Weekly Operational Risk News Update
The RiskSpotlight Portal is the world's first forward-looking operational risk content service, providing financial service organisations with comprehensive insights into emerging risks, best practices, regulatory updates, and external loss events. By leveraging daily updates from global risk news sources, it enables proactive risk management and informed decision-making across various organisational roles.
Here are some highlights of the emerging operational risks and loss events from the last week taken from the Portal. This is just a glimpse of the detailed analysis and insight available in the Portal. To find out more go to RiskSpotlight-Portal – RiskSpotlight
Emerging Operational Risk Topics
Microsoft 365 Botnet Attack Exploits MFA Weaknesses
A SecurityScorecard report has revealed a large-scale botnet operation that exploits Microsoft 365's non-interactive sign-ins to conduct password spraying attacks. Over 130,000 compromised devices have been used to bypass multi factor authentication (MFA), allowing attackers to take over accounts, disrupt businesses, and move laterally across networks. Financial institutions relying on Microsoft 365 must reassess their authentication strategies, as non-interactive logins don’t trigger the same security alerts as traditional logins. Experts recommend organisations restrict these logins using conditional access policies, enforce stricter credential management, and adopt continuous monitoring to detect these attacks before they escalate.
Cybercriminals Exploit Vulnerabilities Faster Than Ever
The SonicWall Annual Cyber Threat Report highlights a troubling trend—cybercriminals are now exploiting vulnerabilities within 48 hours of discovery, with 61% using new exploit code almost immediately. The report also reveals alarming cybercrime statistics: ransomware surged across North and Latin America, IoT attacks increased by 124%, and business email compromise (BEC) incidents accounted for 33% of cyber insurance claims, up from 9% in 2023. Attackers are increasingly using AI-powered automation to enhance phishing and malware techniques, making detection more difficult. To mitigate these risks, organisations are advised to adopt a multi-layered cybersecurity strategy, focus on real-time patching, implement zero-trust security models, and maintain round-the clock threat monitoring.
Ransomware Gangs Prioritise Data Theft Over Encryption
The ReliaQuest Annual Cyber Threat Report reveals a major shift in ransomware tactics, with 80% of ransomware attacks in the past year focusing solely on data exfiltration rather than encryption. This method is 34% faster, allowing attackers to steal sensitive data and demand ransom payments without disrupting operations. One critical weakness identified in security defences is service accounts, which were compromised in 85% of breaches. These accounts, often overlooked but highly privileged, provide an easy entry point for attackers.
API Security Incidents Surge as Threats Intensify
APIs, the backbone of modern digital finance, are increasingly targeted by cybercriminals, as highlighted in the Salt Security Q1 2025 State of API Security Report. The report found that 99% of organisations experienced API related security incidents in the past year, with some firms seeing over 100% growth in API usage but failing to match this with adequate security measures. 95% of attacks originated from authenticated users, indicating that compromised credentials pose a major risk. Key vulnerabilities include security misconfigurations, broken object level authorisation, and authentication failures. Additionally, the rise of generative AI has introduced new security challenges, with one-third of organisations admitting they lack confidence in detecting AI-driven API attacks. Experts recommend real-time monitoring, stricter access controls, and AI-driven security solutions to mitigate these risks.
Deepfake Fraud Skyrockets in Financial Sector
The Signicat report, The Battle Against AI-Driven Identity Fraud, has revealed a 2,137% increase in deepfake-related fraud incidents over the past three years, making it one of the top three methods of identity fraud in the financial sector. Fraudsters primarily use deepfakes in presentation attacks, where they mimic real individuals using AI-generated visuals, and injection attacks, where malware manipulates identity verification systems. Despite this surge, only 22% of financial institutions have adopted AI powered fraud detection tools, leaving them vulnerable to evolving threats. Experts urge financial firms to combine AI, biometrics, and robust identity verification methods to combat deepfake fraud.
AI-Powered Phishing Attacks Escalate
Phishing remains the most common initial attack vector, with Kroll’s latest threat intelligence update confirming its dominance in 2024 and likely into 2025. Attackers are now enhancing phishing with social engineering techniques, including AI-powered CEO voice cloning and targeted help-desk impersonation. A financially motivated cybercriminal group, EncryptHub, has escalated these tactics by directly calling employees while impersonating IT staff, tricking them into entering credentials on fake login pages. With over 618 victim organisations, their methods have led to widespread ransomware deployments. Meanwhile, phishing as-a-service platforms are enabling even less-skilled attackers to launch highly sophisticated campaigns. To counter these threats, businesses should strengthen email security, implement phishing-resistant authentication, and improve help-desk verification policies.
ECB Updates TIBER-EU Framework for Cyber Resilience
The European Central Bank (ECB) has updated its TIBER-EU framework to align with the Digital Operational Resilience Act (DORA), enhancing penetration testing standards for financial institutions. These updates mandate purple-teaming exercises, improve service provider assessments, and refine implementation guidelines to strengthen cyber resilience across the EU financial sector. The ECB’s new guidance aims to create a consistent, secure, and controlled approach to resilience testing, ensuring financial institutions are better prepared against cyber threats.
India’s Call Merging Scam Drains Victims’ Bank Accounts
The National Payments Corporation of India (NPCI) has issued an urgent warning about a rapidly growing fraud scheme known as the Call Merging Scam. Fraudsters trick victims into merging a call with an automated one-time password (OTP) request from their bank, unknowingly revealing their OTPs to attackers. This allows scammers to drain victims' bank accounts in real-time. The NPCI advises individuals to avoid merging calls from unknown numbers, never share OTPs over the phone, and report unauthorised transactions immediately. Banks are encouraged to educate customers, emphasising that bank representatives will never request OTPs, and work with telecom providers to block fraud-linked numbers
Key Operational Risk Loss Events Update
ECB Payment System Outage Disrupts Transactions
The European Central Bank (ECB) suffered a major breakdown in its Target 2 payment system, disrupting trillions of euros in daily transactions. A hardware defect caused the outage, leaving banks struggling to process payments for about seven hours. Firms, consumers, and investors faced significant disruptions, highlighting the critical role of robust infrastructure resilience in financial institutions.
OKX Crypto Exchange Fined $504 Million for AML Violations
OKX, one of the world’s largest cryptocurrency exchanges, has agreed to pay over $504 million in fines for anti-money laundering (AML) violations. The U.S. Department of Justice found that OKX facilitated over $5 billion in suspicious transactions, allowing U.S. customers to trade despite restrictions. This enforcement action signals increased regulatory scrutiny on crypto exchanges, urging firms to enhance compliance measures.
North Korean Hackers Steal $1.5 Billion in Crypto Heist
The FBI has confirmed that North Korea-linked Lazarus Group orchestrated a $1.5 billion crypto heist from Dubai-based exchange Bybit, potentially marking the largest cryptocurrency theft in history. The attackers, known as TraderTraitor, are rapidly laundering stolen assets across multiple blockchains, demonstrating the ongoing threat of state-sponsored cybercrime in the digital currency space.
ASIC Investigates ANZ Group Over Bond Trading Practices
The Australian Securities and Investments Commission (ASIC) is conducting a complex investigation into ANZ Group Holdings Ltd’s bond trading activities, with Chair Joe Longo calling it one of their most intricate market investigations. The probe focuses on potential manipulation during a 2023 Treasury bond sale and is expected to conclude by mid-2025.
Weekly Round Up of RiskSpotlight’s Posts
World's First Microsoft Copilot Course For Risk & Compliance Professionals Starts Today
I had a great strategy call with RiskSpotlight Manoj Kulwal to discuss their latest advancements in #operationalriskintelligence for financial services firms.
Save 70% of time and effort in drafting new policies by utilising Microsoft Copilot
Want to improve the quality of risk & compliance training and reduce the development costs by 50%?
AI Practice
At RiskSpotlight, we are leveraging AI-driven insights to revolutionise operational risk management for financial services firms. Through our AI practice, we help organisations integrate Generative AI into their operational risk management processes—boosting productivity, enhancing risk insights, and strengthening control environments. With AI transforming risk management, organisations cannot afford to fall behind in this area.
If you’d like to explore how our expertise in this area could benefit your organisation, please contact us via AI Practice – AI Practice – RiskSpotlight
RiskSpotlight hosted a webinar with the leading industry expert, Michael Rasmussen, on?"AI Governance & Risk Management". Michael shared insights on how financial services firms should approach governance of AI adoption and embed the management of AI risks in existing frameworks & processes. If you were unable to attend, you can view the recording and slides of the webinar from here - https://lnkd.in/gZiXFxKZ
Training Courses
Take your risk and compliance expertise to the next level with our Mastering Microsoft Copilot: AI for Risk & Compliance Professionals course. This hands-on course equips financial services professionals with AI-driven tools to enhance efficiency, improve productivity, and deliver superior outcomes in risk and compliance management. Learn how to leverage the power of Copilot to streamline tasks and stay ahead in your career.
Why Attend?
Course Date
OpRisk Pulse
RiskSpotlight has launched a new feature to its Portal to ensure subscribers are kept up to date with the very latest of emerging risks.
In today’s fast-moving world, missing a critical risk update could mean the difference between proactive prevention and costly consequences. That’s why we’re excited to launch OpRisk Pulse—a game-changing new feature of the RiskSpotlight Portal that keeps you ahead of emerging threats ASAP!
Portal Subscribers Recieve:
?? Instant Email Alerts –The moment a critical risk trend emerges, our subscribers receive a concise, insightful alert to ensure they’re always in the know.
?? Actionable Guidance – Each update includes an executive summary and expert-backed recommendations to help subscribers respond effectively and mitigate risks before they escalate.
OpRisk Pulse delivers the very latest evolving intelligence:
?? Emerging operational risks that could impact financial institutions
?? Significant shifts in risk exposure trends
?? New best practices and controls for mitigating key risks
?? Major external loss events that provide critical learning opportunities
For further information on the RiskSpotlight Portal please contact us via LinkedIn or go to RiskSpotlight
Connect with us
We are not here just to sell but to add value to your Operational Risk journey.
We hope you find this newsletter informative. If so, please subscribe to receive weekly. Also follow RiskSpotlight’s LinkedIn page for further valuable operational risk content https://www.dhirubhai.net/company/riskspotlight-limited/
For further information regarding RiskSpotlight’s services visit our website RiskSpotlight
RiskSpotlight Portal
Are you and your team finding it challenging to stay on top of emerging risks?
If so, why not take a no-obligation trial of RiskSpotlight’s Portal—the first operational risk intelligence service designed to help you proactively navigate future risks.? This newsletter is produced from our news portal and represents a fraction of the content available.
RiskSpotlight is one of very few companies that specialises in tracking, monitoring, and analysing 'emerging' operational risks for financial services firms. While other providers/tools provide historical insights, RiskSpotlight takes a forward-looking approach identifying threats early, therefore saving your team valuable time and money. Our emerging risk data, which is analysed by our OpRisk team daily, is independent, global and backed by OpRisk expertise and thought leadership in this field.
The RiskSpotlight Portal is more than just an information hub—it’s a strategic planning tool. Our ranking of emerging operational risks is backed by data and OpRisk expertise from the RiskSpotlight team, ensuring that the insights provided are not just data-driven but contextually relevant to financial services firms. By leveraging RiskSpotlight’s expert-curated risk rankings and trend analysis, Operational Risk teams can make smarter, data-backed decisions—ensuring that limited resources are deployed where they will have the greatest impact.
Key benefits include:
??Forward-Looking Risk Intelligence: A future-oriented approach that identifies emerging operational and technology threats before they materialise, unlike other platforms focused just on past risks and loss events.
??Continuous Horizon Scanning: Real-time insights on industry best practices, regulatory updates, and major external events impacting risk landscapes.
??Monthly Deep Dives: In-depth, subscriber-driven analyses on critical, evolving topics to keep you updated on high-impact risks.
??OpRisk Radar Dashboard: A real-time, visual tool for identifying and prioritising emerging risks. Content is updated daily.
??Comprehensive Risk Libraries: Organised resources covering 126 core risks, detailed scenarios, and over 60,000 curated articles for broad risk research.
??Value-Focused, Competitive Pricing: More content and value per pound than competitors, making it an affordable choice for robust risk management resources for all sized businesses.
To request a demo please contact [email protected], contact RiskSpotlight via LinkedIn or visit our website RiskSpotlight-Portal – RiskSpotlight
Disclaimer:
The content provided in this newsletter is intended for informational purposes only and reflects the best efforts of RiskSpotlight to deliver accurate and relevant information. However, as this content may include insights generated or assisted by AI, we cannot guarantee the absence of errors or omissions.