Cybersecurity – the challenges for fintech

/in


Fintech is one of the business sectors that needs cybersecurity most – and needs it to be most effective. That’s because it’s a sector which, alongside the hardcore functional and ransom-worthy data that makes any business work, also potentially holds the financial data, and therefore direct access to resources, of all its customers. Fintech and cybersecurity should go together like a lock and a key.

Unfortunately, cyber-attackers know that just as much as fintech companies do – which has a tendency to make fintech companies a big prize for bad actors, and a big nightmare for insurers, because in the event that a fintech organization suffers a bad cyber-attack, the implications have far more ripples than would be usual outside of the sector. In the fintech sector, there’s more lucrative damage to be done by targeting the users of the tech, who may have significantly less rigorous cybersecurity in place, than there is in targeting a fintech company head-on. One malicious app, loose in the app ecosystem, can strip fintech users of their assets, and leave the fintech company with a reputation in tatters for failing to prevent the attacks.

Unleash Profitable Chaos!

That level of chaos and potential pay-out inspires bad actors to create ever more sophisticated ways to access everything from banks and neobanks to crypto wallets – and sometimes, to do it in ways that don’t flag up their activities until it’s far too late.

Ways like the new generation SOVA banking trojan, which is making a return in 2022 in a new upgraded form. When it first appeared in September 2021, it could target 90 different apps, and hit both financial and shopping apps, all across the US and Europe, harvesting credentials by launching overlay attacks.

Now, less than a year later, it can infect 200 apps. It hides inside fake apps that use the logos of legitimate traders like Amazon and Google Chrome, and can then scrape credential data at will. That’s made easier in the latest iteration by features that allow it to both capture screenshots and record device screens. It can also get data from your Binance and Trust Wallet accounts, including…

Source…