Moody’s Highlights Rising Banking Sector Risks Amid AI Cyber Warfare

 

Moody’s Warns AI Cyber Arms Race Is Escalating Risks for Banks

Advanced AI Is Reshaping the Cybersecurity Battlefield

The emergence of frontier artificial intelligence models is transforming the cybersecurity landscape at an unprecedented pace. While AI is delivering powerful benefits to organizations, it is also enabling attackers to discover and exploit software vulnerabilities faster than ever before.

According to a recent Moody’s report, financial institutions are among the sectors facing the greatest exposure as increasingly capable AI systems accelerate the cyber arms race between attackers and defenders.

The report, titled "Arms Race: Deep Defenses Will Help Banks Navigate Cyber Threats from New AI Models," highlights how advanced AI technologies are fundamentally changing the economics of cyberattacks and forcing banks to rethink their security strategies.

Financial Institutions Remain Prime Targets

Banks have long been attractive targets for cybercriminals due to the enormous volumes of money, sensitive customer information, and critical financial infrastructure they manage.

As cybercriminals gain access to increasingly sophisticated AI-powered tools, the scale and effectiveness of attacks are expected to rise significantly. Moody’s notes that data breaches are already becoming more expensive, with organizations facing record-breaking recovery and remediation costs.

The concern is no longer limited to isolated incidents. Cyber risk is increasingly becoming a systemic threat capable of affecting multiple institutions simultaneously, particularly as financial ecosystems become more interconnected through digital platforms, cloud services, and third-party vendors.

Attackers Are Moving Faster Than Defenders

One of the most concerning findings highlighted by Moody’s is the growing gap between vulnerability exploitation and remediation.

Cybercriminals are now exploiting newly discovered software flaws within weeks, while many organizations still require months to fully patch and secure affected systems. Even though banks generally outperform other industries in vulnerability management, they continue to struggle to keep pace with rapidly evolving threats.

This imbalance creates a dangerous window of opportunity where attackers can weaponize vulnerabilities before organizations have completed their remediation efforts.

As AI systems become capable of identifying weaknesses across large software environments automatically, the pressure on security teams is expected to intensify.

Legacy Systems Continue to Create Security Challenges

Many financial institutions operate complex technology infrastructures that have evolved over decades. These legacy systems often support critical banking operations but can be difficult and costly to modernize.

Outdated software, delayed patching cycles, and aging infrastructure provide attractive entry points for cyber attackers. The complexity of these environments frequently slows security updates and increases operational risks.

In addition, banks increasingly rely on extensive networks of third-party vendors, cloud providers, and software suppliers. Every external dependency introduces potential vulnerabilities that can be exploited through supply chain attacks.

Recent cybersecurity incidents across multiple industries have demonstrated how a single compromised vendor can impact hundreds or even thousands of organizations.

Cybersecurity Spending Set to Increase

As threats continue to grow, financial institutions are allocating larger portions of their technology budgets toward cybersecurity initiatives.

Industry analysts suggest that many organizations may need to significantly increase cybersecurity investments over the coming years. Traditional annual budget increases may no longer be sufficient to address the rapidly evolving threat environment driven by AI-enabled attacks.

Investment priorities include:

• Continuous vulnerability management

• Advanced threat detection systems

• Security automation platforms

• Zero Trust architectures

• Third-party risk management

• Incident response and cyber resilience programs

The focus is shifting from prevention alone toward maintaining operational resilience during active cyber incidents.

Zero Trust and Continuous Patching Become Essential

Moody’s emphasizes that modern cybersecurity strategies must focus on reducing attacker opportunities through faster remediation and stronger architectural defenses.

Many banks are accelerating adoption of Zero Trust security models, which require continuous verification of users, devices, and applications before granting access to critical systems.

At the same time, organizations are moving away from traditional patch management cycles toward continuous patching approaches that reduce exposure windows for newly discovered vulnerabilities.

These measures are becoming increasingly important as AI enables attackers to identify weaknesses at machine speed.

AI Is Also Strengthening Defenders

While AI is creating new risks, it is also providing powerful defensive capabilities.

Financial institutions are deploying AI-driven security tools to improve threat detection, vulnerability discovery, and security monitoring. Machine learning systems can analyze enormous volumes of data, identify suspicious activity, and prioritize security risks more efficiently than traditional approaches.

AI-assisted software development is also helping organizations identify vulnerabilities earlier in the development lifecycle, supporting secure-by-design principles that integrate security from the beginning rather than after deployment.

However, AI is not a complete solution. Human expertise remains essential for validating findings, implementing fixes, and making strategic security decisions.

Building Cyber Resilience for the AI Era

The cybersecurity challenge facing banks is no longer simply about preventing attacks. It is about building resilient systems capable of withstanding increasingly sophisticated threats.

Organizations that can rapidly identify vulnerabilities, deploy patches, strengthen governance, and adopt modern security architectures will be better positioned to manage the risks created by advanced AI.

Moody’s concludes that while frontier AI models are raising the stakes for cybersecurity, they also offer opportunities for defenders who can adapt quickly. In the coming years, success will depend not only on security technology but also on organizational agility, cyber resilience, and the ability to respond faster than attackers can exploit emerging weaknesses.

Bottom Line: The AI-driven cyber arms race has begun. For banks and financial institutions, resilience, Zero Trust security, continuous patching, and AI-assisted defense strategies are becoming critical requirements rather than optional investments.

Source: https://cybermagazine.com/news/moodys-warns-ai-cyber-arms-race-raises-risks-for-banks

GlassWorm Infrastructure Takedown Weakens Developer Supply Chain Attacks

 

GlassWorm Malware Infrastructure Disrupted in Major Supply Chain Security Operation

Cybersecurity researchers have confirmed a large-scale disruption of the infrastructure behind GlassWorm, an advanced malware campaign that has been actively targeting software developers through malicious packages, compromised extensions, and poisoned development environments.

The coordinated operation, led by CrowdStrike alongside Google and the Shadowserver Foundation, successfully neutralized all known command-and-control (C2) communication channels used by the threat actors.

Developers Become Prime Targets for Supply Chain Attacks

Since early 2025, GlassWorm operators have focused heavily on software developers due to their privileged access to critical infrastructure such as source code repositories, cloud platforms, package registries, and CI/CD pipelines.

Unlike traditional malware campaigns aimed at end users, GlassWorm was engineered to compromise developer ecosystems. A single infected developer workstation could potentially allow attackers to inject malicious code into software packages distributed to thousands of organizations worldwide.

Security experts warn that this growing trend represents one of the most dangerous attack vectors in modern cybersecurity because compromised software dependencies can rapidly spread malware across enterprise environments.

Malicious VS Code Extensions and Poisoned Packages

GlassWorm initially gained attention after researchers discovered trojanized extensions being distributed through both the Microsoft VS Code Marketplace and Open VSX repositories.

The malware campaign targeted users of several popular Visual Studio Code forks and developer tools, including:

• Visual Studio Code
• Cursor
• Positron
• Windsurf
• VSCodium

Researchers also identified malicious npm and Python packages carrying hidden GlassWorm payloads, further expanding the attack surface across developer communities.

Advanced Malware Capabilities

Once installed, GlassWorm deployed a sophisticated malware framework capable of:

• Credential harvesting
• Cryptocurrency wallet theft
• Browser data extraction
• System profiling
• Remote code execution
• Clipboard and keystroke monitoring
• Screenshot capture

Later variants introduced a WebSocket-based JavaScript remote access trojan known as GlassWormRAT, enabling attackers to execute arbitrary commands on compromised systems.

The malware also attempted to steal authentication tokens linked to:

• GitHub repositories
• npm accounts
• OpenVSX accounts
• Cloud services
• Crypto wallets

Stolen credentials were then allegedly used to compromise additional repositories and distribute more malicious packages across software ecosystems.

Infected Systems Turned Into Hidden Infrastructure

Security researchers revealed that compromised machines were transformed into covert operational nodes that helped attackers maintain persistence and anonymity.

These infected hosts were used as:

• SOCKS proxy servers
• Hidden VNC (HVNC) systems
• Remote execution nodes
• Peer-to-peer relay infrastructure

By abusing legitimate systems, the attackers could hide malicious traffic and continue expanding their operations without relying entirely on traditional servers.

Investigators estimate that more than 300 GitHub repositories were affected using stolen developer credentials.

Multi-Layered Command-and-Control Network

One of the most unusual aspects of GlassWorm was its resilient and decentralized communication infrastructure.

Instead of relying on a single C2 server, the malware used four separate communication channels simultaneously:

1. Solana Blockchain Integration

GlassWorm stored command server addresses inside transaction memo fields on the Solana blockchain, allowing infected systems to retrieve updated infrastructure details without traditional hosting.

2. BitTorrent Distributed Hash Table (DHT)

The malware leveraged peer-to-peer BitTorrent DHT networks to obtain configuration data dynamically.

3. Google Calendar Abuse

Attackers reportedly hid command server information inside event titles hosted on Google Calendar services.

4. Commercial VPS Infrastructure

Direct fallback communication with command servers hosted on commercial VPS providers ensured additional redundancy.

Researchers explained that this layered design made GlassWorm extremely difficult to disrupt because removing one channel would not fully disable the malware.

Coordinated Takedown Operation

The recent cybersecurity operation simultaneously disabled all four communication methods, effectively preventing infected systems from receiving new commands, payloads, or updates.

Experts describe the operation as a significant blow to the threat actors behind GlassWorm, although security analysts caution that the operators may attempt to rebuild their infrastructure using new techniques.

Suspected Russian Cybercriminal Links

Researchers believe the campaign may be linked to Russian-speaking cybercriminal groups. Evidence supporting this assessment includes:

• Russian-language comments embedded within malware code
• Malware self-termination on systems located in CIS countries
• Operational tactics commonly associated with Russian cybercrime ecosystems

However, no official public attribution has yet been confirmed.

Growing Risks in the Software Supply Chain

The GlassWorm campaign highlights how software supply chain attacks are becoming increasingly sophisticated and dangerous.

Modern organizations rely heavily on third-party libraries, extensions, open-source packages, and automated development pipelines. Attackers understand that compromising developers provides a direct path into enterprise environments.

Hacker Steals $24.5 Million in Major Resolv DeFi Platform Breach

 

AI-Powered Phishing Surge Exploits Microsoft Authentication, Targets Thousands

In a concerning shift in cyberattack tactics, security researchers have uncovered a large-scale phishing campaign leveraging artificial intelligence to generate highly customized lures. The campaign, which intensified sharply in early March, is being described as one of the most aggressive and effective phishing operations seen in recent times.

Cybercriminals Exploit Fake AI Browser Add-Ons to Target 260K Chrome Users

 

Fake AI Chrome Extensions Duped 260K+ Users — What You Need to Know

The Google Chrome ecosystem is facing a new wave of browser-based threats — and this time attackers are exploiting the explosive popularity of artificial intelligence tools. Security researchers have uncovered dozens of malicious Chrome extensions masquerading as AI assistants that secretly harvest sensitive user data. More than 260,000 users have already downloaded these deceptive add-ons, highlighting a growing cybersecurity risk hiding in plain sight.

China-Linked Lotus Blossom Group Behind Notepad++ Hosting Cyberattack

 

Notepad++ Hosting Breach Linked to China-Linked Lotus Blossom APT, “Chrysalis” Backdoor Discovered

A China-linked cyber-espionage group known as Lotus Blossom has been attributed with medium confidence to the compromise of infrastructure used to host Notepad++, the widely used open-source text editor. The incident enabled attackers to deliver a previously undocumented backdoor dubbed Chrysalis to a select group of users, according to research from Rapid7.

Airtel-Perplexity Pro "Free" Offer Under Fire as New Credit Card Requirement Surfaces

 

A wave of frustration is hitting Indian tech enthusiasts as Perplexity AI and Airtel appear to have altered the terms of their highly publicized "One Year Free Perplexity Pro" collaboration.

The Original Promise Launched as part of the Airtel Thanks program, the offer originally allowed eligible Airtel users to claim a year of Perplexity Pro (valued at ~$200) without any financial commitment. Archived versions of the official help page dated as recently as late November 2024 explicitly confirmed that users did not need to provide credit card or debit card information to activate the service.

Rootkit Tactics: How Chinese Hackers Hide ToneShell Malware Activity

 

Chinese Hackers Use Kernel Rootkit to Conceal ToneShell Malware

A China-linked advanced persistent threat (APT) group associated with HoneyMyte, also known as Mustang Panda or Bronze President, has been observed deploying a new kernel-mode rootkit to stealthily hide its ToneShell backdoor operations.