NATIONAL

Cybersecurity – CERT-In Warns Financial Sector Faces New Era of Trust-Based Cyber Threats

Cybersecurity –  India’s financial sector is confronting a changing cyber threat environment as attackers increasingly focus on exploiting digital trust rather than relying solely on traditional hacking methods, according to the Indian Computer Emergency Response Team (CERT-In) in its Digital Threat Report 2025-26. The assessment highlights how cybercriminals are adapting their tactics to target interconnected digital systems, creating fresh challenges for banks, financial service providers and insurance companies.

Cert in financial cyber threat warning

Cyber Threats Shift Beyond Conventional Hacking

The report states that modern cyber attacks are no longer limited to stealing passwords or directly breaching payment systems. Instead, attackers are taking advantage of weaknesses across digital identity verification, biometric onboarding, artificial intelligence-driven decision-making, application programming interfaces (APIs), third-party software and instant payment platforms. This growing dependence on interconnected technologies has expanded the attack surface for the Banking, Financial Services and Insurance (BFSI) sector.

According to CERT-In, these evolving tactics represent a move toward manipulating the broader trust ecosystem instead of compromising a single system. As financial institutions increasingly depend on external technology partners and automated services, identifying risks across the entire digital chain has become significantly more complex.

Earlier Predictions Have Become Reality

The report notes that six of the seven major cyber risk predictions outlined in its previous edition have already materialised. This, CERT-In says, reflects the speed at which cyber threats are advancing and the difficulty many organisations face in keeping their security frameworks aligned with rapidly changing attack methods.

Officials believe that conventional defensive strategies alone may no longer be sufficient as cybercriminals continue to innovate using emerging technologies and increasingly sophisticated techniques.

AI and Deepfake Technology Fuel Sophisticated Fraud

Among the report’s key findings is the growing use of artificial intelligence in cybercrime. CERT-In says fraud involving deepfake technology has become highly organised, with criminals using realistic executive video impersonations, advanced large language models and constantly evolving attack variants designed to avoid detection.

The report also points to a rise in social engineering operations and Business Email Compromise (BEC) scams. Credential theft and session hijacking have emerged as preferred methods for obtaining initial access to corporate systems, enabling attackers to bypass traditional security measures before launching wider intrusions.

Automated Attacks Increase Pressure on Financial Institutions

CERT-In warns that cyber attacks are increasingly being generated, refined and executed with machine-speed automation rather than manual intervention. Phishing campaigns have also become more convincing by incorporating contextual information and personalised content that closely resemble genuine business communications.

Because of these developments, the BFSI industry continues to remain one of the most frequently targeted sectors. The report suggests that highly customised phishing attempts make it increasingly difficult for employees and customers to distinguish fraudulent messages from authentic correspondence.

Recommended Measures to Strengthen Digital Trust

To address the changing threat landscape, CERT-In has recommended several measures aimed at strengthening digital identity verification and improving security across financial institutions.

The report advises organisations to introduce active liveness detection during digital onboarding processes to reduce identity fraud. It also recommends continuous session monitoring through behavioural biometrics, device posture verification and token binding for privileged user sessions.

In addition, CERT-In has encouraged financial institutions to extend identity governance beyond human users by securing service accounts, machine identities and AI-driven systems. Where permitted by law, it also recommends cross-database identity verification for high-assurance account creation to improve confidence in customer authentication.

Building Resilience Beyond Traditional Security

The report concludes that the greatest challenge is not simply the rising number of cyber attacks but the changing ways in which digital trust itself is being exploited. It argues that financial institutions should move beyond adding isolated security tools and instead adopt continuous assurance models, ecosystem-wide trust management and operational resilience strategies capable of responding to evolving cyber risks.

 

Back to top button