Financial sector sees sharp increase in cyber threats during 2024

ISLAMABAD: The financial sector in Pakistan saw a sharp increase in cyber threats during 2024, according to the statistics released by a global cybersecurity company on Monday.

According to Kaspersky Security Network statistics, 13.7 percent of users in Pakistan were attacked by web-based threats in the third quarter of 2024 (July-September). These web-based attacks range from phishing to maliciously embedded websites that compromise user data. 18.7 percent of users came across local threats that spread via USB drives, CDs, and encrypted file installers, bypassing detection and further endangering user systems.

At the Cyber Threat Intelligence Summit held in Islamabad, Kaspersky presented a comprehensive overview of the surging cyber threat landscape worldwide, with a particular focus on Pakistan.

Kaspersky revealed data from its Security Network, underscoring that financial malware and spyware attacks have increased, posing significant risk to the digital landscape of the country.

Other prevalent threats include ransomware, phishing attacks and espionage-driven malware specifically engineered to steal sensitive information. Experts also warned about Advanced Persistent Threat (APT) groups like Lazarus and SideWinder leading sophisticated campaigns often aiming for espionage.

Within the financial sector in Pakistan, Kaspersky recorded a 114% rise banking and financial malware during January to October 2024 as compared to the same period of the previous year. These attacks specifically target digital financial operations, posing a substantial risk to individual and institutional financial security.

One of the trends mentioned by Kaspersky experts is that financial cyberthreats for smartphones rise, and this is expected to continue in 2025.

Spyware attacks have also surged by 63% in Pakistan in the ten months of 2024. The intent of this malware is to gather and transmit user data to unauthorized entities. This trend raises serious privacy concerns for both corporate and government entities across the nation. A surge in attacks based on stolen information is expected in 2025.

Industrial Control Systems (ICS) should also be secured from cyberthreats, especially if used in critical infrastructures such as power and utilities, energy and chemical, metals and mining, critical manufacturing. According to Kaspersky Security Network statistics, 29.51% of ICS computers in Pakistan faced cyberthreats in the third quarter of 2024.

These cyberthreats range from denylisted internet resources, malicious scripts and phishing pages, spy trojans, backdoors, keyloggers to more targeted malware for AutoCAD systems.

“Pakistan is actively integrating technologies, but it’s important to keep cybersecurity in mind. Organizations and individuals need to adopt a proactive and multi-layered cybersecurity approach in response to the escalating cyber threats.

Organizations must not only strengthen their internal IT defences but also integrate real-time threat intelligence, continuous monitoring, and rapid incident response into their cybersecurity frameworks.

At the same time, they should educate employees. While individuals should use robust security solutions on all their devices and be informed about cybersecurity hygiene principles,” added Dmitry Berezin, Kaspersky’s Global Security expert.

Copyright Business Recorder, 2024