Posts Tagged :

research

AI-enhanced malicious attacks and soft ransomware targets front of mind for risk execs
By:

Concern about artificial intelligence (AI)-enhanced malicious attacks have again topped Gartner’s emerging risk rankings in the second quarter of 2024, while new concerns regarding soft ransomware targets are also coming to the forefront of enterprise risks.

“Similar to AI-enhanced malicious attacks, soft ransomware targets require minimal experience and cost to cause significant financial and reputational damage,” said Gamika Takkar, director, research in the Gartner Risk & Audit Practice.

During the second quarter of 2024, Gartner surveyed 274 senior risk executives and managers to document and compare emerging risks, which are those that hold higher uncertainty because their evolution is rapid, nonlinear, or both.

Three of the top five most cited emerging risks are in the technology category (see Table 1) and new concern regarding soft ransomware targets enter the tracker for the first time. Escalating political polarization, which first entered the tracker in 4Q23, held steady as the third most cited concern, while misaligned organizational talent profile moved up from the fifth to fourth most cited risk.

Table 1: Top Five Most Commonly Cited Emerging Risks in Q2 2024
[Image Alt Text for SEO]

Source: Gartner (JULY, 2024)

Causes of Soft Ransomware Targets

Soft ransomware targets include the types of systems that may be especially vulnerable to ransomware due to underinvestment or technical debt, leading to longer disruptions in business operations when attacks occur. The ease of carrying out such attacks, via what’s known as ransomware-as-a-service (RaaS), allows cybercriminals with even minimal experience and technical skill to deploy attacks at low cost.

“Ransomware-as-a-service lowers the barrier to entry for inexperienced cybercriminals who know just enough about how to attack and disrupt business operations, creating worse impacts than usual when attacks occur,” said Takkar.

Potential Consequences to Mitigate

The potential impacts of soft ransomware targets range from operational disruptions and delay of services, to increased exposure to multi-extortion (e.g., ransom demand follows threats of selling, publishing or permanently deleting data), to increased financial burden in the form of direct and indirect costs. Direct costs include ransoms, remediation, litigation, and public relations, while indirect costs, such as reputational damage and loss of intellectual property, also create burden on the organization.

“While operational disruption and increased costs are dire consequences of soft ransomware targets, the exposure to extortion can impact not just the organization itself, but any and all associated third-parties as well, further underscoring the importance of understanding and preventing such risk,” said Takkar.

Research points to Business Email Compromise as new frontier in AI-powered fraud
By:

A report has highlighted the ingenuity of cyber criminals in using AI to evade detection and maliciously scam individuals and enterprises, analysing 1.8 billion emails globally and detecting 226.45 million spam emails and 16.91 million malicious URLs to identify the email threat trends that impact enterprises the most. 

VIPRE Security Group’s Q2 2024 Email Threat Trends Report says BEC remains a major scourge. Nearly half (49%) of all detected spam emails are attributed to BEC scams, with the CEO, followed by HR and IT, being the most common targets. It takes on a more sinister complexion when a full 40% of the BEC emails uncovered were AI-generated, and in some instances, AI likely created the entire message. 

Q2 2024 saw twice as many evasive malicious attachments compared to the previous year, underlining the sophistication of modern email exploits. Entities without measures to detect these advanced threats could find themselves in hot water, facing double the risk compared to 12 months ago.

The research identified 16.91 million malicious URLs, a 74% rise from the previous year. This surge highlights the growing use of advanced evasion techniques by attackers.

Emerging trends in phishing and malspam 

Phishing remains a dominant threat with attackers favouring URL redirection and cloud-hosting services. Cloudflare Turnstile was the most commonly used technique (51%) in phishing emails. Cloudflare Turnstile is a free service designed to protect websites from malicious traffic and functions as an advanced CAPTCHA alternative. 

A significant shift in malspam tactics is observed. 86% of malspam emails used malicious links and only 14% contained attachments – a reverse of the Q1 2024 trend, where 78% of malspam emails contained malicious attachments, while only 22% used malicious links. This swing may be due to the increasing difficulty in detecting malicious links leading to seemingly legitimate websites that harbor infected links. 

Threat actors increasingly targeted the manufacturing sector with 25% of email attacks, followed by retail (which was absent from 2023’s targets) at 20% and real estate at 11%. Attackers appear to be focusing on industries perceived as lacking advanced cybersecurity measures. In 2023, finance led the way with 25% of email attacks, and manufacturing surged to 43% in Q1 2024, a top position the sector continues to hold. 

Regional spam sources 

The US continues to be the top contender when it comes to sending and receiving spam (receiving nearly half of all phishing emails), most likely thanks to its vast data center infrastructure. Consistent with last quarter, the UK was the second-largest source of spam, followed by Canada, Sweden, and Iceland; three countries that failed to make the list either last quarter or this time last year. 

“As AI technology advances, the potential for BEC attacks grows exponentially. Malefactors are now leveraging sophisticated AI algorithms to craft compelling phishing emails, mimicking the tone and style of legitimate communications,” Usman Choudhary, Chief Product and Technology Officer, VIPRE Security Group, says. “The next wave of BEC attacks could see attackers using AI to dynamically analyse and exploit real-time information, creating tailored and contextually accurate scams nearly indistinguishable from genuine correspondence. Enterprises must stay ahead by adopting robust AI-driven defenses and continuously educating their workforce on emerging threats.”

To read the full report, click here: VIPRE’s Email Threat Trends Report: Q2 2024.

Cross-border payments boom due to speed and reliability
By:

Cross-border payments are becoming increasingly important to international economies, with around 63% of global consumers using international real-time payments (RTPs) services to send money to family and friends, while 51% use them only to pay for goods and services.

That’s according to the 2024 Financial Services Consumer Survey conducted by GlobalData, which says the G20 roadmap for enhanced cross-border payments aims to improve the speed, access, transparency, and cost of international payments by 2030. In its most recent update in October 2023, the Financial Stability Board reports there is a shortfall against G20 targets in the proportion of retail services that make funds available to the consumer in an hour (42% vs target of 75%) and in one business day (76% vs target of 100%).

Benjamin Hatton, Banking and Payments Analyst at GlobalData, said: “Real-time payments have become commonplace among domestic payment services. Not only are they considered superior to traditional methods because of their speed, but these services are typically available 24/7, reduce transaction costs, and ease liquidity management for businesses. They also represent the next major step for cross-border payment services, as the volume of cross-border payments also ramps up over the coming years.”

GlobalData estimates that the total volume of cross-border transactions in Europe alone will increase by 58% between 2023 and 2028. A number of international initiatives, such as ‘Immediate Cross-Border Payments’ developed by The Clearing House in the US, EBA Clearing in Europe, and SWIFT, to create a 24/7 USD-EUR payments corridor, are in development to improve cross-border payments.

Hatton continued: “As these developments and initiatives continue, the tradeoff between the ease of creating multilateral channels and the scalability of a truly global system will get harder to overcome. The failure of pan-Nordic initiative P27 illustrates the challenge of collaborating on and executing the vision of a cross-border settlement scheme across jurisdictions. The push for digitalization of consumer payment methods will be key in driving down costs and improving transfer speeds.

“Simplicity and speed of the transfer process is the most important factors for consumers when choosing a cross-border payment provider. While progress has been tangible, there is clearly scope to improve these measures and further reap the rewards from delivering these services.”

GlobalData’s 2024 Financial Services Consumer Survey was conducted in Q2 2024 and had 61,000 respondents across 41 countries.

Photo by Clay Banks on Unsplash

Moody’s study highlights Entity Verification as critical for risk management
By:

Organisations face greater challenges to understand who they do business with amid rising risks and evolving regulations, according to a new Moody’s survey and interviews with senior risk and compliance professionals.

Moody’s study found that Entity Verification – a data-driven process that helps verify and authenticate the credentials of each entity a firm onboards or already conducts business with – is deemed essential to avoid regulatory fines and reputational damage. 

Businesses are exposed to an increasingly complex risk landscape, as underscored by new insights from Moody’s Grid risk database: 

·         Nearly 14% growth in the number of organisations and people added to sanctions watchlists in the last 14 months to June 2024 

·         Cyber-attacks are more prevalent: cyber-related risk events nearly doubled from 2022 to 2023 

·         Human trafficking is on the rise: Moody’s registered a 22% increase in human trafficking events from 2022 to 2023 

Firms are typically required by regulations across multiple jurisdictions to screen and report on such risks. Those that fail to comply can be liable to financial penalties and risk harming their reputation, which is why 64% of risk and compliance professionals cited regulatory compliance complexity as a key challenge. 

The German Supply Chain Due Diligence Act, for example, holds enterprises across the globe accountable for human rights in their supply chains, while the UK’s Economic Crime and Corporate Transparency Act makes organizations liable for failing to prevent fraud. From 2025, the scope of entities who are required to comply with the European Union’s anti-money laundering regulations will expand to include professional football clubs, crypto asset service providers, crowd funding platforms, as well as buyers and sellers of luxury goods like jewellery, jets and yachts. 

Against this backdrop, Moody’s global study found that 9 in 10 respondents rate Entity Verification as ‘essential’ or ‘important’. The value of Entity Verification is also on an upward trajectory, with 73% of businesses anticipating its importance to increase over the next two years. 

Entity Verification is predominantly used today for customer onboarding (78%), ongoing customer risk monitoring (73%) and investigations & enhanced due diligence (71%). Sales & marketing, supply chain management, crypto-currencies and gambling represent less common use cases that are quickly increasing in importance. 

However, the focus on Entity Verification is not uniform across financial and non-financial services sectors: 

Financial services:  

·         As banks seek to introduce more automation, there is a recognition of the criticality of Entity Verification as a precondition for other risk screening activities 

·         Banks cite a desire to improve customer experience and streamline onboarding 

·         The pressure to meet ever-more stringent regulations 

Non-financial services: 

·         Corporates are quick to flag supply chain complexity, and the risks from bad actors who are ever more sophisticated 

·         A heightened awareness of Entity Verification as part of a wider risk framework among unregulated, non-financial sector companies 

·         Professional Services cite the additional factor of wanting to demonstrate their Entity Verification robustness as part of their appeal to customers  

While the importance of Entity Verification is apparent to those surveyed, firms cite a myriad of data challenges, including data siloes (51%), high costs (46%), updating data in a timely manner (44%) and data inaccuracy (43%). Fewer than 1 in 10 firms described the maturity of their data governance strategy as ‘advanced’, with most (49%) at the ‘developing’ phase. Leaders in data governance are more likely to be larger firms, with a Chief Data Officer in place and priority given to this topic at board level. Of those surveyed who had a data governance strategy in place, 82% cited improved data quality and accuracy, 72% cited strengthened risk management and 70% had enhanced operational efficiency and reduced costs. 

The study also probed on the extent to which companies had achieved a ‘golden record’ – a single, accurate, and complete version of data for a specific entity – that helps decision-making and operational efficiency. However, only 1 in 10 firms claimed to have a golden record and only a small minority of respondents (14%) have fully achieved a ‘single customer view’ – a comprehensive aggregation of all the data relating to a specific customer. Firms who have fully or mostly achieved a single customer view are overwhelmingly closer to having a golden record (22%) compared to those who have partially or not achieved a golden record (1%). 

Keith Berry, General Manager, Compliance and Third-party Risk Management Solutions, at Moody’s, said: “‘Who are you doing business with?’ is a deceptively simple question that can be very complicated to answer. In today’s ever-evolving business landscape, economic and geopolitical uncertainties, stringent compliance rules, and the challenges of data management have heightened the need for robust Entity Verification practices. Our study demonstrates the growing significance of Entity Verification not only to manage financial crime and prevent fraud, but also to drive operational efficiencies and improve customer experiences.” 

Fraudulent UK banking transactions to total 38 million over next five years
By:

A study from Juniper Research asserts that the number of fraudulent banking and money transfer transactions in the UK will increase 111% over the next five years, from 4.2 million in 2024 to 8.8 million in 2029. 

Despite the UK being one of the most technologically developed FDP (Fraud Detection & Prevention) markets, it anticipates additional measures, such as AI-based real-time FDP, will be required to mitigate the growing threat of fraud.

The UK Fraud Detection & Prevention in the Banking Market 2024-2029 report predicts the UK’s upcoming PSR (Payment Systems Regulator) reimbursement regulation will significantly impact fintechs’ adoption of FDP solutions.

The regulation aims to reduce fast-growing APP (Authorised Push Payment) fraud; the act of fraudsters tricking their victims into willingly making large bank transfers. However, increasing concerns surround the regulation’s impact on faster payments; potentially slowing them to ensure APPs are legitimate.

Therefore, AI needs to be implemented into FDP systems to enable financial institutions to quickly identify APP fraud without diminishing the value of faster payments.

However, the research also identified data sharing between stakeholders in the payments landscape as vital to maximising the value of FDP solutions, especially within faster payments where real-time fraud detection will be key. 

Report author Cara Malone explained: “The plethora of data collected throughout the payments processes will be utilised to develop several different FDP tools, ranging from behavioural biometrics to identification.”

Photo by Alex Tai on Unsplash

Research: European businesses ‘unprepared for increasing cyber attacks’
By:

A Cloudflare study has revealed that 64% of business leaders, including the retail and financial services sectors, expect a cybersecurity incident in the next 12 months, but only 29% feel highly prepared to defend against them

The report, called “Shielding the Future: Europe’s Cyber Threat Landscape Report” shares the latest data on how organisations are coping with rising volumes of cybersecurity incidents, their levels of preparedness, and top challenges.

These new findings reveal an ongoing concern around growing cybersecurity threats and a feeling of unpreparedness among European businesses.

The survey, which was conducted with more than 4,000 business and technology leaders across 13 European markets (Benelux, CEER, DACH, Nordics, Southern Europe, UK), found that 40% of organisations experienced a cybersecurity incident in the last 12 months. 

Of those that suffered such an event, 84% report that the frequency of these events has increased over the same period, with almost one in five (16%) suffering a cybersecurity attack every 6-11 days. Meanwhile, 62% say that attacker dwell time has also increased in the same time period. 

Looking ahead, two-thirds (66%) of respondents believe that they will see even more attacks within the next year and a significant 64% say that they expect to suffer a cybersecurity incident within the next 12 months. 

Concerningly, despite the increasing volume and frequency of these attacks, only 29% of respondents say they are highly prepared for cybersecurity incidents in the future.

Additionally, industries that had experienced fewer attacks were also among those least prepared. Just 28% of those working in healthcare and 31% of those working in education claimed to have suffered an attack in the last 12 months. For those same industries, the perceived level of preparedness for an incident in the future was low – just 18% and 19%, respectively.

The reverse is true for those in the IT & technology industry. With almost half (49%) being attacked in the last year, however, organisations in this field are seemingly on their guard. Over a third (35%) of respondents from this sector say they are highly prepared for an attack, making it the industry most confident in its ability to deal with an incident, followed by companies in financial services and retail (32% and 31% respectively).  

When looking at organisational size, the lack of preparation by smaller businesses is a particular concern, with only a quarter (25%) claiming to be highly prepared. Medium-sized and large businesses do not fare much better though, with only 27% and 32%, respectively, claiming high levels of preparedness.

For those businesses impacted by a cybersecurity breach, more than a third of respondents (39%) say that the most significant effect remains financial. More than one in five (22%) claim to have lost revenue following an incident. In addition, 23% have suffered increased insurance premiums, 22% have paid fines, and another 23% have experienced legal action. A further one in five (19%) have been forced to lay off members of the team due to the financial losses experienced in the aftermath of an incident. 

Looking at the numbers more closely, almost two-fifths (38%) of respondents say that the financial impact of the incidents they suffered cost between £788,000 and £1.576 million, while a quarter (25%) estimated the loss to be £1.576 million or more. 

A further 17% said that reputational damage was the most significant effect. Additionally, 31% put growth plans on hold in the aftermath of an incident, while over a quarter (28%) have temporarily suspended business operations. 

It’s unsurprising that financial gain was at the heart of many attacks (48%) across the European countries surveyed. However, survey respondents also believe that the threats they have experienced have a much wider range of objectives.

The majority (53%) of those impacted by an incident in the last 12 months say that the main purpose was to plant spyware. And  almost half (48%) of those surveyed say that ransomware plants were the main purpose for the attack. 

When it comes to the most commonly experienced attack vectors, these too are diverse. Phishing tops the list, with almost three in five (59%) respondents claiming to have seen this approach. That’s closely followed by web attacks (58%) and DDoS attacks (37%). Also prevalent were stolen credentials and business email compromise, with almost a third (32%) having experienced these.  

When it comes to tackling these issues, onboarding more products seems to be the go-to response. In fact, nearly half (49%) have more than 11 different products and solutions. The vast majority (72%) believe that this complexity is having a negative impact on their effectiveness, and yet two-thirds (67%) expect the number of tools they adopt to increase in the next 12 months. 

Notably, the three most pressing challenges cybersecurity decision makers and leaders face are: consolidating and simplifying cybersecurity estate (48%); modernising applications used by organisation (47%); and modernising networks operated by organisation (42%). 

Further education on Zero Trust is required for maximum impact

Respondents report three clear problems in the existing architectures they work with: applications and data stored in the public cloud; limited oversight over IT supply chains; and over-reliance on VPNs to protect applications (with each factor mentioned by 34% of respondents).

Given these problems, it is unsurprising that securing a hybrid workforce is a top priority, coming in the top three for more than a third (36%) of our respondents. 

Worryingly, for many organisations, deployment of countermeasures is a long way behind, and in some cases not yet started. Despite widespread recognition of its ability to protect hybrid or remote workers, when looking at deployment of Zero Trust network access., just 25% of respondents say this solution is fully deployed and over half (58%) say that Zero Trust adoption is still in its early stages.  

While two-fifths (44%) say they are optimistic about the ability of Zero Trust to consolidate technology upgrades, our respondents also indicated a lack of faith in their leadership teams’ knowledge of the tool. In fact, the majority (86%) believe their leadership does not fully understand it, while nearly one in five (16%) say their leadership has either partial or no real understanding. According to 42% of those surveyed, this lack of understanding is the single biggest barrier to adoption.

Despite increased budgets, funding, talent, and training remain challenges

With business leaders anticipating more cybersecurity incidents, it’s positive to see that 54% of respondents expect their IT budget for cybersecurity to increase in the next year.

A quarter (25%) of business and IT leaders expect cybersecurity to make up at least 20% of their organisations’ IT spend in the year ahead. And of those expecting a budgetary increase, two thirds (66%) anticipate a rise of more than 10%. 

For the majority, protecting their networks remains the number one investment area, with nearly 24% of the budget allocated to this pillar on average. Despite being the area where respondents see a significant lack of preparedness, devices are set to receive the second lowest allocation of budget share. 

In terms of how this budget allocation is decided, the top two determinants were the number of incidents experienced (34%) and the cost of dealing with them (20%), revealing that most organisations appear to remain reactive in their funding allocation decisions. 

Funding remains the top concern for 46% of our respondents. However, other concerns, such as a lack of talent (41%) as well as the evolving business requirements and user needs (30%) also keep business and tech leaders awake at night.  

Interestingly, despite the increasing volume of attacks, a quarter (25%) cite a lack of buy-in from leadership as a key challenge. With less than a quarter (23%) having not undertaken leadership or general employee training, it is therefore unsurprising that 21% of business and IT leaders rate their organisations’ cybersecurity culture as weak or neutral.

“Organisations across Europe are managing an increasingly complex cybersecurity landscape, all while ensuring operational efficiency, regulatory compliance, and uninterrupted productivity. With incidents on the rise in both volume and frequency, this balancing act becomes even more challenging, leaving leaders with a sense of diminishing control over their organisations’ technological and security frameworks,” said Andy Lockhart, Head of EMEA at Cloudflare. “This significant challenge requires innovative solutions capable of integrating diverse technological components into a cohesive and agile framework. The age of siloed legacy infrastructures is giving way to a new model of “any-to-any” cloud platforms, creating catalysts for innovation and growth. By concentrating on strategic integration any-to-any cloud platforms empower leaders to transform technological challenges into competitive advantages. Adopting this approach will help shape a future where connectivity and innovation are at the heart of business success, opening the door to unlimited possibilities,” adds Lockhart.

Photo by Kasia Derenda on Unsplash

Card payments in China to hit $20 trillion
By:

The Chinese card payments market is expected to grow by 3.7% to reach CNY141.1 trillion ($19.9 trillion) in 2024, supported by a constant consumer shift towards non-cash payments.

GlobalData’s Payment Cards Analytics reveals that card payments value in China reached CNY136.0 trillion ($19.2 trillion) in 2023, registering a healthy compound annual growth rate (CAGR) of 3.8% during 2019-23.

Shivani Gupta, Senior Banking and Payments Analyst at GlobalData, said: “China is the world’s largest payment card market in terms of transaction value, well ahead of developed countries such as the US. Chinese consumers are increasingly adopting payment cards, spurred by a strong banked population, government initiatives to push digital payments, rising consumer preference for electronic payments, and the expansion of payment acceptance infrastructure in the country.”

The growth of card payments has also been supported by government initiatives to push cashless payments. In April 2024, the People’s Bank of China, the country’s central bank, along with the Ministry of Culture and Tourism, the State Administration of Foreign Exchange and the State Administration of Cultural Heritage departments, issued notice to encourage electronic payment acceptance in the country. As part of this, government agencies are required to provide adequate acceptance payment infrastructure, enabling consumers to pay for cultural and tourism transactions digitally using debit/credit cards and digital wallets.

Gupta adds: “The central bank’s decision to open up card payment space, which was primarily dominated by China UnionPay, to international players like American Express and Mastercard will enable them to process domestic card payments thereby bringing in more competition.”

Among the card types, debit cards are preferred over credit and charge cards, accounting for 59.9% share of the overall card payment value in 2023. Debit cards are increasingly being used for payments, especially low-to-medium value transactions. This has been driven by rising consumer awareness, banks offering contactless debit cards, and the expansion of the country’s POS network.

While credit and charge cards have lower adoption and use compared to debit cards, these cards are increasingly being used for payments. The frequency of credit and charge card payments rose from 70.9 transactions per card in 2019 to 129.3 transactions in 2023. Consumers primarily use these cards to take advantage of value-added services such as reward points, installment payment facilities, and discounts offered by banks.

Gupta concludes: “The Chinese payment card market is expected to continue its upward growth trajectory, supported by government initiatives, rising consumer preference for digital payments, and improving card acceptance infrastructure. Subsequently, the card payments value is anticipated to grow at a CAGR of 5.8% between 2024 and 2028 to reach CNY176.9 trillion ($25.0 trillion) in 2028.”

AI-powered malicious attacks are now a top emerging risk, says study
By:

Concern about artificial intelligence (AI)-enhanced malicious attacks ascended to the top of the Gartner emerging risk rankings in the first quarter of 2024.

“The prospect of malicious actions enabled by AI-assisted tools is concerning risk leaders worldwide,” said Gamika Takkar, director, research in the Gartner Risk & Audit Practice. “The relative ease of use and quality of AI-assisted tools, such as voice and image generation, increase the ability to carry out malicious attacks with wide-ranging consequences.”

During the first quarter of this year, Gartner surveyed 345 senior enterprise risk executives to capture and benchmark their top 20 emerging risks and provide leaders a view of their causes and potential consequences.

Risks related to AI captured the top two rankings in the 1Q24 survey (see Table 1) with AI-enhanced malicious attacks cited as the top emerging risk and AI-assisted misinformation also causing concern. Escalating political polarization, which entered the tracker for the first time in 4Q23, dropped from the second most cited concern to third place.

Table 1: Top Five Most Commonly Cited Emerging Risks in Q1 2024
[Image Alt Text for SEO]

Source: Gartner (May 2024)

One of the key drivers of AI-enabled attacks and misinformation is the rapidly expanding access to its capabilities. AI enhancement can provide malicious code, and facilitate phishing and social engineering, which enables better intrusion, increased credibility and more damaging attacks.

“Its low cost and rapid growth also expose users to the technology who have little awareness on how to recognize when AI-enabled tools are providing valid vs. false or misrepresented information,” said Takkar.

The potential impacts of AI-enhanced attacks and misinformation are far-reaching and consequential to reputation, productivity and the ability of organizations to respond. Increased breaches and disclosure requirements can erode trust in an organization and brand among clients, consumers and partners.

“The speed and quality of AI-enhanced attacks and misinformation also hinder information security teams’ ability to respond and adapt to the new security landscape, further amplifying its vulnerabilities,” said Takkar.Gartner clients can read more in 1Q24 Emerging Risk Report. Nonclients can read: 1Q24 Emerging Risk Trends.

Spain continues trends towards digitisation of payments
By:

The Spanish card payments market is forecast to grow by 8.9% to reach EUR402.6 billion ($435.4 billion) in 2024, supported by a constant consumer shift towards electronic payments.

GlobalData’s Payment Cards Analytics, reveals that card payment value in Spain registered a growth of 22.5% in 2022, driven by a rise in consumer spending. The value is estimated to have registered a growth of 18.1% to reach EUR369.8 billion ($399.8 billion) in 2023.

Ravi Sharma, Lead Banking and Payments Analyst at GlobalData, commented: “Spain is gradually moving towards the digitalization of its payment infrastructure, supported by a high-banked adult population, partly due to citizens’ right to a basic account, and the expansion of its point-of-sale (POS) infrastructure. The growing acceptance of payment cards by retailers and the advent of contactless technology are set to reduce the share of cash within the economy.”

Cash remains an integral part of the Spanish consumer payments landscape, particularly for lower-value transactions. However, there has been a consistent decline in cash usage, while electronic payment methods have witnessed an increase. This is supported by a well-developed payment infrastructure with over 52,000 POS terminals per one million inhabitants in Spain – which is amongst the highest compared to many of its European counterparts.

The outbreak of the COVID-19 pandemic accelerated the rise in contactless payments in the country, thereby contributing to growth in overall card payments. According to the Study on the payment attitudes of consumers in the euro area (SPACE) in 2022, released by the European Central Bank (ECB), contactless payments in Spain accounted for 67% of all card payments at POS, in terms of volume, in 2022. The share was 66% when it comes to transaction value.

The cap on cash transactions is also pushing the use of card payments in the country. As of 2021, it became illegal for consumers to make cash payments of more than EUR1,000 ($1,073.2) to businesses, which means all amounts above the limit will have to be paid using electronic mode.

Sharma concluded: “The Spanish card payments market, which was affected by the pandemic, returned to a growth trajectory with impressive growth in subsequent years, supported by a rise in economic activity and consumer spending. However, an uncertain economic environment and rising inflation pose challenges for faster growth. The Spanish card payments market is forecast to grow at a compound annual growth rate (CAGR) of 6.4% between 2024 and 2028 to reach EUR515.9 billion ($557.8 billion) in 2028.”

Photo by Florian Wehde on Unsplash

‘One million attacks on global financial sector in 120 days’
By:

BlackBerry’s latest Global Threat Intelligence Report has revealed threat actors focusing efforts on targeting high-value data held by the global financial sector, with one million attacks logged over the 120 day period.

This “death by a million cuts” is revealed to be using mainly commodity malware, which indicates a large number of independent actors targeting the industry in pursuit of financial gain. Critical infrastructure attacks, including those targeting government, financial, healthcare and communications industries, altogether accounted for 62 percent of industry-related attacks over the report period, September to December 2023. 

The BlackBerry Threat Research and Intelligence team registered a 27 percent uptick in novel malware to 3.7 new malicious samples per minute prevented by its AI-powered cybersecurity solutions, compared to 2.9 per minute in the previous reporting period. Overall, BlackBerry claims its cybersecurity solutions stopped 31 attacks every minute, a 19 percent increase on the last reporting period. 

“We’re consistently seeing increased volumes of attack in highly lucrative industries using novel malware,” said Ismael Valenzuela, Vice President of Threat Research and Intelligence at BlackBerry. “Novel malware typically indicates specific motivations from threat actors towards particular attack targets with intent to evade defences, which are often based on static signatures. We’ve reached a pivotal point where traditional detection methods alone are not enough to combat this increasingly complex problem. AI is already being weaponised by malicious entities, so it must equally be the dominant tool for detection and defence.” 

Highlights from the latest BlackBerry Global Threat Intelligence Report include: 

  • 62 percent of industry-related attacks targeted critical industries: Digitization and the prospect of debilitating national infrastructure attracted notorious gangs and Malware-as-a-Service (MaaS) groups who attempt to exploit security misconfigurations and vulnerabilities for varying motives. 
  • Commercial enterprises also under attack: 33 percent of all threats targeted commercial enterprises (including retail, manufacturing, automotive and professional services), with the majority (53 percent) of those deploying information-stealing (Infostealer) malware with the aim of accessing highly sensitive data.  
  • Rapid weaponization of CVEs by Threat Actors: Ransomware gangs observed taking advantage of new Zero Day vulnerabilities and mass mobilizing against potentially vulnerable targets, with zero-day exploits motivating profiteer groups.  

Based on its data analysis, the BlackBerry Threat Intelligence and Research team predicts that 2024 will bring an increase in attacks targeting critical infrastructure and other profitable segments. VPN appliances will likely remain desirable targets for nation-state-level threat actors and it is anticipated that there will be a continued increase in supply chain cyberattacks targeting hardware and software vulnerabilities. Further, APAC will likely see an increase in attacks from China and North Korea, particularly financially-motivated attacks. 

Photo by Jeffrey Blum on Unsplash

  • 1
  • 2