{"id":34880,"date":"2026-07-13T20:43:33","date_gmt":"2026-07-13T15:13:33","guid":{"rendered":"https:\/\/banitoday.com\/six-of-seven-cyber-threats-flagged-last-year-now-operational-bfsi-report-india-news\/"},"modified":"2026-07-13T20:43:33","modified_gmt":"2026-07-13T15:13:33","slug":"six-of-seven-cyber-threats-flagged-last-year-now-operational-bfsi-report-india-news","status":"publish","type":"post","link":"https:\/\/banitoday.com\/hi\/six-of-seven-cyber-threats-flagged-last-year-now-operational-bfsi-report-india-news\/","title":{"rendered":"Six of seven cyber threats flagged last year now operational: BFSI report | India News"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<div class=\"e9jwa\">\n<div class=\"vdo_embedd\">\n<div class=\"GfdvZ\">\n<section class=\"_bIDB  clearfix id-r-component leadmedia undefined undefined  E9tg9 \" style=\"top:0px\">\n<div class=\"_bIDB\" data-ua-type=\"1\" onclick=\"stpPgtnAndPrvntDefault(event)\">\n<div class=\"ypVvZ\">\n<div class=\"WGttI\"><img src=\"https:\/\/static.toiimg.com\/thumb\/msid-132368317,imgsize-167402,width-400,height-225,resizemode-4\/132368317.jpg\" alt=\"Six of seven cyber threats flagged last year now operational: BFSI report\" title=\".\" decoding=\"async\" fetchpriority=\"high\"\/><\/div>\n<\/div>\n<\/div>\n<\/section>\n<\/div><\/div>\n<\/div>\n<p>NEW DELHI: Six of the seven emerging cyber threats predicted for banks and financial institutions barely a year ago have already reached full-scale realisation, with artificial intelligence, stolen identities and manipulated payment workflows enabling attacks that increasingly resemble legitimate activity, India\u2019s second Digital Threat Report for the BFSI sector has warned.<span class=\"id-r-component br\" data-pos=\"2\"\/>The Digital Threat Report 2025-26, released by electronics and IT secretary S Krishnan, says the traditional progression of a cyber threat \u2014 from research and experimentation to large-scale exploitation \u2014 is breaking down. Threats are now being operationalised in months or even weeks, allowing attackers to innovate, scale and monetise faster than many financial institutions can respond.<span class=\"id-r-component br\" data-pos=\"4\"\/>The report, prepared jointly by CERT-In, CSIRT-Fin and cybersecurity firm SISA, says social engineering, credential theft, supply-chain compromise and cloud exploitation, which were considered emerging or episodic risks in the previous edition, are now established attack methods. <!-- -->Only quantum risk among the seven predictions has not reached full-scale realisation, though \u201charvest now, decrypt later\u201d strategies are already active.<span class=\"id-r-component br\" data-pos=\"9\"\/>Its central concern is that the most damaging cyberattacks may no longer look like breaches. They can surface as authenticated user sessions, approved payments, routine account activity, compromised vendor actions or apparently normal business workflows, remaining indistinguishable from genuine transactions until the damage has occurred.<span class=\"id-r-component br\" data-pos=\"12\"\/>The report groups the evolving risks into three broad clusters \u2014 AI and human deception, software and systems, and infrastructure and economy.<span class=\"id-r-component br\" data-pos=\"14\"\/>Under AI and human deception, it flags industrial-scale deepfakes, synthetic identities, AI-generated phishing, business email compromise, credential theft and session hijacking. It says attackers are no longer crafting scams manually but generating, testing and deploying them at machine speed, weakening identity checks that depend on what a person sees or hears.<span class=\"id-r-component br\" data-pos=\"17\"\/>The report also identifies \u201cAI asymmetry\u201d as a defining risk, warning that capabilities such as vulnerability discovery, exploit generation and attack orchestration, which earlier required specialist teams and weeks of work, are increasingly available to comparatively low-resource actors. At the same time, AI models used for credit, fraud detection, KYC and onboarding are themselves becoming attack surfaces through prompt injection, model probing and adversarial manipulation.<span class=\"id-r-component br\" data-pos=\"20\"\/>\u201cCybersecurity is one of the most important concerns that we have to address if we have to preserve all the benefits that we have derived from digitisation,\u201d Krishnan said. He said attacks could affect individuals through cybercrime, cripple organisations through ransomware and, at their highest level, create national-scale disruption.<span class=\"id-r-component br\" data-pos=\"22\"\/>\u201cWe have to treat cybersecurity as an enterprise-wide systemic risk against which institutions need to constantly guard,\u201d he said, adding that digital governance, including AI governance, must give primacy to cybersecurity and operational resilience. <!-- -->Krishnan also stressed the need to build domestic technological capacity, strengthen identity and account access systems, and use AI more effectively to enable defenders to act faster.<span class=\"id-r-component br\" data-pos=\"26\"\/>On software and systems, the report warns of supply-chain compromise, poisoned software dependencies, cloud misconfigurations, insecure development pipelines and the manipulation of payment and API business logic. It says attacks can exploit OTP race conditions, parallel transaction triggering, object-level authorisation failures and exception pathways without using malware or breaching a network perimeter.<span class=\"id-r-component br\" data-pos=\"29\"\/>The third cluster covers systemic risks to financial infrastructure, including ransomware, crypto-enabled monetisation, firmware and IoT compromise, and long-term threats to encrypted data from quantum computing.<span class=\"id-r-component br\" data-pos=\"31\"\/>A major finding is what the report calls the \u201ccompliance-security translation gap\u201d. Institutions may pass periodic assessments while remaining exposed because controls drift from their original intent, cover only part of the actual attack surface or fail to keep pace with cloud, AI, container and machine-identity risks.<span class=\"id-r-component br\" data-pos=\"34\"\/>To explain how breaches escalate, the report introduces a four-layer \u201cAnatomy of Cyber Failure\u201d framework covering design, enforcement, signal and response gaps. It identifies four recurring failure chains \u2014 trusted entry breaches, privilege escalation, logic abuse and invisible attacks operating beyond an institution\u2019s telemetry.<span class=\"id-r-component br\" data-pos=\"37\"\/>The report lays out an 18-month roadmap. During the first six months, institutions should deploy phishing-resistant authentication for high-risk accounts, identify service and machine identities, test payment workflows against adversarial manipulation, strengthen secrets and encryption-key management, and automate incident containment.<span class=\"id-r-component br\" data-pos=\"40\"\/>Over six to 12 months, they should introduce continuous session assurance, behavioural transaction monitoring, cloud identity controls, runtime software validation and quarterly post-audit attack simulations. The final phase calls for passwordless privileged access, controls over AI-model and training-data supply chains, stronger oversight of vendors\u2019 vendors, runtime integrity attestation and post-quantum cryptography migration planning.<span class=\"id-r-component br\" data-pos=\"42\"\/>The report\u2019s message is that financial institutions must move from periodically proving that security controls exist to continuously proving that they work under real attack conditions.<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/timesofindia.indiatimes.com\/india\/six-of-seven-cyber-threats-flagged-last-year-now-operational-bfsi-report\/articleshow\/132368208.cms\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>NEW DELHI: Six of the seven emerging cyber threats predicted for banks and financial institutions barely a year ago have already reached full-scale realisation, with artificial intelligence, stolen identities and manipulated payment workflows enabling attacks that increasingly resemble legitimate activity, India\u2019s second Digital Threat Report for the BFSI sector has warned.The Digital Threat Report 2025-26, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":34881,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[133],"tags":[],"class_list":["post-34880","post","type-post","status-publish","format-standard","has-post-thumbnail","category-country"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/banitoday.com\/hi\/wp-json\/wp\/v2\/posts\/34880","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/banitoday.com\/hi\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/banitoday.com\/hi\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/banitoday.com\/hi\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/banitoday.com\/hi\/wp-json\/wp\/v2\/comments?post=34880"}],"version-history":[{"count":0,"href":"https:\/\/banitoday.com\/hi\/wp-json\/wp\/v2\/posts\/34880\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/banitoday.com\/hi\/wp-json\/wp\/v2\/media\/34881"}],"wp:attachment":[{"href":"https:\/\/banitoday.com\/hi\/wp-json\/wp\/v2\/media?parent=34880"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/banitoday.com\/hi\/wp-json\/wp\/v2\/categories?post=34880"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/banitoday.com\/hi\/wp-json\/wp\/v2\/tags?post=34880"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}