Agency News

Business News | Trust-based Cyberattacks Replacing Traditional Hacking as Biggest Threat to Financial Institutions: Report

Get latest articles and stories on Business at LatestLY. Cyber threats targeting financial institutions are rapidly shifting from traditional hacking to trust-based attacks, with cybercriminals increasingly exploiting digital identities, artificial intelligence (AI), payment systems and third-party ecosystems instead of directly targeting passwords or transactions, according to the Digital Threat Report 2025-26

Business News | Trust-based Cyberattacks Replacing Traditional Hacking as Biggest Threat to Financial Institutions: Report
Representative Image (File Photo/Reuters)

New Delhi [India], July 13 (ANI): Cyber threats targeting financial institutions are rapidly shifting from traditional hacking to trust-based attacks, with cybercriminals increasingly exploiting digital identities, artificial intelligence (AI), payment systems and third-party ecosystems instead of directly targeting passwords or transactions, according to the Digital Threat Report 2025-26 released by the Indian Computer Emergency Response Team (CERT-In), the Computer Security Incident Response Team in Finance (CSIRT-Fin) and SISA.

The report said attackers are now manipulating trust across biometric onboarding, partner applications, AI-based decision-making and real-time payments, creating a new threat model for the banking, financial services and insurance (BFSI) sector.

Also Read | Hair Loss, Confidence and Regenerative Care: What to Know Before PRP, Exosomes and Stem Cell Claims.

It stated, "Modern financial attacks are moving from direct compromise to trust-chain manipulation across biometric onboarding, partner apps, AI decisioning, real-time payments, APIs, programmable finance, and third-party ecosystems."

According to the report, attacks are no longer limited to compromising credentials or individual transactions. Instead, they are now embedded across identity systems, AI, APIs, payment logic and supply chains, where no single institution has complete visibility over the risks.

Also Read | Viral Video Shows Russian Anti-Drone Drill Go Wrong As Soldier Is Flung From Machine Gun.

The report noted that six of the seven forward-looking predictions made in the previous edition have already been fully realised, indicating that cyber threats are evolving much faster than many institutional control systems were designed to handle.

It said deepfake impersonation has now become industrialised, with real-time executive video deepfakes, adversarial large language models (LLMs) and polymorphic attack variants increasingly being used by attackers.

The report also highlighted that social engineering and Business Email Compromise (BEC) attacks have intensified, while credential theft and session hijacking have become the dominant methods used to gain initial access into systems.

According to the report, cyberattacks are no longer manually crafted but are now generated, refined and deployed at machine speed.

It added that phishing attacks have become context-aware and are now almost indistinguishable from legitimate communications, making the BFSI sector the most targeted industry.

To address these risks, the report recommended making active liveness detection the standard for digital onboarding and adopting continuous session assurance using behavioural biometrics, device posture monitoring and token binding for high-privilege sessions.

It also recommended extending identity governance beyond human users to include service accounts, machine identities and agentic AI, while enabling cross-database identity verification for high-assurance account openings wherever legally feasible.

The report said the biggest challenge is not simply the increase in cyber threats, but the fact that the foundations on which financial institutions have traditionally managed digital trust are being fundamentally rewritten.

It stressed that cybersecurity can no longer rely only on adding more tools to existing systems. Instead, financial institutions need to move from static controls to continuous assurance, from isolated defence to ecosystem-wide trust, and from prevention alone to operational resilience. (ANI)

(The above story is verified and authored by ANI staff, ANI is South Asia's leading multimedia news agency with over 100 bureaus in India, South Asia and across the globe. ANI brings the latest news on Politics and Current Affairs in India & around the World, Sports, Health, Fitness, Entertainment, & News. The views appearing in the above post do not reflect the opinions of LatestLY)