Tackling Cyber Threats in APJ’s Financial Services Sector

Discover key insights from Akamai’s report on cyber threats in Asia Pacific and Japan’s financial services sector. Learn how to protect your organization from evolving risks and stay ahead in the digital age.

Akamai Technologies, Inc. has published a new report titled “The High Stakes of Innovation: Attack Trends in Financial Services” as part of its State of the Internet series. The report underscores that the Asia Pacific and Japan (APJ) financial services sector remains a prime target for cyberattacks. Web application and API attacks have surged by 36 percent from Q2 2022 to Q2 2023, totaling over 3.7 billion attacks. Of note, Local File Inclusion (LFI) remains the predominant attack method, with a staggering 92.3 percent of these attacks aimed at banks, posing a significant threat to both financial institutions and their customers.

Financial institutions in APJ are increasingly incorporating third-party scripts into their digital channels to enhance customer experiences, with 40 percent of these scripts being third-party in nature. This trend exposes organizations, especially banks and consumer-focused entities, to heightened risks as they expand their digital footprint to reach more customers and gain a competitive edge.

Reuben Koh, Security Technology and Strategy Director (APJ) at Akamai, points out that the use of third-party scripts introduces a layer of risk due to limited visibility into their authenticity and potential vulnerabilities. This lack of visibility creates another avenue for threat actors to launch attacks against banks and their customers.

The report also highlights a 128 percent increase in malicious bot traffic in APJ compared to 2022. This surge emphasizes the sustained assault on financial services customers and their data. Malicious bots are employed by cybercriminals to amplify the scale and efficiency of attacks. APJ ranks as the second-most targeted region globally for malicious bot requests against financial services, accounting for 39.7% of all such requests worldwide. Cybercriminals employ these bots for activities such as website scraping, phishing scams, and credential stuffing, indicating that they continually adapt their techniques to target financial service consumers for maximum returns.

Additional findings from the report include:

• Web application and APIs remain the preferred attack vectors in APJ, with the finance sector accounting for half of these attacks, followed by commerce (19.99 percent) and social media (8.3 percent).
• Australia, Singapore, and Japan are the top three most targeted countries in APJ, collectively experiencing over 75 percent of web application and API attacks.
• Local File Inclusion (LFI) remains the predominant attack vector at 63.2 percent, followed by Cross-Site Scripting (XSS) at 21.3 percent and PHP Injection (PHPi) at 6.32 percent. LFI attacks exploit vulnerabilities in web server coding to execute remote code or access locally stored sensitive information.

Financial services organizations in APJ are urged to remain vigilant regarding regulatory oversight and new reporting obligations. The increasing use of third-party scripts poses challenges for compliance with the forthcoming Payment Card Industry Data Security Standard (PCI DSS) v4.0, which includes specific sections related to client-side script visibility and management. Businesses must adapt to these evolving regulatory requirements or risk fines and reputational damage.

Reuben Koh emphasizes that as innovation in the financial sector accelerates, cybercriminals will seek more sophisticated attack methods. The adoption of open banking practices and financial aggregators will expand the use of APIs and third-party scripts, further broadening the attack surface. Therefore, financial institutions must prioritize securing new digital offerings, educating customers on cybersecurity best practices, and implementing user-friendly security measures. Compliance with cybersecurity standards and regulations is essential to strengthen the security posture and resilience of financial services organizations against modern cyber threats.

Akamai’s State of the Internet report sheds light on the relentless and evolving nature of cyber threats faced by the Asia Pacific and Japan’s financial services sector. As these organizations continue to embrace innovation and expand their digital presence, the risks associated with third-party scripts and malicious bot attacks become increasingly apparent. To navigate this challenging landscape, financial institutions must prioritize cybersecurity, customer education, and regulatory compliance. By doing so, they can safeguard their operations, protect their customers, and fortify their resilience against the ever-changing landscape of modern cyber threats.