Generative artificial intelligence (GenAI) is attracting much interest from the financial services industry, which is enthusiastically looking into the technology’s possible use cases to enhance operations and processes.

But while offering exciting opportunities in the business, GenAI is also raising concerns in terms of the cyber threats that it can pose, according to a new report.

The Financial Services Information Sharing and Analysis Centre (FS-ISAC), a not-for-profit organization that seeks to advance cybersecurity and resilience in the global financial system, says adversarial usage of GenAI primarily relates to the creation of convincing phishing lures at scale.

Threat actors can write malware and more skilled cybercriminals could exfiltrate information from or inject contaminated data into the large language models (LLMs) that train GenAI. The use of corrupted GenAI outputs can expose financial institutions to severe legal, reputational, or operational consequences, the FS-ISAC says in its annual Global Intelligence Office report, Navigating Cyber 2024.

“Not all AI risks are malicious. The LLMs that train GenAI typically use enormous datasets leveraging publicly available sources, which can contain privileged information (such as credit card numbers), or biased data,” the report says. “Using such outputs irresponsibly – or unethically – can cost financial firms the trust of regulators, consumers, and investors.”

The FS-ISAC AI Risk Working Group has published six white papers on the risks and opportunities associated with GenAI to help industry practitioners customize controls and mitigations at the organizational and sector level.

Rising use of ransomware

Cyberattacks are on the rise in Asia-Pacific, with ransomware leading the charge and the financial sector emerging as the fourth most targeted in the region, according to the report.

The number of attacks in the region rose 15% in 2023 from the previous year, or an average of 1,963 per week, the FS-ISAC says. This pattern is set to continue in 2024, mirroring global trends.

The use of ransomware has surged in frequency and severity. From January to October 2023, one in 20 APAC organizations was hit. Australia (77), India (50), and Japan (33) were the top three nations impacted. The FS-ISAC identified LockBit 3.0 as the most active ransomware operator, followed by ALPHV/ Blackcat.

The report also details the increasing sophistication of adversarial tactics, techniques, and procedures (TTPs) leveraged by threat actors, such as social engineering, poisoning of search engine optimization, malvertising, and QR code phishing.

“Each year, a new set of threats comes to light, requiring the financial services sector’s mitigation strategies to advance at an equal if not faster pace than threat actors’ tactics,” says FS-ISAC chief executive officer Steven Silberstein. “As we look ahead to a critical year marked by emerging technology and heightened geopolitical tensions, the best way to maintain the integrity, security, and trust of the sector is through global information sharing.”

Teresa Walsh, chief intelligence officer and managing director, EMEA, of FS-ISAC, adds: “Threat actors will exploit vulnerabilities in critical infrastructure and will leverage any tool available to destroy trust in the security of our systems. The financial services sector operates in a cyber landscape that is endlessly dynamic, as cybercrime and fraud converge, and emerging technologies create additional opportunities for exposure.

“In order to maintain trust in the sector, companies must prioritize proactive cyber hygiene to ensure operational resilience in the face of an attack.”