
is more critical than ever. Recent cyber
incidents reinforce the need for multi- DILIP ASBE
layered security strategies, real-time threat Managing Director and CEO of the
intelligence, and AI-enabled technologies to National Payments Corporation of India
mitigate risks. (NPCI)

5 DIGITAL THREAT REPORT 2024

POINT OF VIEW
The Indian BFSI domain has witnessed As a Regulator for Insurance Industry,
rapid digital innovation. it is evolving IRDAI has taken various measures to
into a tech-driven ecosystem where ensure its Regulated Entities have put in
digital platforms, advanced analytics, and place effective controls to protect their
alternative distribution channels are shaping information assets in the face of evolving
products and services. While technology cyber security landscape. The measures
is transforming the insurance sector at include comprehensive guidelines on
breakneck speed, regulators and industry information and cybersecurity mandating
players face several interlinked challenges. establishment of robust cybersecurity
frameworks including technical controls,
Digitization has exposed entities in annual comprehensive audit, incident
BFSI sector to cyberattacks, which can response policy & plan including forensic,
compromise sensitive personally identifiable training and awareness and collaboration
information and disrupt core services. with industry and Cert-In. These measures
aim to strengthen the cybersecurity posture
The use of artificial intelligence to improve of the insurance industry, ensuring resilience
efficiency & reduce costs, the proliferation against evolving cyber threats while
of APIs for delivering personalized services safeguarding sensitive customer data and
has brought heightened risks to information maintaining trust.
assets, making cybersecurity a critical focus
area for organizations striving to protect As the financial sector continues its
their assets, reputation, and customers. journey of rapid digital transformation, the
importance of robust cybersecurity practices
The report highlights some of the major cannot be overstated. By leveraging
attacks the BFSI sector is facing in the form the expertise of CERTs, implementing
of Data Exfiltration, Ransomware attacks actionable recommendations across
exposing sensitive client data, Insecure API people, processes, and technology, and
exploitation leading to unauthorized access, taking proactive steps to enhance security
threat of Quantum Computing, third-party postures, organizations can effectively
data breaches compromising personal address the evolving cyber threat
information, Internal Threats etc. along with landscape. The commitment to continuous
the recommendation for protecting and improvement and vigilance ensures that
strengthening the cyber Security posture financial organizations remain resilient in the
and resilience of organisations. face of emerging challenges, safeguarding
both their operations and their customers.
The report also highlights the growing
interconnectedness of financial systems The report will certainly help the entities in
amplifying the impact of such breaches. BFSI sector to review their cyber security
Thereby, requiring effective and efficient posture and ensure that their IT systems are
responses to these incidents, along with resilient to the cyber vulnerabilities.
rapid recovery mechanisms to mitigate
damage and maintain trust.

By collaborating with global and national

financial organizations and Regulators,
CERT- In and CSIRT-Fin have been providing
critical incident response coordination,
threat intelligence sharing, and guidance
on mitigating cyber risks to BFSI sector.
Their efforts are enabling organizations to
anticipate and address emerging threats
more effectively, thereby improving the A.R.NITHIYANANTHAM
resilience of the BFSI sector. Executive Director, IRDAI

6 DIGITAL THREAT REPORT 2024

HIGHLIGHTS
HIGHLIGHTS

7 DIGITAL THREAT REPORT 2024

7 DIGITAL THREAT REPORT 2024
This report draws on the collective are shifting towards harmonization,
This report draws on the collective are shifting towards harmonization,
expertise and insights of industry with the goal of unifying disparate
expertise and insights of industry with the goal of unifying disparate
leaders to provide a unified view of standards across regions. Compliance
leaders to provide a unified view of standards across regions. Compliance
the cybersecurity landscape in 2024.
the cybersecurity landscape in 2024. isis transforming from a burdensome
transforming from a burdensome
ItItreflects
reflectsaaseamless
seamlessexchange
exchangeofof obligation
obligation into a strategic
into a enabler—
strategic enabler—
knowledge,
knowledge, shaped byreal-world
shaped by real-worldcyber
cyber one that can unlock growth,
one that can unlock growth, improveimprove
incidents,
incidents,evolving
evolvingadversarial
adversarialtactics,
tactics, and
and operational efficiency, and reinforce
operational efficiency, and reinforce
emerging
emergingthreat
threatintelligence.
intelligence. resilience
resilience inin sectors
sectors like digital payments,
like digital payments,
where sensitive data remains
where sensitive data remains a primea prime
ByByintegrating
integratingaanational
nationalperspective
perspectiveon on target
target for
for attackers.
attackers.
cyber
cybertrends
trendswith
withfrontline
frontlineexperience
experience
ininmitigating
mitigatingsophisticated
sophisticatedattacks,
attacks,this
this Beneath
Beneath these
these strategic shifts lies
strategic shifts lies aa more
more
report
reportdelivers
deliversaaholistic
holisticunderstanding
understanding pressing
pressing reality—critical control gaps
reality—critical control gaps
ofofthe
theshifting
shiftingthreat
threatenvironment.
environment.TheThe continue
continue to
to persist
persist across industries.
across industries.
result
result is a comprehensiveresource
is a comprehensive resourcethat
that Weak
Weak access
access controls, over-privileged
controls, over-privileged
empowers
empowersorganizations
organizationstotoanticipate
anticipate user
user accounts,
accounts, and
and misconfigurations
misconfigurations
risks,
risks,strengthen
strengthendefenses,
defenses,and
andnavigate
navigate leave even
leave even the most fortified
the complexities of today’s cybersecurity
the complexities of today’s cybersecurity organizations
organizations exposed. This report
report
challenges.
challenges. highlights
highlights how these vulnerabilities
vulnerabilities are
are
not
not merely
merely by-products of oversight
oversight butbut
Over
Overthethepast
pastyear,
year,cyberattacks
cyberattackshavehave structural
structural weaknesses that adversaries
adversaries
grown
grownmoremoresophisticated,
sophisticated,driven
drivenby by consistently
consistently exploit to devastating
devastating effect.
effect.
the
theintersection
intersectionofofnew
newtechniques
techniquesand and
thepersistence
the persistenceofofproven
provenmethods.
methods. As the
As the industry
industry braces for what lieslies
Socialengineering,
Social engineering,ininparticular,
particular,has
has ahead, the
ahead, the future of cybersecurity
cybersecurity is is
surgedtotothe
surged theforefront,
forefront,with
withBusiness
Business already being
already being reshaped by artificial
artificial
EmailCompromise
Email Compromise(BEC) (BEC)and
andadvanced
advanced intelligence (AI). The same technology
intelligence technology
phishing campaigns operating
phishing campaigns operating with with that drives
that drives innovation is arming attackers
attackers
alarming precision. These attacks,
alarming precision. These attacks, often often with the
with the tools
tools to conduct highly
bolsteredby
bolstered bydata
datasourced
sourcedfrom
fromthethedark
dark personalized, evasive, and large-scale
personalized, large-scale
web,bypass
web, bypasstraditional
traditionaldefenses
defensesby by attacks. In
attacks. In 2025
2025 and
and beyond,
beyond, AI-driven
AI-driven
leveragingstolen
leveraging stolencredentials
credentialsandandsession
session threats will
threats will challenge
challenge existing
existing defense
defense
cookies,effectively
cookies, effectivelyneutralizing
neutralizingmulti-
multi- mechanisms, forcing
mechanisms, forcing organizations
organizations to to
factorauthentication.
factor authentication.Meanwhile,
Meanwhile,supply
supply rethink their
rethink their approach
approach to
to threat
threat detection
detection
chainbreaches
chain breacheshave haveescalated,
escalated,exploiting
exploiting and response.
and response.
thetrust
the trustorganizations
organizationsplace
placeininthird-party
third-party
vendors and open-source repositories
vendors and open-source repositories This report
This report offers
offers concrete
concrete
therebyintroducing
thereby introducingvulnerabilities
vulnerabilitiesatat recommendations
recommendations rootedrooted in
in frontline
frontline
scale.
scale. audits and incident analysis, outlining
audits and incident analysis, outlining the
the
steps necessary to close control gaps,
steps necessary to close control gaps,
Yet,the
Yet, therising
risingtide
tideofofcyber
cyberthreats
threatsisis strengthen defenses,
strengthen defenses, and
and build
build adaptive
adaptive
not occurring in isolation. As digital strategies against emerging threats. The
not occurring in isolation. As digital strategies against emerging threats. The
ecosystems expand, so too does the findings presented here serve as both a
ecosystems expand, so too does the findings presented here serve as both a
recognition that compliance must evolve reflection of the current landscape and a
recognition that compliance must evolve reflection of the current landscape and a
beyond rigid frameworks. This report guidepost for navigating the uncertainties
beyond rigid frameworks. This report guidepost for navigating the uncertainties
explores how regulatory landscapes of tomorrow.
explores how regulatory landscapes of tomorrow.

8 DIGITAL THREAT REPORT 2024

8 DIGITAL THREAT REPORT 2024
SPECIFICALLY, THE REPORT AIMS TO:

Illuminate Adversaries’ Playbooks Anticipate Future Attacks: Assess the Impact of AI in Breaches:

Offer insights into the methods, tactics, Predict potential future breaches based on Explore how AI and machine learning are
and procedures (TTPs) employed by current trends, dark web chatter, and the being utilized by attackers to develop
threat actors, including how they exploit evolution of attack techniques, enabling sophisticated malware, automate attacks,
vulnerabilities, use AI to enhance their organizations to proactively prepare for create convincing deepfakes, and lower the
attacks, and target organizations through emerging threats. barriers for cybercriminal activities.
novel means.

Recommend Preventive and Highlight Current Trends

Detective Controls: and Select Cases:
Provide actionable recommendations Examine recent breaches, including those
and key controls that organizations can affecting organizations with robust security
implement across the pillars of people, postures, to understand how and why these
process, and technology. These preventive incidents occurred despite strong defenses.
and detective measures are designed to
fortify defenses, mitigate risks, and enhance
overall cybersecurity resilience against both
current and emerging threats.

METHODOLOGY & SOURCES

The report is based on a synthesis of various sources, including:

Direct Observations from SISA’s Observations of CSIRT-Fin, CERT-In: Research and Analysis:
DFIR Investigations:
Drawing on select cases and insights gained Based on a comprehensive analysis of cyber Leveraging research on AI’s impact on
from digital forensics and incident response incidents affecting the BFSI sector, with cybersecurity, including adversarial machine
(DFIR) projects handled by SISA over the actionable recommendations for enhancing learning, deepfake technology, and
past year. cyber maturity, data rotection, backup malicious use of large language models.
strategies, and recovery measures.

Cybersecurity Reports and Data

Pointers:
Incorporating findings from vulnerability
databases, and observed trends in malware
and exploit usage.

9 DIGITAL THREAT REPORT 2024

THREAT LANDSCAPE OVERVIEW
Cyber threats are no longer a distant breaches. Meanwhile, supply chain attacks
concern—they are an immediate and have evolved to exploit interconnectivity,
inescapable reality, particularly for the BFSI breaching even the most fortified systems
industry. In 2024, the sector witnessed with persistent and adaptive tactics.
a surge in the sophistication, scale, and
diversity of cyberattacks, highlighting a As attackers increasingly leverage artificial
rapidly evolving threat landscape. With the intelligence (AI), identity-based attacks have
average cost of a data breach reaching an grown more sophisticated and pervasive.
all-time high of $4.88 million globally1—a AI’s ability to exploit identity vulnerabilities
10% increase from 2023—and $2.18 million and bypass defenses using social
in India2 , the financial stakes have never engineering techniques signals a troubling
been higher. evolution in cyber tactics. Deepfake
technology, for instance, is enabling large-
The BFSI sector ecosystem faces unique scale impersonation scams, including
challenges due to its interconnected executive-level Business Email Compromise
infrastructure and the high-value financial (BEC) attacks and misinformation
data it safeguards. This convergence of campaigns. With India experiencing a higher
high rewards and expanding technological than average rise in deepfake identity
complexity has made the sector a prime fraud8, organizations face unprecedented
target for attacks by cyber malicious actors. challenges in preserving digital trust.
Phishing and compromised credentials are
some of the key forms of cyber-attacks in
India.

For the financial sector in India, H12024

alone saw a 175%3 surge in phishing The average time from
attacks compared to the same period vulnerability disclosure
last year, underscoring the heightened to exploitation has
activity within an increasingly volatile decreased dramatically,
threat landscape. Cloud exploits emerged with some vulnerabilities
as a critical entry point, exposing gaps in being exploited within
complex infrastructures and amplifying hours of public disclosure.
the financial and operational impacts of

By 2025 we expect AI-driven cyber attacks to become one

of the most scalable and adaptable threats, challenging
traditional defenses and requiring innovative countermeasures.

In the sections that follow, this report will trace the details of
these challenges, vulnerabilities, and emerging trends.

Understanding these intricacies is critical to formulating a

defense strategy and mitigating the evolving risks to the
digital payments ecosystem.

10 DIGITAL THREAT REPORT 2024

SHIFT TOWARDS SOCIAL ENGINEERING AND CREDENTIAL THEFT
Social engineering remains one of the most pervasive attack methods in 2024.

Business Email Compromise (BEC)

A notable trend has been the rise of grant access to critical systems like single
social engineering, with Business Email sign-on platforms, virtual private networks
Compromise (BEC) and sophisticated (VPNs), email accounts, and software as
phishing campaigns dominating the threat a service (SaaS) applications. Many SaaS
54% of the Business
landscape. Attackers are increasingly platforms include client-specific information
Email Compromise case
turning to AI-powered tools to mine social in URLs, compounding the risk by exposing
investigated had instances
media, scrape employee data, and craft sensitive data when combined with
of pretexting4.
highly personalized lures that bypass compromised credentials.
traditional security filters. Pretexting, the art Phishing Attacks
of creating false scenarios, plays a central
role in these attacks, deceiving employees Stolen credentials and information stealing
into transferring funds, sharing credentials, malware remain among the most effective
or altering account information under the tactics for attackers to breach organizational Phishing attacks,
guise of legitimate requests. The growing networks. Malicious actors acquire accounting for 25% of initial
accessibility of “deepfake as a service” credentials through phishing, information infection vectors, deceive
platforms further amplify the effectiveness stealing malware, or dark web purchases, individuals into revealing
of these schemes, allowing adversaries to targeting usernames, passwords, and sensitive information by
convincingly impersonate executives and session cookies that bypass multi-factor impersonating trusted
bypass manual verification processes. authentication (MFA). These credentials entities5.

IMPACT OF ARTIFICIAL INTELLIGENCE ON CYBER THREATS

Phishing attacks have become increasingly video to impersonate trusted individuals.
sophisticated with attackers employing These advanced impersonations trick users
advanced social engineering tactics, often into revealing MFA codes or approving
enhanced by artificial intelligence (AI), to The emergence of malicious unauthorized authentication requests.
create highly convincing phishing emails Large Language Models
and messages that are difficult to distinguish (LLMs), such as WormGPT Key Tactics Observed
from legitimate communications. AI’s and FraudGPT, has lowered
accessibility has democratized cyber attacks, the barrier to entry for Diversification of File Formats
enabling even smaller groups to launch sophisticated cyber attacks, Attackers are also diversifying the file
impactful attacks. enabling less skilled actors formats used in phishing campaigns to
to craft convincing phishing evade email security filters. Common tactics
The use of AI-generated content to craft emails, generate malware, include sending malicious attachments in
phishing lures that are free of grammatical and exploit vulnerabilities. archive formats like ZIP and RAR files, which
errors and awkward phrasing, which can conceal harmful content from scanners,
traditionally served as warning signs of The advent of chatbot phishing scams especially when password-protected.
malicious intent. represents a new frontier in phishing Additionally, there is increased use of
techniques. Attackers use AI-powered HTML-based files such as Compiled HTML
These AI-enhanced phishing attempts can chatbots with NLP capabilities to engage Help (CHM) and LNK (shortcut) files, which
mimic the tone, style, and branding of potential victims in seemingly benign are often overlooked by security software
trusted entities with remarkable accuracy, conversations, subtly extracting personal due to their legitimate uses.
making them more persuasive and harder information or login credentials over time.
to detect. This method leverages the interactive nature Abuse of Legitimate Internet Services (LIS)
of chatbots and can be particularly effective Attackers exploit services like GitHub Pages,
Further, generative AI models can produce as users may be less guarded during real- cloud storage platforms, and messaging
personalized content that exploits specific time exchanges. applications such as Discord and Telegram
information about targets, increasing the to lend credibility to their phishing
likelihood of deceiving recipients into Deepfake-enhanced social engineering campaigns and to bypass traditional security
revealing sensitive information or clicking on attacks are on the rise, with attackers defenses that trust these well-known
malicious links. using convincing AI-generated audio and platforms.

11 DIGITAL THREAT REPORT 2024

INCREASE IN SUPPLY CHAIN AND THIRD-PARTY ATTACKS

Supply chain vulnerabilities remained a Key Tactics Observed

prominent attack vector for the digital
payments industry in 2024. By infiltrating Third-Party Exploits
third-party vendors or manipulating widely
used software, attackers achieved large- The MOVEit and GoAnywhere breaches
scale breaches. These attacks leveraged highlighted the risks posed by compromised
trusted relationships to bypass direct managed file transfer services.
defenses, making detection and response
Open-Source Risks
increasingly difficult.

Threat actors exploited vulnerabilities in

In these attacks, the threat actors
open-source libraries and components,
compromise a product development
often targeting Linux environments. For
entity—such as a software vendor or a third-
instance, the XZ Utils data compression
party library provider—to inject malicious
library was compromised, introducing
code into legitimate applications. This
a backdoor that could have allowed
compromised code could be delivered to
unauthorized access to systems using
clients via regular software updates or new
the library. This incident prompted major
releases, allowing attackers to potentially
Linux distributions to revert to previous,
infiltrate multiple organizations without
uncompromised versions to mitigate
direct targeting.
potential risks.

Ransomware Attacks

One prevalent technique is Threat Actor Groups like CL0P launched

exploiting access to code attacks on managed file transfer (MFT)
repositories. Attackers services, including Fortra’s GoAnywhere
inject obfuscated malicious and Progress Software’s MOVEit, impacting
code into the source code thousands of organizations and exposing
of widely used applications sensitive data.
by gaining unauthorized
access to developer
accounts. This malware can
evade detection during
automated and manual
reviews due to advanced
obfuscation techniques.

Another tactic involves publishing malicious

libraries disguised as legitimate ones
on platforms like GitHub or PyPI. These
libraries, promoted to gain developer trust,
are unknowingly integrated into projects,
introducing vulnerabilities or backdoors.

12 DIGITAL THREAT REPORT 2024

EXPLOITING WEAK LINKS: SECURITY
LAPSES AND CLOUD VULNERABILITIES

Organizations with inadequate cloud defenses through social engineering,

configurations or insufficient security manipulating trusted insiders to gain
controls are becoming prime targets for unauthorized access.
cyberattacks. Common vulnerabilities
include poor access controls, lack of multi- In a few incidents outside India, it has
factor authentication (MFA), delayed security been observed that super users have been
patches, and mismanagement of privileged approached with cryptocurrency-based
accounts. tactics, persuading them to modify security
settings, leading to unauthorized access to
Cloud misconfigurations—such as publicly critical environments.
accessible storage buckets or default
credentials—have led to unauthorized
access and massive data exposures. The
shift to remote work and the rapid adoption
Attackers exploit
of cloud services have further widened the
flaws within hours of
attack surface, with many organizations
vulnerability’s disclosure,
failing to recalibrate their security
with the average time
postures to match the speed of digital
to exploitation now just
transformation.
eight days. This leaves
organizations struggling
A significant surge has been observed
to patch in time.
in attackers exploiting vulnerabilities as
a primary method to gain initial access Application Program Interfaces (APIs)
into organizational networks. By targeting have also become a key attack vector.
both known and zero-day vulnerabilities in Weaknesses in API authentication—such as
widely deployed systems and applications, hardcoded API keys, credential reuse across
attackers can bypass traditional defenses. environments, and predictable patterns—
These vulnerabilities often affect internet- are frequently exploited by threat actors.
facing services and can be discovered Attackers leverage these gaps to breach
through public scanning, making them systems, often with devastating results.
attractive for mass exploitation.
Furthermore, MFA, once considered
Recent research highlights a 180% increase6 a cornerstone of modern security, is
in exploits leveraging vulnerabilities increasingly under fire. Attackers bypass
to infiltrate networks, emphasizing the MFA through mechanisms such as
growing reliance on this tactic. Internet- session hijacking, brute-force attacks on
exposed systems, unpatched software, and push notifications, and advanced social
misconfigured services present low-hanging engineering techniques, including the use
fruit for attackers seeking entry points. of deepfake technology to impersonate
trusted individuals. The OTP Bypass via
However, even organizations with strong BOLA (Broken Object Level Authentication)
security frameworks are not immune. is another critical vulnerability which enables
Despite mature security practices, breaches malicious actors to bypass authorization
continue to occur, often exploiting mechanisms, granting them unauthorized
subtle vulnerabilities and human error. access to sensitive data or allowing the
Sophisticated attackers bypass advanced execution of unauthorized actions.

13 DIGITAL THREAT REPORT 2024

 INSIDE THE BREACH
KEY CYBERSECURITY BREACHES
AND ATTACK VECTORS
The evolving cyber threat landscape Recent incidents reveal that no operational
highlights that no single point of defense domain is immune. BFSI entities have faced
is sufficient to protect the intricate and ransomware encrypting their systems,
interconnected systems underpinning modern low-value unauthorized transactions
financial services. As adversaries adapt and slipping past payment processing systems,
exploit weak links across digital payments, and AI-powered BEC scams exploiting
cloud environments, third-party integrations, communication channels. Attackers leverage
and internal processes, BFSI entities must move API weaknesses to breach mobile wallets,
beyond isolated security measures to adopt exploit cloud misconfigurations to access
a system-level approach to cybersecurity. sensitive customer data, and manipulate
dormant accounts internally to siphon funds
Cyberattacks are no longer confined to undetected.
external breaches or malware infections;
they now infiltrate the entire BFSI value To address these challenges, a structured
chain—from core financial application platforms and segmented approach for attack vectors
and payment gateways to cloud infrastructure has been adopted to understand the threat
and customer-facing applications. Supply actors’ tactics. This approach is outlined
chain attacks, identity theft, and phishing through eight use cases, each reflecting a
campaigns are not standalone threats but unique attack scenario targeting a distinct
interwoven tactics that target vulnerabilities across operational segment of BFSI infrastructure.
multiple layers of financial services operations. These cases provide a comprehensive,
Zero-day vulnerabilities, API exploitation, system-level view of vulnerabilities
and social engineering persist as recurring exploited, attack methods, audit findings
attack vectors, often bypassing traditional and proposed mitigation strategies,
security postures by exploiting human error, illustrating how attackers move fluidly
misconfigurations, or third-party software between domains to maximize impact.
dependencies.

14 DIGITAL THREAT REPORT 2024

STRUCTURED AND SEGMENTED APPROACH FOR
ATTACK VECTORS ACROSS THE BFSI OPERATIONS

Core Banking Payment Processing Digital Financial

Systems Systems Services Apps

Ransomware & Data Encryption API Exploitation App Vulnerabilities

Disruption of core banking Weakness in wallet APIs allows Exploiting mobile app
operations by encrypting unauthorized payments. vulnerabilities (XSS, SQL injection)
databases. to compromise accounts.
MITM (Man-in-the-Middle)
Insider Fraud Attacks Credential Theft
Unauthorized manipulation of Transaction data is altered during Phishing and Al-powered scams
dormant accounts and transaction processing. to steal user login information.
records.
Session Hijacking
Supply Chain Attacks Attackers bypass MFA by
Malicious code injected via third- hijacking active sessions.
party core banking software
providers.

Cloud & Infra Vendor & Partner IoT & Connected

Management Integration Systems Device Security

Cloud Misconfigurations Supply Chain Attacks Hardware Vulnerabilities

Public exposure of cloud storage Injecting malicious code into Fault injection techniques
and weak IAM settings. third-party banking software. bypassed security on a Trezor
hardware wallet, unlocking $2
Privilege Escalation Third-Party Breaches million in cryptocurrency.
Gaining admin rights through API Compromising vendor systems to
vulnerabilities. gain access to bank networks.

Cross-Site Scripting (XSS)

Exploiting web applications
hosted in the cloud.

15 DIGITAL THREAT REPORT 2024

CASE 1:
THE REWARD HEIST: EXPLOITING SYSTEM
VULNERABILITIES FOR FINANCIAL FRAUD

STRUCTURED AND SEGMENTED APPROACH FOR ATTACK VECTORS ACROSS THE BFSI OPERATIONS

Core Banking Systems Payment Processing Systems

Digital Financial Services Apps Cloud & Infra Management

Vendor & Partner Integration Systems IoT & Connected Device Security

This case (outside India) is of a multi-stage mobile wallets to bank accounts. Using a Top 5 Mitigation Steps
cyberattack targeting a reward points replay attack methodology, they replicated
system, exploiting server vulnerabilities, and genuine bank transfer requests from physical 1. Multi-Factor Authentication (MFA):
leveraging weaknesses in API transactions branches, mimicking API calls with identical Enable MFA for VPNs, webmail, and
for financial fraud. request identities to bypass security checks accounts accessing critical systems.
and execute unauthorized transfers.
Attackers breached a Linux web server, 2. Network Segmentation: Segment
The attackers’ ultimate objective—to inflate and segregate networks into security
exploiting vulnerabilities to deploy malware
reward points, credit unauthorized amounts zones, separating administrative
and secure remote access for themselves.
to wallets, and transfer funds to external networks from business processes
After gaining initial access, the attackers using physical controls and virtual local
moved laterally within the system by accounts—was successfully achieved.
area networks (VLANs).
exploiting hardcoded database credentials
to access sensitive information. This 3. Application Whitelisting: Enforce
oversight in database security provided the whitelisting on endpoints to block
unauthorized software execution.
attackers unrestricted access, allowing them This case underscores
to manipulate critical data. significant vulnerabilities, 4. Log Monitoring and Retention: Audit
such as the use of and monitor logs to detect unusual
Attackers targeted the reward points hardcoded database patterns or behaviors in events and
system, inflating the value of 250 points credentials, the lack of incidents. Redesign log retention
from $50 to $50,000. They updated only validation in the reward policies to store logs for at least 180
days to ensure availability for incident
specific wallets with these manipulated points system, and the
investigations.
points, eventually making them universally absence of mechanisms
accessible for redemption and monetization, to detect replay attacks. 5. Regular Updates and Virtual
thus enabling widespread exploitation. It also highlights the Patching: Ensure all operating systems
importance of robust and applications are updated regularly.
Attackers were able to deceive the system vulnerability management, Use virtual patching to protect legacy
systems and networks.
by crediting manipulated reward points to secure transaction
users’ mobile wallets. This credit served workflows, and
as a stepping stone for the next phase of continuous monitoring to
the attack which was to transfer funds from prevent such exploitation.

16 DIGITAL THREAT REPORT 2024

CASE 2:
THE SILENT HEIST : LOW-VOLUME FRAUD
TARGETING SMALL ENTITIES IN BFSI SECTOR

STRUCTURED AND SEGMENTED APPROACH FOR ATTACK VECTORS ACROSS THE BFSI OPERATIONS

Core Banking Systems Payment Processing Systems

Digital Financial Services Apps Cloud & Infra Management

Vendor & Partner Integration Systems IoT & Connected Device Security

CSIRT-Fin/CERT-In has been watchful The attackers aimed to bypass security Top 5 Mitigation Strategies
and has proactively taken measures and checks and exploit gaps in the information
thwarted cyber-attacks which could have infrastructure of these small entities. Key 1. Multi-Factor Authentication (MFA):
caused damage in the BFSI sector. protective measures include enforcing Multi- Enforce MFA for accessing critical
Factor Authentication (MFA), segmenting systems.
But for the timely intervention and networks into secure zones, implementing
preventive measures, any lapses would have application whitelisting, using virtual 2. Network Segmentation: Segment
and segregate networks into security
resulted in financial and reputational risk for patching for legacy systems, and deploying
zones to protect sensitive information
the sector. robust web and email filters with antivirus
and services.
scanning at both host and gateway levels.
Small entities in the BFSI sector must take 3. Application Whitelisting: Enforce
proactive steps to secure their information whitelisting on endpoints to prevent
system infrastructure against cyber-attacks. unauthorized software execution.

4. Virtual Patching: Use virtual patching

to safeguard legacy systems and
networks.

5. Deploy Filters: Implement web and

email filters to block known malicious
domains, sources, and addresses. Scan
all emails, attachments, and downloads
with a reputable antivirus solution at
both host and gateway levels.

17 DIGITAL THREAT REPORT 2024

CASE 3:
THE SILENT INFILTRATION: RANSOMWARE
THROUGH THE CORE BANKING SUPPLY CHAIN

STRUCTURED AND SEGMENTED APPROACH FOR ATTACK VECTORS ACROSS THE BFSI OPERATIONS

Core Banking Systems Payment Processing Systems

Digital Financial Services Apps Cloud & Infra Management

Vendor & Partner Integration Systems IoT & Connected Device Security

A third-party service provider in the BFSI Once inside, the attacker deleted critical Top 5 Mitigation Strategies
sector was impacted by a cyber attack. database backups and deployed a custom
ransomware variant called ‘cryptor’, 1. Multi-Factor Authentication (MFA):
The attacker, a member of the notorious encrypting critical files. The ransom note Enable MFA for VPNs, webmail, and
RansomEXX ransomware group, gained left behind was more than just a demand— accounts accessing critical systems.
access through vulnerabilities in the it was a threat of double extortion, warning
provider’s infrastructure, slipping past that sensitive client data would be leaked if 2. Regular Updates: Ensure all operating
systems and applications are updated
defenses undetected. the ransom wasn’t paid. (Double extortion
regularly. Use virtual patching to
– (1) demand for ransom, (2) leaking client
protect legacy systems and networks.
data)
3. Data Protection: Enforce data
This wasn’t a direct assault The compromised entity suffered protection, backup, and recovery
on the BFSI entity—but reputational damage, operational measures. Encrypt data at rest to
safeguard against breaches and
rather an exploitation disruption, and an increased risk of
exfiltration.
of the supply chain that customer churn.
underpinned the entity’s 4. Advanced Security Systems: Deploy
core services. intrusion detection & prevention
systems, network detection and
response system, extended detection
and response system, network
behaviour and anomaly detection
system, and firewalls as appropriate
for enhanced threat detection and
prevention.

5. Network Segmentation: Implement

network segmentation into security
zones. Separate administrative
networks from business processes
using physical controls and VLANs.

18 DIGITAL THREAT REPORT 2024

CASE 4:
THE WALLET EXPLOIT: BREACHING PAYMENT
SYSTEMS THROUGH VULNERABLE WALLET FLOWS

STRUCTURED AND SEGMENTED APPROACH FOR ATTACK VECTORS ACROSS THE BFSI OPERATIONS

Core Banking Systems Payment Processing Systems

Digital Financial Services Apps Cloud & Infra Management

Vendor & Partner Integration Systems IoT & Connected Device Security

In a carefully orchestrated attack on a external merchants. The loophole created a Top 5 Mitigation Strategies
payment service entity, the threat actors perfect storm—transactions appeared valid
exploited a vulnerability in the wallet flow on the merchant’s side while leaving the 1. Confidentiality: Restrict access to API
of the payment service entity, targeting actual wallet balances untouched. documentation, including Postman
the integration between the payment collections, ensuring it is accessible
service provider and merchants, to carry out The payment service provider faced financial only to authorized personnel.
multiple unauthorized transactions. losses. Subsequently this vulnerability has
2. Strong Authentication: Use robust
been fixed.
mechanisms like API keys, OAuth,
By leveraging this exploit, the attackers
or JSON web token (JWT) with
seamlessly placed orders through third- secure token management practices,
party applications, exploiting the direct link appropriate expiration times, and
between the payment service provider and granular access control based on user
roles and permissions.

3. Multi-Factor Authentication (MFA):

Enable multi-factor authentication of
users particularly for accounts that
access critical systems.

4. Secure Storage: Encrypt and secure

API keys, credentials, and sensitive
data with access controls.

5. Cross-Origin Resource Sharing

(CORS) Configuration: Properly
configure CORS to restrict API access
to specific domains, preventing
unauthorized cross-origin requests.

19 DIGITAL THREAT REPORT 2024

CASE 5:
THE CASHBACK MANIPULATION: EXPLOITING PAYMENT
SYSTEMS THROUGH TRANSACTION INTERCEPTION

STRUCTURED AND SEGMENTED APPROACH FOR ATTACK VECTORS ACROSS THE BFSI OPERATIONS

Core Banking Systems Payment Processing Systems

Digital Financial Services Apps Cloud & Infra Management

Vendor & Partner Integration Systems IoT & Connected Device Security

A digital payments and financial services Top 5 Mitigation Strategies

company fell victim to a sophisticated man-
in-the-middle (MITM) attack that exploited
The lack of real-time 1. API Security: Secure APIs used
the intricacies of an instant cashback between the merchant’s website,
validation or API integrity
promotion tied to EMI purchases on an payment aggregator, payment
checks facilitated the
e-commerce platform. gateway, and acquirer with strong
attack’s longevity, authentication, encryption, and access
resulting in unauthorized controls.
By intercepting and altering transaction
cashback claims.
details midstream, the attacker
2. Server-to-Server Validation: Use
systematically inflated cashback values, server-to-server validation techniques
bypassing essential verification steps. This This breach not only inflicted direct
instead of browser redirection or
allowed the perpetrator to successfully claim financial losses but also exposed systemic callbacks for enhanced security.
cashback rewards. vulnerabilities in the payment service entity’s
API security and transaction validation 3. Hash Sensitive Details: Include
mechanisms. sensitive payment details like card
numbers, transaction amounts, and
statuses in the hash or checksum
transmitted with transaction data.

4. Real-Time Monitoring: Implement

monitoring and anomaly detection
systems to identify unusual patterns or
potential security incidents in real time.
Set up alerts for security threats.

5. Encrypt Payment Data: Protect stored

payment data with strong encryption
algorithms to prevent unauthorized
access.

20 DIGITAL THREAT REPORT 2024

CASE 6:
THE WEBSHELL BREACH - EXPLOITING XSS
TO INFILTRATE CLOUD INFRASTRUCTURE

STRUCTURED AND SEGMENTED APPROACH FOR ATTACK VECTORS ACROSS THE BFSI OPERATIONS

Core Banking Systems Payment Processing Systems

Digital Financial Services Apps Cloud & Infra Management

Vendor & Partner Integration Systems IoT & Connected Device Security

A fintech company specializing in tax on the company’s Amazon Web Services Top 5 Mitigation Strategies
related services became the target of a (AWS) infrastructure. By leveraging these
sophisticated cyberattack that exposed webshells, the attacker gained unauthorized 1. Multi-Factor Authentication: Enable
critical weaknesses in its cloud infrastructure. access to the company’s Simple Storage multi-factor authentication of users
The breach began with the exploitation of Service platform (S3 bucket), where sensitive particularly for cloud, virtual private
cross-site scripting (XSS) in a commonly client data was stored. networks, webmail, and accounts that
used rich text editor embedded in the access critical systems.
company’s web applications. This unauthorized access led to a severe
2. Cloud Instance Security: Check public
data breach, operational disruption, and
accessibility of all cloud instances in
The attacker used the XSS vulnerability financial losses. Client trust eroded as use. Make sure that no server/bucket
to inject malicious scripts, establishing a sensitive financial records and business is inadvertently leaking data due to
foothold within the company’s environment. data were compromised, highlighting inappropriate configurations.
From there, the threat actor escalated the cascading impact of inadequate web
access, deploying webshells (enables a application security combined with cloud 3. Access Token Security: Ensure proper
security of AWS/Azure/GCP access
threat actor to remotely access the web misconfigurations.
tokens. The tokens should not be
server) to execute commands directly exposed publicly in website source
code, any configuration files, etc.

4. Data Protection and Encryption:

Enforce data protection, backup, and
recovery measures. Encryption of the
data at rest should be implemented
to prevent the attacker from accessing
the unencrypted data in cases of data
breaches/exfiltration.

5. Least Privilege Access Control:

Implement least privilege principle for
access control with granular permission
to cloud resources.

21 DIGITAL THREAT REPORT 2024

CASE 7:
THE INSIDER THREAT: MANIPULATING DORMANT
ACCOUNTS FOR FINANCIAL GAIN

STRUCTURED AND SEGMENTED APPROACH FOR ATTACK VECTORS ACROSS THE BFSI OPERATIONS

Core Banking Systems Payment Processing Systems

Digital Financial Services Apps Cloud & Infra Management

Vendor & Partner Integration Systems IoT & Connected Device Security

An insider threat case (outside India) reveals Post receiving the prepaid cards, the Top 5 Mitigation Strategies
how an employee abused administrative perpetrator manipulated the database to
privileges to manipulate dormant accounts inflate account balances, loading the cards 1. Least Privilege Principle: Apply the
and withdraw funds undetected. With with substantial funds. The withdrawal of the principle of least privilege across all
access to critical systems, the insider threat money was via ATMs, concealing the modus system levels to minimize risk. Limit
actor orchestrated financial pilferage over a operandi by deleting transaction data and administrative access to critical systems
period of two years. restoring balances to erase all traces. and enforce strict role-based access
controls (RBAC).

The insider exploited dormant accounts in To maintain persistence, the perpetrator

2. Log Retention and Monitoring:
the system, using administrative access to created misleading root cause analysis Redesign log retention policies to store
request for prepaid cards linked to these (RCAs) for unauthorized transactions. The logs for at least 180 days. Continuously
accounts. By altering address details, investigations were misdirected ensuring audit and monitor logs to detect
the insider redirected the cards to itself, the cover up continued undetected for two unusual patterns or unauthorized
bypassing original account holders. years. access to dormant accounts.

3. Multi-Factor Authentication (MFA):

Enforce MFA for accessing critical
systems. Mandate MFA for remote
access to prevent unauthorized
administrative actions.

4. Regular Security Audits: Conduct

regular security audits of internal
systems and databases through CERT-
IN empaneled auditors. Regularly
review and reconcile dormant accounts
to detect and prevent unauthorized
manipulation.

5. Application Whitelisting and

Network Segmentation: Enforce
application whitelisting on endpoints
to block unauthorized software
execution. Segment networks to
restrict administrative access to
specific zones, ensuring that sensitive
systems are isolated from broader
environments.

22 DIGITAL THREAT REPORT 2024

 SECURING THE EXPANDING IoT FRONTIER IN BFSI:
A GROWING IMPERATIVE

The Internet of Things (IoT) is transforming opening through smart speakers and
the way businesses operate, particularly mobile devices. These advancements not
in industries driven by digital innovation only enrich customer experiences but also
such as Banking, Financial Services, and provide valuable insights into consumer
Insurance (BFSI). IoT has embedded behavior.
itself into daily workflows, revolutionizing
customer experiences and streamlining However, in the BFSI sector, IoT applications
operations. From connected ATMs to extend beyond front-end customer
wearable payment devices, the integration interactions. Check scanners, touch-
of IoT in financial services has redefined enabled kiosks, branch digital signage, and
engagement, data collection, and service bluetooth beacons silently operate behind
delivery. the scenes, enhancing user engagement
and operational efficiency. On-premise
The number of Internet of Things (IoT) ATMs interface with connected devices,
devices worldwide is forecast to reach 32.1 amplifying potential vulnerabilities.
billion IoT devices in 2030, significantly
broadening the attack surface. As IoT A key challenge in securing IoT in financial
adoption accelerates, financial institutions services is visibility and control—knowing
are increasingly relying on these devices where devices are deployed and how they
to optimize processes and enhance operate. Forrester’s research highlights
customer interactions. However, with this that 36% of financial leaders prioritize IoT-
exponential growth comes an alarming rise driven operational efficiency. Yet, many
in security vulnerabilities. Nearly 99% of IoT IoT deployments in banking, trade finance,
exploitation attempts leverage previously and supply chain management often lack
known vulnerabilities (CVEs), exposing adequate oversight. This lack of visibility
critical gaps in security infrastructure. leaves financial ecosystems exposed to
potential breaches and cyberattacks.
Financial institutions are increasingly
leveraging IoT for personalized services. The consequences of IoT vulnerabilities
Banks utilize IoT to identify and greet are significant. Forrester’s findings reveal
customers as they enter branches, enhance that 34% of enterprises impacted by IoT
credit risk assessments through real- breaches experienced losses ranging from
time data, and deliver targeted product $5 million to $10 million—substantially
recommendations via wearables. IoT- higher than attacks on traditional IT
powered devices also facilitate on-the-go infrastructure.
transactions and enable remote account

The last case is an in-depth analysis that explores IoT vulnerabilities and attacks,
providing valuable insights into how these risks translate to the BFSI sector. By
examining real-world incidents—from breaches through connected fish tanks and
medical devices to compromised home security cameras and cryptocurrency wallets—
this analysis underscores the critical need for enhanced IoT security measures.

23 DIGITAL THREAT REPORT 2024

CASE 8:
TURNING A $2 MILLION HACK INTO
A HARDWARE-HACKING MILESTONE

STRUCTURED AND SEGMENTED APPROACH FOR ATTACK VECTORS ACROSS THE BFSI OPERATIONS

Core Banking Systems Payment Processing Systems

Digital Financial Services Apps Cloud & Infra Mgmt

Vendor & Partner Integration Systems IoT & Connected Device Security

Hardware hacker Joe Grand successfully out” during the boot process, Grand tuning of signal widths, wire lengths,
unlocked a Trezor wallet (outside India) disrupted the firmware’s security check, and trigger points proved essential in
containing US$2 million in cryptocurrency by forcing the Trezor to copy the unencrypted hitting the microcontroller at exactly the
exploiting hardware vulnerabilities through seed and PIN into RAM—allowing him to right moment. After hours of meticulous
fault injection7. extract them without triggering the system’s attempts, Grand successfully retrieved the
safeguards. funds, demonstrating how microcontroller
Faced with strict PIN limits and irreversible weaknesses in embedded devices can be
data erasure, Grand used voltage glitching The attack required precise manipulation— exploited if not rigorously secured against
to disrupt the wallet’s boot process, removing capacitors, fine-tuning glitch fault attacks.
bypassing the Readout Protection (RDP) parameters, and avoiding crashes
mechanism. By precisely inducing a “brown- that could erase critical data. Careful

Mitigations Steps to Prevent Hardware Wallet Hacks

Strengthen Hardware and Physical Protection (RDP) levels and securely consumption, electromagnetic leaks,
Security locking or disabling debug interfaces or timing information. Implementing
in production environments is crucial to protections against side channel attacks
Ensuring the physical security of thwart such attacks. Debug interfaces are and continuously evaluating device
hardware wallets is paramount to prevent often exploited to access sensitive data or security through SCA simulations is critical.
unauthorized access and tampering. manipulate firmware, so securing them from Encrypting sensitive data stored in RAM
Implementing tamper detection systems the outset ensures a more resilient device. and employing secure communication
that trigger automatic data wipes if protocols during data exchanges adds
tampering is detected can significantly Ensure Secure Boot and Trusted further resilience against potential memory
reduce risks. Additionally, employing Firmware extraction attacks. This layered approach
tamper-evident and tamper-resistant minimizes the risk of data leakage even if
packaging serves as a deterrent against The boot process represents a critical attack parts of the device are compromised.
physical breaches. By isolating critical surface, making it essential to secure boot
components and restricting physical access processes with verified bootloaders. Utilizing Continuous Monitoring and Security
to sensitive areas, attackers are further a Hardware Root of Trust (HRoT) ensures Audits
hindered from exploiting vulnerabilities. that only authorized and verified firmware is
Secure microcontrollers with built-in loaded during the boot process, preventing Regularly updating and patching firmware
protections provide another layer of malicious code injections. Encrypting ensures that vulnerabilities are addressed
defense, making unauthorized physical sensitive data in RAM and minimizing promptly, reducing exposure to newly
access extremely challenging. exposure during the boot sequence further discovered threats. Comprehensive
reduces the attack surface. By ensuring hardware security audits help identify
Enhance Fault Injection and Debugging that each layer of the boot process is weaknesses in the device’s design and
Protections authenticated, potential attackers are implementation, allowing for pre-emptive
unable to manipulate firmware or introduce mitigations. Additionally, employing secure
One of the most effective ways to prevent vulnerabilities at the boot / startup time. communication protocols during data
hardware hacks is by implementing robust exchanges ensures that sensitive information
fault injection countermeasures. Fault Mitigate Side Channel and Memory- remains encrypted in transit. By establishing
injection attacks exploit vulnerabilities by Based Attacks a cycle of continuous improvement through
disrupting normal hardware operations, audits, patches, and updates, hardware
allowing attackers to bypass security Side channel attacks (SCA) can extract wallets remain resilient against evolving
mechanisms. Strengthening Readout sensitive information by analyzing power attack techniques.

24 DIGITAL THREAT REPORT 2024

REGULATORY FOCUS:
REGULATORY FOCUS:
A SPECIAL
A SPECIAL FEATURE
FEATURE

25 DIGITAL THREAT REPORT 2024

25 DIGITAL THREAT REPORT 2024
2025 AND BEYOND: NAVIGATING EVOLVING
REGULATIONS IN THE DIGITAL PAYMENTS LANDSCAPE

As we move into 2025, the digital payments variations often result in inefficiencies, The integration of compliance and
and BFSI industries stand at the cusp of a especially in cross-border payment innovation is not merely a response to
transformative shift driven by regulatory solutions, which are crucial to the financial external pressures but a fundamental shift
changes and the accelerating digitization of industry’s global operations. in how organizations view their roles in the
financial services. digital ecosystem. The expected growth
Despite these hurdles, the narrative is of cyber attacks underscores the critical
In this shifting landscape, compliance is beginning to shift toward regulatory need for resilience and adaptability. In this
no longer merely a matter of adhering to harmonization. context, compliance is no longer seen as
checklists but has emerged as a strategic a cost center but as a cornerstone of trust
imperative that will shape the industry’s and a catalyst for growth. It has become an
future. This transformation is not without essential component of an organization’s
its challenges, but it also opens a gateway The push for unified ability to build credibility and foster long-
to significant opportunities for growth and global standards is gaining term customer loyalty.
resilience. momentum, offering a
way to bridge regional As the BFSI industry moves forward,
The rapid pace of regulatory evolution gaps and create cohesive the conversation around compliance is
has created a complex environment for frameworks that simplify evolving. What was once perceived as
financial institutions. Mandates such as compliance and improve a reactive, burdensome process is now
CERT-IN directives for reporting cyber operational efficiency. recognized as a strategic driver of resilience
incidents within 6 hours of noticing such and innovation. The ability to navigate a
incidents or being brought to notice about harmonized compliance framework will not
such incidents, RBI Master Direction in This movement toward regulatory alignment only help organizations manage the growing
Digital Payment Security Controls(DPSC) is not just a means of reducing friction but complexity of regulatory requirements
and Master Direction in Outsourcing of hold the promise of making compliance an but also position them to thrive in an
Information technology services; RBI enabler of growth for the financial sector interconnected, data-driven global
Cyber Security Framework in Banks globally. economy. The next decade will redefine
(CSF); SEBI’s Cybersecurity and Cyber the role of compliance, transforming it into
Resilience Framework (CSCRF), Digital The dual demands of regulatory compliance a force that propels the industry toward
Personal Data Protection (DPDP) Act, and technological innovation present a greater trust, innovation, and sustainable
2023, PCI DSS 4.0, European General Data delicate balancing act for digital payment growth.
Protection Regulation (GDPR),the California organizations. The need to stay ahead in
Consumer Privacy Act (CCPA) have set new areas such as real-time payments, fraud
benchmarks for accountability and data detection, and predictive financial services
protection. These frameworks underscore requires a forward-looking approach RBI, IRDA and SEBI are
the urgent need for organizations to to compliance. Emerging techniques proactively supporting the
anticipate and adapt to emerging risks, like data anonymization and synthetic BFSI sector from a policy
especially as the digital payments sector, data generation are paving the way for and direction perspective,
with its vast repository of sensitive financial innovation without compromising privacy CERT-In and CSIRT-Fin are
data, becomes an increasingly attractive or security. Additionally, embedding helping from a strategic,
target for cyber perpetrators. However, compliance into the design phase of new tactical and operational
the fragmented nature of compliance technologies is proving to be a game- perspective. Thus, all
frameworks across jurisdictions adds changing strategy, enabling organizations to these entities are working
another layer of complexity, particularly for future-proof their innovations and mitigate cohesively to ensure trust
businesses operating across borders. Local risks proactively. and resilience in the BFSI
laws, cultural nuances, and jurisdictional sector for all stakeholders.

26 DIGITAL THREAT REPORT 2024

SUGGESTIONS TO
POLICY MAKERS

Cybersecurity should be a techno- Empower CISOs through direct

commercial business decision and reporting to the CEO/CRO instead of
not just decided only on commercials CTO or CIO

Cybersecurity investments must be driven Granting Chief Information Security Officers

by a balance of technical requirements and (CISOs) direct access to top leadership
commercial viability. Prioritizing security as a enables better alignment of cybersecurity
strategic enabler ensures resilience, robust strategies with business goals, ensuring
protection against threats, safeguarding accountability and a stronger focus on
business continuity and customer trust. organizational risk management.

Digital Payment Security to have Create more Certified Digital Payment

common standards for all Digital Security Specialists in the ecosystem
Payment Form Factors

Harmonizing security standards across all Addressing the talent gap requires fostering
digital payment methods—not just cards— a skilled workforce through certification
ensures a consistent and comprehensive programs focused on payment security.
security framework that addresses emerging This will enable enterprises to design secure
risks in alternative payment systems like payment applications and implement robust
wallets, UPI, and QR codes. security standards effectively.

Clear Preparation Roadmap for Post- Building a Responsible AI Framework

Quantum Cryptography for BFSI

Policymakers must prioritize developing a To ensure the responsible deployment of

strategic roadmap to transition to quantum- AI and ML in the banking and financial
resistant cryptography, ensuring businesses services industry, policymakers must
are prepared for future threats posed by implement clear, comprehensive regulations
quantum computing advancements. that balance innovation with consumer
protection and system stability. Providing
the industry with clear guidelines around
critical aspects such as data privacy, ethical
AI use, and algorithmic transparency
will encourage responsible AI adoption,
supporting growth while safeguarding
the integrity of the financial sector and
protecting consumer interests.

27 DIGITAL THREAT REPORT 2024

 INSIGHTS ACROSS
INSIGHTS ACROSS LAYERS
LAYERS
OF DEFENSE
OF DEFENSE SEEN
SEEN IN
IN BFSI
BFSI
SECTOR
SECTOR
28 DIGITAL THREAT REPORT 2024
28 DIGITAL THREAT REPORT 2024
Now that we’ve explored advanced threats on cybersecurity, it also underscores a with robust defenses face significant risks,
and exploitation techniques, let’s examine concerning trend: the more we spend, the emphasizing the need for continuous
the compliance levels based on sampled more sophisticated and widespread attacks vigilance, proactive measures, and
entities in the BFSI sector. become. This paradox isn’t merely about alignment between compliance and security.
advanced threat actors; it’s also about Achieving resilience requires continuous
Cybersecurity today mirrors Einstein’s notion foundational cracks in how organizations threat visibility, proactive defense strategies,
of insanity—relying on the same strategies approach cybersecurity. continuous training & awareness of the work
and expecting different outcomes. force, robust processes and a security-first
Despite increasing investments in security For instance, the average organization mindset that uses compliance frameworks as
technologies, breaches remain frequent. deploys an astonishing 64-76 cybersecurity a foundation.
tools8, yet breaches do occur. Why?
Consider this: Gartner projects worldwide Because the solution isn’t simply about In the next section, we decode the domains
end-user spending on information security spending more money or adding more where further improvements are needed.
to reach US$212 billion by 2025, marking tools. Resilience cannot be achieved
a 15.1% increase from 2024. While this through isolated efforts. Both organizations
reflects the growing importance placed with weak security postures and those

% COMPLIANT IN % COMPLIANT
HEADING CONTROL
INDIA GLOBAL
Hardening and configuration documentation
System Hardening and Configuration
aligned with Center for Internet Security (CIS)
Management
standards

System Hardening and Configuration Configuration standard and baseline document

Management maintenance

Encryption of cardholder data and masking of

Data Protection and Encryption
sensitive information

Use of tokenization or TDE (Transparent Data

Data Protection and Encryption
Encryption) for sensitive data

User access lists for Cardholder Data

Access Control and User Management Environment (CDE) and privileged access
controls

Timely application of patches and adherence to

Patch and Vulnerability Management
vulnerability management procedures

IDS/IPS configurations to detect and prevent

Intrusion Detection and Prevention
unauthorized access

Network segmentation to isolate CDE and

Network Security and Segmentation
prevent lateral movement

Multi-factor authentication (MFA) and password

Authentication and Password Management
configuration policies

Centralized logging and monitoring of failed

Log Monitoring and Event Management
logins and access attempts

Defined incident response procedures and

Incident Response and Contingency Planning
contingency planning

Regular internal and external vulnerability scans

Regular Testing and Vulnerability Scanning
and penetration testing

Manageable Needs Improvement Major Concern

29 DIGITAL THREAT REPORT 2024

METHODOLOGY FOR DETERMINING COMPLIANCE PERCENTAGES
(FOR INDIA & GLOBAL)

Assessment Scope Data Sources Standards Covered

SISA assessed approximately 1,550 clients The analysis is based on technical gap The gap assessments included PCI DSS, PCI
globally between November 2022 and reports generated from assessments PIN, P2PE, PCI SAQ, and local governance
November 2024 to derive the observed conducted by SISA’s Qualified Security standards and regulations.
control gap compliance percentages. Assessors (QSAs).

India-Specific Calculation Global Calculation

Out of 850 clients assessed in India, A similar methodology was applied to 700
765 were compliant while frequently clients assessed outside India to determine
encountering observed control gaps. global compliance percentages.

EVALUATING SECURITY MATURITY: TECHNICAL TRENDS

AND GAPS IN THE BFSI SECTOR

The security posture of financial institutions audited/reviewed across various domains

demonstrates a mixed level of compliance and maturity in critical security areas.
Here’s a breakdown of key trends and gaps observed across different security layers
in the BFSI sector:

Perimeter Security/Network Security

Firewall: Most institutions have Conformance (DMARC), and Sender Policy Content Filtering / Proxy: This area
implemented basic firewall configurations, Framework (SPF) configurations. However, lacks dedicated solutions and consistent
however, clients allow all traffic through geo-location-based blocking and periodic rule reviews. Absence of content control
open policy configurations, lacking granular rule reviews are often missing, which increases exposure to unfiltered, potentially
control. Additionally, insufficient impact weakens phishing and spam defences. malicious traffic.
analysis in change management processes
leads to critical changes not being tracked, Virtual Network / Network Segregation: Web Application Firewall (WAF): WAF
increasing the risk of unauthorized access. Many institutions have implemented implementation is inconsistent. Many
network segmentation but often lack proper applications are not covered, and URI paths
DDoS Mitigation: DDoS protection is testing and validation of these segmentation are not adequately tested or blocked. High
largely limited to internet service provider controls. Overly broad access control and medium threat signatures are often
(ISP)-level solutions, and dedicated mechanisms are frequently observed, which set only to detect, leaving gaps in active
enterprise-grade DDoS mitigation is often undermines the intended security benefits defences.
missing. This leaves institutions vulnerable of segmentation.
to volumetric and application-layer attacks.
Application Security Secure Configuration
Content Filtering / Proxy: Similar to
application security, network-level content IPS/IDS: There is a fair presence of Intrusion Webserver & Database: Lack of application
filtering shows a lack of dedicated solutions Prevention and Detection systems. However, hardening and limited security standards
and regular reviews, which are essential for medium and low severity signatures often in application design, coupled with
filtering malicious or unwanted traffic. remain unblocked, and many organizations inadequate coordination between security
lack internal IPS, posing risks to application and application teams, results in a larger
Email Gateway: Email gateways security. attack surface and greater exposure to
primarily use standard Domain-based vulnerabilities.
Message Authentication, Reporting, and

30 DIGITAL THREAT REPORT 2024

Cloud Security IAM (Identity and Access Data Protection and Encryption
Management) Security
General Cloud Security: Cloud Encryption of data and masking
environments show significant gaps. Identity Security: Identity security remains sensitive information – Sensitive and
Subscriptions often lack hardening per CIS a crucial gap. MFA is not universally confidential data is not stored in encrypted
or global standards, with MFA and logging enforced on VPN profiles, and conditional form or masked leading to a breach
not enabled by default. Local accounts, access policies are missing in a majority of of confidentiality of stored data. Non-
sometimes exposed to the internet, increase environments, which increases susceptibility compliance to this control may lead to
risk of unauthorized access. to unauthorized access. malicious entity to derive the sensitive data.

Cloud Environment Specifics (AWS, Azure, User Access review: If excessive user
GCP): Common gaps include missing audit rights are not revoked or accounts for all VAPT (Vulnerability Assessment and
logging for PaaS, insufficient hardening, and terminated users have not been removed Penetration Testing)
absent MFA. These vulnerabilities reflect a in due time, they may be used by malicious
need for stronger cloud access control and users for unauthorized access. Internal/External vulnerabilities and
monitoring. Penetration testing – Periodic vulnerability
management and penetrations testing are
Endpoint Security not regularly followed by many financial
Monitoring & Response institutions. Attackers routinely look for
Endpoint Detection and Response (EDR): unpatched or vulnerable externally facing
Security Logging: Critical logs such as Most large financial institutions have servers, which can be leveraged to launch a
DNS, proxy, MFA, and O365 (email logs) implemented EDR solutions, providing directed attack. Because external networks
are not integrated by many organizations. advanced detection and response are at greater risk of compromise, external
This lack of integration limits visibility and capabilities. However, some mid-sized and vulnerability scanning must be performed
hampers the ability to detect potential smaller clients are still relying primarily periodically.
threats effectively. Additionally, API- on traditional antivirus (AV) solutions with
based integrations for SAAS services limited EDR functionality. This limits the
are sometimes constrained by licensing scope of endpoint threat containment
limitations, further impacting comprehensive and makes them more vulnerable to
threat monitoring. sophisticated attacks that require proactive
threat hunting and automated response.
SIEM Integration: SIEM integration lacks
comprehensive data feeds, such as DNS and
MFA logs, essential for threat correlation.
This hinders timely detection and response
capabilities, particularly for SAAS and cloud
environments.

31 DIGITAL THREAT REPORT 2024

GAZING THROUGH
GAZING THROUGH THE
THE
CRYSTAL BALL
CRYSTAL BALL FOR
FOR 2025
2025

32 DIGITAL THREAT REPORT 2024

32 DIGITAL THREAT REPORT 2024
GAZING THROUGH THE CRYSTAL BALL FOR 2025

This report
Before draws
we dive intoon the collective
recommendations artificial
are intelligence.
shifting towards Attacks in 2025 will
harmonization, Drawing insights from observed threats
expertise
based on theandgaps
insights of industry
and vulnerabilities not only
with the be
goalmore sophisticated
of unifying but also
disparate across the digital payment ecosystem,
leaders to provide
highlighted a unified
in the previous view of
section, it’s exponentially
standards moreregions.
across evasive Compliance
and pervasive. we present a series of predictions for
the cybersecurity
crucial landscape
to shift our focus in and
forward 2024.grasp Threat
is actors arefrom
transforming set toa harness
burdensomeAI to craft 2025 - seven highly anticipated attack
It
howreflects a seamless landscape
the cybersecurity exchange is ofset to highly customized
obligation assaults, leaving
into a strategic enabler— minimal methodologies likely to dominate the threat
knowledge, shaped
transform in the comingby year.
real-world cyber
Understanding tracethat
one as they
canoperate at an unprecedented
unlock growth, improve landscape in 2025.
incidents, evolving
the trends and adversarial
challenges of 2025tactics,
is not and scale—powered
operational by the same
efficiency, revolutionary
and reinforce
emerging threat intelligence.
just valuable—it’s imperative for crafting technologies
resilience transforming
in sectors industries
like digital payments, These insights aim to empower
strategies that are resilient to the threats of globally.
where Add to that
sensitive datathe looming
remains quantum
a prime organizations with a forward-looking
By integrating a national perspective on
tomorrow. computing
target revolution capable of rendering
for attackers. perspective, guiding them to anticipate,
cyber trends with frontline experience today’s encryption obsolete, organizations adapt, and fortify their defenses in the
in mitigating
As we peer intosophisticated
the future of attacks, this
cybersecurity, face an evolving
Beneath and complex
these strategic shiftsreality.
lies a more face of an increasingly volatile cyber
report
the delivers
crystal a holistic
ball reveals understanding
a landscape Preparingreality—critical
pressing for these seismiccontrol
shifts isgaps
no environment.
of the shifting
dramatically threat environment.
reshaped by the power of The longer optional;
continue it’s essential
to persist for survival.
across industries.
result is a comprehensive resource that Weak access controls, over-privileged
empowers organizations to anticipate user accounts, and misconfigurations
risks, strengthen defenses, and navigate leave even the most fortified
the complexities of today’s cybersecurity organizations exposed. This report
challenges. highlights Rise
howofthese
deep fakes &
vulnerabilities are
AI generated content
not merely by-products of oversight but
Attackers will leverage deep
Over the past year, cyberattacks have structural weaknesses that adversaries
fakes to impersonate executives
grown more sophisticated, driven by consistently
andexploit to devastating
bypass verification, enabling effect.
social engineering attacks.
the intersection of new techniques and
the persistence of proven methods.
IoT devices expanding As the industry braces for what lies Growing threat of
Social engineering, inattack surfaces
particular, has ahead, the future of cybersecurity is supply chain attacks
and malicious libraries
surged to the forefront, with Business
Compromised IoT devices already being reshaped by artificial
provide entry points for attackers, Malicious code injected into
Email Compromise (BEC) and advanced intelligence (AI). The same technology
enabling lateral movement trusted software updates or
phishing campaigns operating
across networkswith
and potentially that drives innovation is arming attackers libraries compromises entire supply
disrupting critical operations. chains, spreading vulnerabilities
alarming precision. These attacks, often with the tools to conduct highly across multiple organizations.
bolstered by data sourced from the dark personalized, evasive,01 and large-scale
web, bypass traditional defenses by attacks. In 2025 and beyond, AI-driven
leveraging stolen credentials and session threats07will challenge existing defense
cookies, effectively neutralizing multi- mechanisms, forcing organizations to02
factor authentication. Meanwhile, supply rethink their approach to threat detection
chain breaches have escalated, exploiting and response.
ANTICIPATED CYBER
the trust organizations
Crypto - A new place in third-party
frontier THREATS IN 2025 Emerging threat of
vendors andforopen-source
cyber threats repositories 06 report offers
This concrete
Identify. Defend. LLM prompt hacking
thereby introducing vulnerabilities at
Cyber attackers exploit
recommendationsSecurerooted in frontline 03
the future. Attackers manipulate LLM
scale. cryptocurrencies for anonymous audits and incident analysis, outlining the (Large Language Models)
transactions, target crypto wallets, inputs to extract sensitive data,
and attack exchanges, leading to steps necessary to close control gaps, override controls, and induce
financial
Yet, the rising tide theft
ofand extortion.
cyber threats is strengthen defenses, and build adaptive harmful outputs in local Al
05 applications.
not occurring in isolation. As digital strategies against emerging 04threats. The
ecosystems expand, so too does the findings presented here serve as both a
recognition that compliance must evolve reflection of the current landscape and a
beyond rigid frameworks. This report guidepost for navigating the uncertainties
explores how regulatory landscapesQuantum computing
of tomorrow.
- Adversarial LLMs
A looming threat to enchaning attack
cryptography capabilities
Quantum advancements Malicious LLMs (Large Language
threaten to break current Models) enable attackers to
encryption methods, exposing automate malware creation,
sensitive data and enabling phishing campaigns, and exploit
large-scale cyber espionage. development, intensifying the
threat landscape.

8
33 DIGITAL THREAT REPORT 2024
 ANTICIPATED ATTACK 1:
RISE OF DEEP FAKES AND AI-GENERATED CONTENT

Attackers are expected to increasingly for multi-factor authentication (MFA),

leverage deep fakes and AI-generated passwords, or other sensitive information.
content as potent tools for intrusion,
particularly in social engineering attacks. The challenges in detection and verification
The advancement of deep fake technology of such AI-generated content are significant.
enables the creation of highly realistic and As the technology becomes more
manipulated audio and video content that sophisticated and accessible, it becomes
can convincingly impersonate individuals. increasingly difficult for users to distinguish
between genuine and manipulated media.
Deep fake voice and video allow cyber Traditional verification methods that rely
perpetrators to mimic the voices and on voice recognition or visual confirmation
appearances of executives, employees, or are no longer sufficient, as deep fakes can
trusted partners. For example, an attacker replicate these cues with high accuracy.
might use a deep fake video during a This creates substantial risks, especially in
virtual meeting to deceive a finance team business contexts where critical decisions
into authorizing a unauthorized transfer or and transactions are made based on virtual
employ a deep fake voice to trick individuals interactions.
into revealing one-time passwords (OTPs)

ANTICIPATED ATTACK 2:
GROWING THREAT OF SUPPLY CHAIN
ATTACKS AND MALICIOUS LIBRARIES

Attackers are expected to increasingly Unsuspecting developers may inadvertently

focus on supply chain attacks, exploiting incorporate these tainted libraries into
vulnerabilities in software development their projects, introducing vulnerabilities,
processes to compromise multiple backdoors, or malware into their
organizations simultaneously. One applications. This method allows attackers
primary method involves the exploitation to spread malicious code across a wide
of code repositories. Cyber attackers array of software products and services,
gain unauthorized access to developers’ amplifying the potential impact.
accounts on platforms like GitHub or inject
malicious code into the source code of Furthermore, there is growing apprehension
widely used applications. By infiltrating the about the influence on Large Language
development environment, attackers can Models (LLMs). Attackers may attempt to
insert malware directly into the codebase, manipulate LLMs or their training data to
which is then unknowingly distributed to promote malicious libraries. By poisoning
clients through regular software updates or the datasets or exploiting vulnerabilities
new releases. This tactic enables attackers in the models, they can cause LLMs to
to bypass traditional security measures, as suggest or generate code that includes
the malicious code originates from a trusted compromised libraries. Developers
source. relying on LLMs for coding assistance or
recommendations might then integrate
these malicious components into their
applications, unknowingly propagating
Another concerning trend vulnerabilities. Even in organizations that
is the distribution of prohibit direct use of LLM-generated
malicious libraries disguised code, developers may still seek guidance
as genuine. Attackers from these models, increasing the risk of
publish counterfeit libraries incorporating tainted libraries.
that mimic legitimate ones,
often with names that
are deceptively similar to
popular libraries.

34 DIGITAL THREAT REPORT 2024

ANTICIPATED ATTACK 3:
EMERGING THREAT OF LLM PROMPT HACKING IN APPLICATIONS

As Large Language Models (LLMs) become Attackers can exploit these vulnerabilities
increasingly integrated into various to manipulate the LLM’s output, leading to
applications, there is a growing threat unauthorized actions, disclosure of sensitive
of LLM prompt hacking, where attackers information, or the generation of harmful
manipulate the inputs to these models content.
to induce unintended and potentially
harmful behaviors. This threat is particularly Prompt Hacking Techniques and Risks
pronounced in applications that host
LLMs locally, rather than relying on APIs One common prompt hacking technique
from established providers like OpenAI or involves crafting inputs that bypass the
Anthropic. model’s intended constraints, such as the
“grandmother exploit,” where attackers
manipulate the model into providing
disallowed information by framing the
request in a specific context.
Locally hosted LLMs may
proprietary data or personally identifiable
lack the comprehensive
Attackers may use prompt injection attacks information (PII) that the model has been
safety measures and
to override system prompts or extract trained on.
robust security features
confidential data that the model has been • Manipulate decision-making processes:
implemented by these
exposed to during training. In applications Influencing the outputs of the LLM in
providers, making them
like chatbots, virtual assistants, or interactive ways that could affect business decisions,
more susceptible to
voice response (IVR) systems, attackers customer interactions, or automated
exploitation.
with knowledge of the underlying LLM can systems.
manipulate prompts to:
Vulnerabilities in Locally Hosted LLMs The risks associated with LLM prompt
• Inject malicious content: Causing hacking are significant, as successful
When organizations incorporate LLMs the LLM to generate harmful or attacks can compromise data integrity,
directly into their environments, they assume inappropriate responses that could confidentiality, and system availability.
the responsibility for implementing security damage the organization’s reputation or Organizations relying on LLMs for critical
measures to protect against prompt hacking lead to legal issues. functions may face severe consequences,
and other attacks. Many locally hosted LLMs • Exfiltrate data: Extracting sensitive including data breaches, financial losses,
may not have sufficient safeguards against information from the model, such as and erosion of customer trust.
adversarial inputs, leaving them vulnerable.

ANTICIPATED ATTACK 4:
INFLUENCE OF ADVERSARIAL LLMS ENHANCING
ATTACK CAPABILITIES

Attackers are increasingly leveraging generated malware and exploits can adapt, Furthermore, the availability of adversarial
adversarial Large Language Models (LLMs) obfuscate, and mutate to avoid detection LLMs lowers the barrier for novice malicious
to significantly enhance their cyberattack by conventional antivirus software and actors. Individuals with limited technical
capabilities, posing new challenges to Endpoint Detection and Response (EDR) expertise can now execute complex
cybersecurity defenses. These malicious systems. cyberattacks by simply interacting with these
LLMs—such as WormGPT, FraudGPT, malicious AI models. This democratization
WolfGPT, and XXXGPT—are designed to of advanced attack capabilities leads to an
generate sophisticated and tailored cyber increase in the volume and sophistication
threats with minimal effort. By utilizing these The polymorphic nature of cyber threats, as more threat actors can
advanced models, attackers can create of AIcrafted code means launch attacks that previously required
highly effective malware, craft convincing that signature-based specialized skills.
phishing emails, and automate the detection methods are less
development of exploits. effective, as each iteration
can appear unique while
One of the key concerns is the evasion maintaining its malicious
of traditional security measures. AI- functionality.

35 DIGITAL THREAT REPORT 2024

ANTICIPATED ATTACK 5:
QUANTUM COMPUTING - A LOOMING THREAT TO CRYPTOGRAPHY

Quantum computing is set to revolutionize Current encryption methods, both symmetric encryption by effectively halving
the world of information technology by asymmetric algorithms like RSA and the key length.
introducing computational power that symmetric algorithms such as Triple DES (3-
vastly exceeds current capabilities. With an DES) and certain key lengths of AES (like 64- In such a scenario, we face a situation
exponential increase in processing speed— bit AES), rely on the computational difficulty where the integrity of the sender in any
sometimes described in astronomical terms of specific mathematical problems. Classical communication cannot be trusted. Intruders
like 2 to power of 3 to the power of 1000 computers find it infeasible to solve these equipped with quantum computers could
—quantum computers can tackle complex problems within a reasonable timeframe, easily break encryption keys and algorithms,
problems that are practically unsolvable by which is why these encryption methods are enabling them to conduct man-in-the-
classical computers. considered secure. middle attacks. They could intercept,
decrypt, and even alter messages without
However quantum computing holds the the sender or receiver being aware,
potential to break existing encryption compromising the confidentiality and
The introduction of algorithms and keys that safeguard our integrity of the communication.
quantum computing digital communications. Algorithms
poses a critical threat like Shor’s algorithm can factor large
to all applications and numbers and compute discrete logarithms
communication channels exponentially faster than classical
that rely on public key algorithms. This capability effectively
infrastructure, digital renders asymmetric encryption vulnerable.
certificates, and key Similarly, Grover’s algorithm can speed up
exchange protocols. the brute-force search process, weakening

ANTICIPATED ATTACK 6:
CRYPTO: A NEW FRONTIER FOR CYBER THREATS

Cryptocurrency has significantly altered Additionally, a new breed of malware This trend has led to the development of
the cyber threat landscape, empowering has emerged that goes beyond the an entire ecosystem designed to support
intruders in ways that previous technologies traditional goal of harvesting Personally these illicit transactions. Services and
could not. Initially, the cyber perpetrators Identifiable Information (PII). These platforms have emerged to facilitate the
utilized Bitcoin for illicit transactions sophisticated malware programs scan exchange, laundering, and obfuscation of
due to its widespread acceptance. infected environments not just for sensitive cryptocurrency funds, making it easier for
However, they’ve since migrated to other data but specifically for the presence of intruders to monetize their activities without
cryptocurrencies like Monero (XMR), cryptocurrency wallets or the keys that leaving a traceable trail.
which offer enhanced privacy and non- secure them. By extracting these keys,
traceability. Monero’s advanced encryption intruders can gain unauthorized access to
techniques obscure transaction details, victims’ crypto assets, leading to significant
making it exceptionally challenging for law financial losses.
enforcement agencies to trace funds and
identify the individuals involved.

This shift in cryptocurrency preference has

also seen a change in the tactics employed The evolution of
by intruders. They have evolved from using cryptocurrency has also
compromised systems merely as crypto facilitated the rise of
miners—where infected computers are ransom and data extortion
hijacked to mine cryptocurrencies without schemes. Malicious
the owner’s knowledge—to more direct actors now commonly
and profitable endeavours like targeting demand payment
cryptocurrency exchanges. By attacking in cryptocurrencies,
these exchanges, intruders aim to steal leveraging their anonymity
large amounts of digital currency, exploiting to avoid detection.
security vulnerabilities within these
platforms.

36 DIGITAL THREAT REPORT 2024

ANTICIPATED ATTACK 7:
IoT, THE EMERGING THREATS TO EMBEDDED DEVICES

Cloud-Connected Embedded Devices malicious firmware, bricking devices or

causing widespread failures. Attackers can
Embedded devices increasingly rely on exploit open debug interfaces to reverse
cloud services like Amazon Elastic Compute engineer firmware and tamper with the
Cloud (AWS EC2) and Message Queuing OTA process. Since firmware is often
Telemetry Transport (MQTT) brokers to identical across devices, malicious updates
transmit and store data. These devices propagate rapidly, turning a single breach
collect sensor or user data and push it into a system-wide threat.
to services like AWS S3 using temporary
credentials assigned by the cloud. While
efficient, this creates vulnerabilities— Hardware Trojans, chip backdoor &
compromised credentials from one device “Movie-Style” Attacks in real life
can grant attackers access to the larger
cloud infrastructure. If thousands of devices Hardware Trojans—malicious circuit
share identical configurations, breaching modifications—can be inserted during
one can expose the entire fleet, risking chip fabrication or assembly. Attackers
data theft, lateral movement, or operational or nation-states can implant these rogue
disruption. components that remain dormant until
triggered. An extra chip can be concealed
beneath a Ball Grid Array (BGA) package or
Firmware Reverse Engineering, IP masked with high-temperature adhesives,
Theft, Digital Twins & Secret Extraction making detection nearly impossible without
specialized forensics. These implants
Firmware holds the core intellectual enable remote takeovers, allowing attackers
property (IP) and operational logic of to control infrastructure with a single
embedded devices, making it a high- command. In large-scale deployments,
value target for attackers. By reverse compromising one node can escalate
engineering firmware, adversaries can inject to entire networks. Lack of PCB-level
malicious code, alter device behavior, or inspections leaves critical systems vulnerable
create “digital twins” that mimic legitimate to these stealthy attacks.
devices while feeding manipulated data
into real systems. This can disrupt critical
operations, especially in environments Scalability of Attacks, Mod Chips, Side-
where devices control physical processes or Channel Analysis and Glitching
infrastructure. Additionally, firmware often
contains proprietary algorithms and secrets, Hardware exploits, once developed, can
allowing attackers to clone products, bypass be mass-produced through mod chips
protections, or extract shared encryption or glitching techniques. Mod chips—
keys embedded across entire product lines. initially used to bypass gaming console
A single compromised device can expose an security—can scale to automotive and IoT
entire fleet, enabling adversaries to escalate systems, bypassing protections at scale.
privileges, manipulate data, or propagate Side-channel analysis reveals sensitive
malware across interconnected systems, data by monitoring power consumption or
threatening IP, operational security, and electromagnetic leaks, while voltage faults
product integrity. at critical moments can bypass security
checks. These scalable methods transform
niche vulnerabilities into widespread threats,
OTA Updates & Single-Device Pivot compromising even highly secure systems.

Over the air (OTA) updates simplify firmware

patching but introduce significant risk. A
compromised update server can distribute

37 DIGITAL THREAT REPORT 2024

RECOMMENDATIONS:
RECOMMENDATIONS:
STRENGTHENING YOUR
STRENGTHENING
CYBERSECURITY POSTURE
CYBERSECURITY POSTURE
38 DIGITAL THREAT REPORT 2024
38 DIGITAL THREAT REPORT 2024
RECOMMENDATIONS: STRENGTHENING
YOUR CYBERSECURITY POSTURE
Having explored the TTPs (Tactics, The solution lies in establishing effective, defenses, mitigate vulnerabilities, and
Techniques, and Procedures) used by adaptable, and forward-thinking effectively protect sensitive data. These
attackers, examined unique case studies cybersecurity strategies. recommendations aim to empower
showcasing their stealth and evasion organizations to stay ahead in an ever-
techniques, and gained a glimpse into The following section highlights the key evolving threat landscape while enhancing
the anticipated trends of 2025, it’s time controls organizations should implement, operational efficiency and resilience.
to focus on the critical question: What based on insights from audit and
can organizations do to stay secure? incident analysis findings, to strengthen

ADAPTABLE, FORWARD-THINKING CYBERSECURITY IS BUILT

ON KEY CONTROLS THAT DEFEND, MITIGATE, AND PROTECT.

PEOPLE
(Awareness, Training, and Culture)

• Increase the Frequency of Information Security Training

• Strengthen Risk Management and Governance
• Focus on Securing Remote and Hybrid Work Technologies

ENHANCING PROCESS
(Policies, Procedures, and Governance)

RESILIENCE •
•
Accelerate Vulnerability Assessments Time Frame
Develop Comprehensive Incident Response Playbooks
ACROSS KEY • Integrate Threat Intelligence into Monitoring Processes

DOMAINS
• Defense-in-depth program
• Zero Trust Architecture (ZTA) Implementation

TECHNOLOGY
(Tools, Systems, and Solutions)

• Increase the Frequency of Patching Network Devices

• Implement Al-Powered Anomaly Detection and Dark Web Monitoring
• Application and API Security
• Authentication and Access Control
• Endpoint and Email Security
• Security Testing of Al-Native Applications

39 DIGITAL THREAT REPORT 2024

BUILDING A RESILIENT PEOPLE - FORCE: STRENGTHENING CYBERSECURITY
THROUGH TRAINING, GOVERNANCE, AND REMOTE SECURITY

A strong and adaptable cybersecurity posture begins with people. Organizations must
foster a culture where cybersecurity awareness is continuous, leadership-driven, and
embedded across all levels.

Continuous Information Security Risk Management and Governance

Training for Long-Term Resilience

Transitioning from annual to quarterly A proactive, comprehensive risk

security training enhances resilience by management framework is essential
keeping employees vigilant against evolving to enhance regulatory adherence and
threats like AI-driven phishing and deepfake fortify the overall security posture. This
scams. Frequent education ensures that framework drives transparency, enables
staff stay informed about emerging attack standardized reporting, and facilitates
vectors and reinforces proactive security benchmarking against industry best
behavior. By involving the entire workforce, practices. Strong governance mechanisms
from executives to frontline employees, ensure accountability, incident disclosure,
organizations establish a unified defense and effective resource allocation to mitigate
against social engineering tactics. risks.

Leadership plays a crucial role in shaping Regular security assessments, incident

this culture. When executives prioritize monitoring, and performance tracking
cybersecurity and actively champion training through metrics—such as known
initiatives, it signals the importance of vulnerabilities and training completion
security as part of the broader business rates—provide actionable insights that
strategy. This top-down approach not drive timely adjustments. Governance
only protects sensitive data but also structures that evaluate AI-related risks,
builds customer trust and solidifies the adversarial threats, and ethical concerns
organization’s long-term success. position organizations to address emerging
vulnerabilities before they escalate.

Securing Remote and Hybrid Work By integrating cybersecurity governance

Environments into the organization’s core, businesses not
only enhance regulatory compliance but
As remote and hybrid work models expand also foster resilience against increasingly
the attack surface, organizations must sophisticated threats. This holistic approach
secure the technologies that support ensures that cybersecurity measures
these environments. Conducting regular align with broader business objectives,
vulnerability assessments, enforcing timely empowering the organization to navigate
patching, and strengthening remote access and thrive in a complex digital landscape.
solutions are essential steps. High-profile
incidents, such as the MOVEit Transfer
vulnerabilities, underscore the critical need
for ongoing vigilance in securing internet-
facing systems and remote infrastructure.

40 DIGITAL THREAT REPORT 2024

STRENGTHENING CYBERSECURITY THROUGH
PROACTIVE PROCESSES AND LAYERED DEFENSES

Effective cybersecurity relies on processes that not only anticipate threats but also
build resilience through continuous monitoring, adaptive defense strategies, and
structured responses.

By embedding dynamic processes, organizations can minimize vulnerabilities,

streamline detection, and respond swiftly to emerging threats.

Accelerated Vulnerability Defense-in-Depth as a Strategic Zero Trust Architecture (ZTA) for

Assessments Imperative Modern Threats

In today’s rapidly evolving threat landscape, No single solution can fully protect against The traditional network perimeter is no
waiting for quarterly or annual vulnerability modern cyber threats. Defense-in-Depth longer sufficient as remote work, cloud
assessments is no longer sufficient. offers a layered strategy where multiple services, and mobile devices expand the
Conducting daily or weekly assessments controls—firewalls, intrusion prevention, attack surface. Zero Trust Architecture (ZTA)
using automated solutions is essential to and endpoint detection—work in tandem enforces continuous authentication, granular
identify and mitigate weaknesses before to detect, delay, or mitigate attacks. access control, and micro-segmentation to
attackers exploit them. The time between This holistic framework extends beyond safeguard sensitive assets. By assuming that
vulnerability disclosure and exploitation technology, incorporating policies and no user or device can be implicitly trusted,
has drastically shortened, making real- procedures that reinforce organizational ZTA reduces lateral movement and limits
time scanning a critical component of resilience. Endpoint Detection and the damage potential of compromised
organizational security. Automated tools Response (EDR) tools play a pivotal role credentials or insider threats.
ensure systems are continuously monitored, in addressing AI-driven and customized
allowing teams to prioritize remediation and malware threats, bridging the gap left by Proactive processes form the backbone
close security gaps swiftly. traditional antivirus solutions. This layered of a resilient cybersecurity strategy. By
approach creates redundancies, ensuring accelerating assessments, embedding
that even if one control fails, others remain intelligence, deploying layered defenses,
Threat Intelligence Integration active to contain breaches. and implementing Zero Trust, organizations
can build robust frameworks that withstand
As adversaries grow more sophisticated, evolving threats.
the integration of threat intelligence into Comprehensive Incident
monitoring processes is crucial. Threat Response Playbooks
actors often share tools and vulnerabilities,
necessitating collective action and Preparedness is critical. Standardized
intelligence sharing. Organizations must playbooks for responding to diverse cyber
incorporate reputable threat feeds (such as incidents ensure that teams act quickly,
from CERT-In) into their security frameworks uniformly for the type of incident and
to proactively detect attack patterns. This decisively. These playbooks guide analysis,
intelligence-driven approach enables faster containment, and mitigation, reducing the
response times and anticipates threats chance of oversight during critical moments.
based on evolving tactics, strengthening By establishing predefined response
defenses across the board. By fostering protocols, organizations can streamline
collaboration between vendors, enterprises, investigations, minimizing operational
and industry peers, organizations create disruptions and financial losses.
a unified defense that mirrors the
interconnected strategies used by threat
actors.

41 DIGITAL THREAT REPORT 2024

TECHNOLOGY: BUILDING RESILIENT CYBER DEFENSES

Accelerate Patching of Network Application and API Security Securing AI-Native Applications
Devices
APIs represent a critical attack vector, APIs within AI-native applications are often
Network devices are prime targets for especially in AI-native and payments overlooked during development. API
attackers, with vulnerabilities in firewalls ecosystems. To mitigate threats: security testing must be embedded early
and VPNs surging by 229% in the past year. • Secure APIs with strong authentication in the Software Development Lifecycle
Zero-day exploits are being weaponized (OAuth, JWT, API keys) and enforce IP (SDLC) to uncover hidden vulnerabilities.
faster, with some attacks launched within whitelisting. By expanding Dynamic Application Security
hours of disclosure. To stay ahead, • Use server-to-server validation to Testing (DAST) to cover API endpoints,
organizations must aggressively patch safeguard sensitive transactions, avoiding organizations address gaps that traditional
network devices on a continuous basis, browser redirects. scanning might miss. Proactive testing
reducing exposure and closing critical • Implement CORS (Cross-Origin against OWASP Top 10 API vulnerabilities
gaps before exploitation occurs. This Resource Sharing) restrictions to prevent ensures AI systems are protected at scale.
proactive stance is essential to safeguard unauthorized domains from accessing
infrastructure from evolving AI-powered APIs. Through a layered technological defense,
attack techniques. organizations can reduce exploitable
By locking down API access and restricting weaknesses, safeguard sensitive operations,
sensitive documentation, organizations can and stay resilient in the face of rapidly
AI-Driven Anomaly Detection and reduce risks of API-driven data breaches and evolving cyber threats.
Dark Web Monitoring unauthorized system interactions.

Traditional security tools fall short against

stealthy, adaptive threats. AI-powered Endpoint and Email Security
anomaly detection continuously monitors
for irregular behaviors that evade standard Endpoints remain a primary entry point
defenses. These systems can identify subtle for phishing and ransomware. Application
deviations in user behavior, pinpointing whitelisting should be enforced to block
malicious activities hidden within normal unauthorized software, while robust email
operations. Simultaneously, dark web and web filters intercept phishing attempts
monitoring ensures early detection of and malicious advertisements. Keeping
compromised credentials, allowing antivirus solutions updated and restricting
organizations to enforce rapid password unnecessary remote-access tools further
resets and mitigate potential breaches strengthens endpoint defenses. Limiting
before they escalate. exposure at this level reduces the likelihood
of breaches escalating across the network.

Strengthen Authentication and

Access Control

Multi-Factor Authentication (MFA) must

be enforced across all sensitive financial
operations (e.g., NEFT/RTGS). This ensures
robust identity verification and mitigates
insider threats. Strict access control lists
should be maintained and regularly
reviewed to prevent overprovisioned
accounts. Applying the principle of least
privilege reduces unnecessary access,
narrowing the attack surface and minimizing
potential damage from compromised
accounts.

42 DIGITAL THREAT REPORT 2024

CONCLUSION
CONCLUSION

43 DIGITAL THREAT REPORT 2024

43 DIGITAL THREAT REPORT 2024

CONCLUSION
And with that, CERT-In, CSIRT-Fin and interconnected systems, requires constant
SISA wrap up this year’s journey through vigilance and adaptability to protect against
the shifting sands of the cybersecurity emerging risks.
landscape. We hope this report has
provided you with meaningful insights, We hope this report serves as a valuable
actionable takeaways, and maybe even resource in helping you identify potential
a fresh perspective on the challenges we vulnerabilities, prepare for the unexpected,
collectively face. and prioritize investments in your
cybersecurity strategies. At the heart of this
The BFSI industry stands at a unique effort is the shared goal of building a secure
intersection of opportunity and risk. As digital society—one that safeguards trust,
non-cash transactions continue to grow at innovation, and growth.
an extraordinary pace, fueled by the shift
to e-commerce and the digitization of B2B We want to extend our heartfelt thanks
payments, the sector is transforming into to the many contributors who helped
an increasingly complex ecosystem. While bring this report to life, from data partners
these advancements open new doors for to researchers, whose expertise and
innovation and customer engagement, they collaboration made it possible. And to you,
also present attractive targets for cyber our readers, thank you for your continued
adversaries seeking to exploit vulnerabilities engagement, feedback, and commitment to
for gain. advancing cybersecurity.

The journey to secure this ecosystem is far The road ahead will undoubtedly be filled
from over. Threats are constantly evolving, with challenges, but with the right insights,
and as technology advances, so do the preparation, and dedication, it’s a road we
tactics and motives of those seeking to can navigate together. Here’s to building a
disrupt it. The digital payments sector, with safer and more secure future for all.
its immense value and increasing reliance on

ACKNOWLEDGEMENTS
We express our deepest gratitude to our Team for the Indian Financial Sector) and
customers and partners, whose trust and CERT-In (Indian Computer emergency
collaboration are the cornerstone of our Response Team), whose contributions have
efforts. Engaging with them not only helps been instrumental in the creation of this
us exchange knowledge but also drives our report. Their ability to synthesize findings,
continuous growth and learning. Together, provide insights, and bring this analysis to
we share a vision of building a more secure life underscores the incredible talent, depth
and resilient digital ecosystem. and dedication within the respective teams.

A huge thanks to SISA’ites, officers of CSIRT-

Fin (Computer Security Incident Response

This report is a product of collective effort, collaboration,

and shared commitment to cybersecurity, and we are
immensely grateful to everyone who made it possible.

44 DIGITAL THREAT REPORT 2024

REFERENCES
1. https://www.ibm.com/reports/data-breach
2. https://www.business-standard.com/finance/news/average-cost-of-data-breaches-in-
india-hits-2-18-million-rbi-report-124072900610_1.html
3. https://www.financialexpress.com/life/technology-phishing-attacks-on-financial-sectors-
soar-in-india-increasing-by-175-in-2024-report-3669276/
4. SISA Forensics Investigations
5. SISA Forensics Investigations
6. Verizon DBIR 2024: Five Compelling Stats
7. https://cointelegraph.com/news/engineer-hacks-trezor-wallet-recovers-2m-in-lost-crypto
8. https://panaseer.com/resources/reports/2022-security-leaders-peer-report

https://www.sharefile.com/resource/blogs/cybersecurity-trends
https://www.beyondtrust.com/blog/entry/beyondtrust-cybersecurity-trend-predictions
https://blog.shi.com/cybersecurity/are-you-protected-2025s-top-cybersecurity-trends-and-strategies-to-follow-now/
https://medium.com/@DataFlowX/the-future-of-cybersecurity-predictions-and-trends-for-2025-21e95173d1e9
https://www.pwc.com/gx/en/tmt/5g/pwc-securing-5gs-future.pdf
https://www.sharefile.com/resource/blogs/cybersecurity-trends
https://www.beyondtrust.com/blog/entry/beyondtrust-cybersecurity-trend-predictions
https://blog.checkpoint.com/security/2025-cyber-security-predictions-the-rise-of-ai-driven-attacks-quantum-threats-and-social-media-
exploitation/
https://www.weforum.org/stories/2024/10/cyber-resilience-emerging-technology-ai-cybersecurity/
https://www.forbes.com/councils/forbestechcouncil/2024/07/11/the-future-of-cybersecurity-emerging-threats-and-how-to-combat-them/
https://blog.checkpoint.com/research/ransomwares-evolving-threat-the-rise-of-ransomhub-decline-of-lockbit-and-the-new-era-of-data-
extortion/
https://www.scworld.com/news/north-korean-nation-state-threat-actor-using-play-ransomware
https://www.datacenterknowledge.com/data-storage/evolving-ransomware-threats-why-offline-storage-is-essential-for-modern-data-
protection
https://www.scmr.com/article/regulations-are-forcing-organizations-to-address-software-supply-chain-security/procurement
https://cybersecurityventures.com/software-supply-chain-attacks-to-cost-the-world-60-billion-by-2025/
https://www.scmr.com/article/supply-chain-cyberattacks
https://venturebeat.com/security/forresters-ciso-budget-priorities-for-2025-focus-on-api-supply-chain-security/
https://cybersecurity-magazine.com/why-are-supply-chain-attacks-increasing/
https://www.infosecurityeurope.com/en-gb/blog/threat-vectors/supply-chain-attacks-cyber-threat.html
https://fintechmagazine.com/articles/why-the-finance-sector-grapples-with-software-security-debt
https://hbr.org/2024/10/phishing-attacks-are-evolving-heres-how-to-resist-them
https://flashpoint.io/blog/russian-apt-groups-cyber-threats/
https://www.thisdaylive.com/index.php/2024/09/26/top-vulnerabilities-in-iot-devices-what-hackers-target-how-to-defend-against-them/
https://www.zscaler.com/press/zscaler-threatlabz-finds-400-increase-iot-and-ot-malware-attacks-year-over-year-underscoring
https://www.paymentsjournal.com/asia-overtakes-north-america-as-leading-crypto-development-hub/
https://www.statista.com/statistics/1393453/crypto-payments-global-market-size/
https://www.darkreading.com/cyberattacks-data-breaches/cryptocurrency-attacks-quadrupled-cybercriminals-cash-in
https://www.thomsonreuters.com/en-us/posts/government/identity-theft-drivers/
https://venturebeat.com/security/how-ai-driven-identity-attacks-are-defining-the-new-threatscape/
https://www.scworld.com/resource/why-identity-has-become-a-trojan-horse-and-what-to-do-about-it
https://www.techbusinessnews.com.au/blog/ai-driven-cyber attacks-the-alarming-surge/
https://www.londondaily.news/unlocking-the-potential-of-5g-technology-opportunities-and-challenges-ahead/
https://www.techradar.com/pro/the-rise-of-identity-related-cyberattacks-costs-challenges-and-the-role-of-ai
https://www.techmagic.co/blog/ai-in-cybersecurity
https://www.micromindercs.com/blog/ai-threat-intelligence-empowering-cybersecurity
https://securityintelligence.com/articles/3-proven-use-cases-for-ai-preventative-cybersecurity/
https://www.intelligentcio.com/eu/2024/04/22/the-role-of-cybersecurity-in-securing-critical-infrastructure/

45 DIGITAL THREAT REPORT 2024

REFERENCES
https://www.auditboard.com/blog/security-vs-compliance/
https://www.tripwire.com/state-of-security/compliance-vs-security-striking-right-balance-cybersecurity
https://www.scrut.io/post/how-to-prevent-cyberattacks-by-balancing-security-and-compliance
https://www.securitymagazine.com/articles/99259-compliance-and-security-are-two-sides-of-the-same-coin
https://www.tripwire.com/resources/guides/mind-the-cybersecurity-compliance-gap
https://www.csoonline.com/article/1309993/grc-impact-and-challenges-to-cybersecurity.html
https://www.mckinsey.com/industries/financial-services/our-insights/global-payments-in-2024-simpler-interfaces-complex-reality
https://cxotoday.com/interviews/turning-data-breaches-into-opportunities-strategies-for-indian-businesses-to-strengthen-cybersecurity-and-
reduce-risks/
https://www.scworld.com/resource/building-cybersecurity-resilience-strategies-technologies-and-best-practices-from-industry-leaders
https://www.techtarget.com/searchsecurity/tip/5-tips-for-building-a-cybersecurity-culture-at-your-company
https://www.weforum.org/stories/2024/04/cybersecurity-key-strategies-cyber-resilience-2024/
https://www.techtarget.com/searchsecurity/feature/Security-posture-management-a-huge-challenge-for-IT-pros
https://www.techtarget.com/healthtechsecurity/feature/Navigating-cyber-insurance-coverage-as-threats-evolve
https://www.helpnetsecurity.com/2024/07/05/iot-security-privacy-challenges/
https://www.paloaltonetworks.com/cybersecurity-perspectives/how-to-secure-iot-in-financial-services
https://securityintelligence.com/articles/what-are-the-risks-of-the-iot-in-financial-services/
https://www.statista.com/statistics/1183457/iot-connected-devices-worldwide/

46 DIGITAL THREAT REPORT 2024

 SISA
SISA is a forensics-driven cybersecurity company solutions provider specializing in
securing the digital payments industry. As a Global Payment Forensic Investigator of the
PCI Security Standards Council, we leverage forensics insights into preventive, detective,
and corrective security solutions, protecting 1,000+ organizations across 40+ countries
from evolving cyberthreats. Our suite of solutions from AI-driven compliance, advanced
security testing, agentic detection/ response and learner focused-training has been
honored with prestigious awards, including from Financial Express, DSCI-NASSCOM and
The Economic Times. With commitment to innovation, and pioneering advancements in
Quantum Security, Hardware Security, and Cybersecurity for AI, SISA is shaping the future
of cybersecurity through cutting-edge forensics research.

CERT-In
CERT-In is the national agency for responding to computer security incidents as and
when they occur. In the Information Technology Amendment Act 2008,CERT-In has
been designated to serve as the national agency to perform the following functions
in the area of cyber security:

• Collection,analysis and dissemination of information on cyber incidents.

• Forecast and alerts of cyber security incidents.
• Emergency measures for handling cyber security incidents.
• Coordination of cyber incident response activities.
• Issue guidelines,advisories,vulnerability notes and whitepapers relating to information
security practices,procedures, prevention,response and reporting of cyber incidents.
• Such other functions relating to cyber security as may be prescribed
Refer www.cert-in.org.in for more details

CSIRT-Fin
Computer Security Incident Response Team in Finance sector (CSIRT-Fin) , is a
nodal sectoral CSIRT which provides Incident Prevention and Response services
as well as Security Quality Management Services to the entities of the Indian
financial sector. It manages cyber incidents and coordinate responses across
banking, securities market infrastructure, insurance, and pension funds entities.

It carries out the following roles related to the cyber security in financial sector:

i. Collection, analysis & dissemination of information on cyber incidents.

ii. Forecast and alerts on cyber security incidents.
iii. Emergency measures on cyber security incidents.
iv. Coordination for cyber incident response activities.
v. Issue guidelines, advisories, vulnerability, and white papers relating to
information security.
vi. Monitor sectoral efforts in the financial sector towards maintaining
dynamic and modern cyber security architecture, developing awareness
amongst regulated entities and public in general.
vii. Such other functions relating to cyber security in the financial sector, as may
be prescribed.

47 DIGITAL THREAT REPORT 2024

48 DIGITAL THREAT REPORT 2024