CFOtech India - Technology news for CFOs & financial decision-makers
India
Guides
#
artificial intelligence
#
data analytics
#
digital transformation
#
fintech
#
healthtech
Search
Story image
#
Malware
#
DDoS
#
Advanced Persistent Threat Protection

Study reveals rising cyber threats to financial industry

Wed, 9th Apr 2025
Author image
By Melania Watson, Interview Editor

The financial services sector is facing mounting pressure from increasingly sophisticated cyber threats, according to new research by cybersecurity firm Radware. In its 2024 study, the company analysed over 26,000 threads across 46 deep-web hacker forums, uncovering a range of emerging threats and tactics used by cybercriminals.

A key finding of the study is the rapid growth of what Radware terms the "infostealer economy." The company observed frequent daily mentions of "infostealer-as-a-service" tools, indicating a thriving underground market. "On average, we observed 3-4 daily mentions of unique 'infostealer-as-a-service' across each monitored deep web forum," the research team said.

According to Radware, this ecosystem splits into two main components: 56% of mentions relate to paid services, while 44% involve free distribution of breached credentials. These are often shared to boost the reputation of sellers in cybercrime communities.

The study also highlighted the features commonly offered by info-stealer developers. "As threat actors' toolsets get more sophisticated each year, it affects how they decide what tools to produce," the report said. Developers now aim for high compatibility with other hacking tools, as well as modularity.

This modular approach allows cybercriminals to customise tools for specific purposes. "By providing plug-ins and modules, threat actors can tailor their stealer offerings to meet the specific needs of their customers," the report found.

Radware noted a distinction between offerings aimed at individual hackers and those designed for advanced persistent threat (APT) groups. "Infostealer developers offer APT groups dedicated features for their primary targets, which are corporate accounts," the research stated. One such tool, Mystic Stealer, was highlighted for its Outlook password-stealing feature—tailored to exploit commonly used enterprise software.

Another concerning development is the rise of credential-as-a-service (CaaS) platforms. These subscription-based services provide customers with access to fresh sets of stolen credentials, often sorted by industry and geography. "One prominent service, Combo Cloud, saw a 46% increase in mentions between 2022 and 2024," Radware said. At the same time, the number of credentials shared in plain text dropped by 22%, suggesting a move toward more sophisticated distribution methods.

The study also documented what it called the "OTP bot revolution." These bots—operated via Telegram—enable attackers to bypass two-factor authentication (2FA) using automated social engineering techniques. After acquiring login credentials through credential stuffing, attackers use OTP bots to trick victims into disclosing their one-time passwords.

"The OTP bot, using pre-recorded or AI-generated voice calls and SMS messages, impersonates a legitimate entity," Radware explained. "Victims receive urgent requests to provide the OTP sent to their device, often under the guise of fraud prevention or account verification."

Once the code is obtained, attackers can lock victims out of their accounts. "They then change the password and the 2FA phone number in the account and thus lock out the actual account holder without a chance to reset the password," the study reported.

Radware identified 38 OTP bot services currently active, with prices ranging from $10 to $50 per attack. These services have seen a 31% increase in mentions over the past year, with 1,354 references documented during the study period.

The report describes this trend as a "sophisticated evolution in social engineering attacks," with automation enabling broader and harder-to-detect operations.

DDoS-as-a-service also continues to evolve. Radware observed that "virtually anyone with access to Telegram and $50 can launch attacks generating up to 35,000 requests per second from a mobile device." A notable new entrant, "Stressed Cat," was documented in May 2024 and features AI-based captcha-solving capabilities.

"Unlike traditional DDoS tools that attempt to bypass captchas, this new generation employs AI to solve them," the report said, adding that this allows for more efficient attacks and better evasion of detection systems.

In concluding its findings, Radware warned that the decentralisation of cybercrime is complicating efforts to track and stop malicious activity. "The decentralization of cybercrime has reached new heights," the research noted. "This separation of roles makes attribution and law enforcement intervention increasingly challenging."

The report urges cybersecurity professionals to adapt their approach. "They need to shift from a defender mindset—focused on searching for potential threats in their logs—to a proactive offensive perspective that heavily relies on external cyber threat intelligence gathered from deep and dark web platforms," Radware concluded.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Capgemini & Google Cloud unite for AI customer solutions
Deloitte boosts AI offerings with Google Cloud alliance
AI founders earn higher salaries despite industry downturn
Google Cloud & UWM partner to revolutionise mortgages
Financial services face ethical challenges, report reveals
Top stories
Fast moves, big change: Google Cloud on AI enabling business
EcoOnline wins top product award for sustainability tool
Money20/20 launches global fintech awards programme
Forrester report advises leaders on tackling economic shocks
OpenText launches Project Titanium X with CE 25.2 update