Top US Cybersecurity Trends Brokers Need to Know

Between December 2022 and February 2023, there were 12 cyber-attacks per minute across the world, according to Blackberry’s Global Threat Intelligence Report. And that is only the tip of the iceberg. The report goes on to say that the number of unique attacks that used new malware increased by 50% and that the US continues to witness the highest number of attacks globally. Why should this bother brokers? Well, 67% of financial institutions globally reported increased cyber-attacks through 2022. Wait. There’s more:

• 26% of finance firms faced a “destructive attack.”
• 79% of finance CISOs said threat actors were using increasingly sophisticated methods.
• 47% of financial institutions said wire transfer fraud had increased.

As a broker, you might already be aware of the malware, phishing, trojan and data breach threats. But are you equipped to handle the pace at which threat actors are using the latest technology to penetrate your defences?

Cybercriminals Use Artificial Intelligence

Brokers are well aware of the benefits of AI for their clients. Automated trading, support and even personalised market news are being facilitated by AI/ML. On the flip side, cybercriminals are using the power of AI to refine their attacks and make them more effective. In fact, these malicious elements have always been early adopters of the latest tech.

Did you know they are already using AI to guess passwords, break CAPTCHA and clone voices? And you thought fintech was the most innovative sector! CAPTCHAs, used by most websites to check whether a user is human, were being broken with the use of machine learning as far back as 2020, according to Europol.

Europol also identified the use of AI to craft fraudulent emails that could evade spam filters and bypass automated defences that safeguard IT systems.

In addition, research shows that malware uses an approach similar to antivirus software, deploying AI to identify weak spots in a security system’s malware detection algorithm.

Refining Social Engineering

Social engineering attacks attempt to manipulate a user’s behaviour. They accounted for the highest number of cyber-attacks in 2022. Through social engineering, threat actors attempt to identify the motivators of a user’s actions, which they then use to manipulate and deceive the user into revealing sensitive information.

Such hackers also capitalise on people’s lack of knowledge regarding potential threats, such as drive-by downloads or the value of their personal data. Here too, artificial intelligence plays a key role in tricking users into clicking on fraudulent links or divulging sensitive information.

AI is used to first gather information on potential targets, including their social media profiles and user photos across different platforms. These criminals even use fake images, video and audio to deceive their targets into believing that they are interacting with someone trustworthy.

What is frightening is that hackers need only a 5-second voice recording to clone a user’s voice to gain access to financial services. Deep video fakes are being used to make the target’s face appear to gain access to sensitive IT systems and even appear for remote IT job interviews, according to the FBI.

ChatGPT is the Latest Tool

Experts say that AI-based content generation tools, like ChatGPT, are allowing cybercriminals to launch attacks at a much larger scale than ever before. Using the large language models offered by tools like ChatGPT 4, these malicious actors generate realistic text and other types of outputs to mimic human writing or create chatbots to confuse targets.

AI is allowing criminals to analyse vast amounts of data to identify vulnerabilities and potential targets. AI content generation tools are helping them to overcome the tell-tale signs of scam and phishing emails, such as grammatical errors and poorly worded sentences. Even business emails are being compromised with messages created by ChatGPT.

Checkpoint Research has also pointed out how ChatGPT can be deployed to write malware codes and encryption algorithms to encrypt files in a directory.

Fighting Fire with Fire

Only when we understand how AI can enhance the scale and sophistication of cyberattacks can we use the same tools to fight cybercrime. Apart from ensuring cybersecurity best practices, brokers need to use AI-powered tools to safeguard themselves and their traders against future attacks.

Some examples of using AI for protection are:

• Using phishing-resistant multifactor authentication and zero-trust to identify fraud and minimise the risk of account takeovers.
• Using endpoint security tools, powered by AI/ML and natural language processing, to detect threats, and classify and co-relate security signals.
• Patching applications, devices used for internet access and software to prevent AI-based attacks from identifying loopholes.

The good news is that AI can potentially boost threat detection by up to a whopping 95%. AI/ML can be used to identify abnormalities in user activity to stop cyber-attacks in real-time without impacting a broker’s day-to-day operations.

The only way to protect your brokerage against AI-powered cyber threats is to use the same technology to stop cybercriminals in their tracks. Failing to do so can not only cost you in terms of financial losses, but also in degradation of trust and reputational damage. And in a sector that relies heavily on their client’s trust, especially with their funds, security is a no-brainer.