Tag Archive for: banks

Telcos, banks, data centres urged to explore use of quantum security at new centre

/in


SINGAPORE – Hackers armed with quantum computers may soon trump virtual private networks, decode passwords and break other traditional encryption software that forms the basis of today’s Internet security.

And the adoption of new cyber-security software to fend off hackers who could soon wreak havoc with quantum technology is not catching quickly enough.

A newly launched experience centre, dubbed the Quantum Networks Experience Centre, at research and development hub one-north hopes to bridge the gap.

It was launched last week by National University of Singapore’s quantum security systems spin-off SpeQtral in partnership with Japanese firm Toshiba. The centre aims to promote the adoption of quantum-secure systems in the region.

It is hoped that national agencies and private enterprises such as telcos, banks and data centres can explore commercial uses for the technology.

The effort is backed by the National Research Foundation, Temasek and national institutions such as Enterprise Singapore and the Economic Development Board.

Standard encryption, which is based on mathematical codes, has become all too familiar to hackers who can decrypt it to access sensitive secrets or cripple networks.

Quantum cryptography, on the other hand, harnesses the quantum properties of light particles to create a seemingly unbreakable cryptographic algorithm to secure satellite or fibre broadband communications.

In the wrong hands, quantum technology can unravel the Internet, as it can potentially crack current encryption algorithms exponentially faster than even the best of non-quantum machines.

National institutions have recognised the promise and potential threat of the nascent technology and doubled down on investments in the field. The authorities and cyber-security providers have also urged businesses to heed these early warnings.

SpeQtral chief executive Lum Chune Yang said: “In terms of general knowledge about quantum communications, it is nowhere near what it needs to be… Any institution that handles high-value data or a high volume of data should take note.”

He added: “We are entrusting government agencies, banks and cloud providers with all our data, so those…

Source…

Computer Security: Banks and work

/in


Over the past few months, the Computer Security team and the Identity and Account Management team have started to roll out two-factor authentication (2FA). 2FA is considered to be the silver bullet for protecting computing accounts. You find it everywhere: for accessing Facebook, Twitter, Gmail and many other services. Your bank uses it to protect your money. Still, we are facing resistance. And I’m starting to wonder why it is that people at CERN are perfectly willing to protect their bank accounts with 2FA while trying to avoid using it to protect their work, which is what puts the money in said accounts in the first place…

CERN is under attack, like any other organisation, institute or company, many of which have been hacked or compromised and their data stolen (see here and there). A successful ransomware attack against CERN could have devastating consequences for our operations and reputation. Ransomware attacks, like many other forms of attack, usually take the route of you clicking on a malicious link, opening a malicious attachment or browsing a dodgy webpage, and subsequently infecting your computer. While the consequences for your laptop are local (and can be very nasty), the next hop from that compromised device most likely requires your password. A password that can now be easily intercepted by an attacker who has a foothold in your device. Other successful ransomware attacks are more direct. By asking. By you providing your password directly to an attacker, via a fake login page. Every year, between 10% and 20% of us fall for the Computer Security team’s clicking campaign. Between 10% and 20% of all CERN passwords are exposed. Lost.

Lots of juice for an attacker if those campaigns were real. Just think what they could access with your password. What power they could inherit from you. What the attacker could do if they could observe you working on different IT services, controls systems and financial applications. And what could happen if the attacker started acting on their own. Stopping accelerators? Manipulating experiments? Disabling safety systems? Stealing money? Deleting files? Exposing personal data? Impacting CERN’s reputation?

In order to protect CERN…

Source…

Microsoft says Austrian firm behind spyware targeting law firms, banks

/in


LONDON, July 27 (Reuters) – Security researchers at Microsoft (MSFT.O) have said an Austrian firm was behind a string of digital intrusions at banks, law firms and strategic consultancies in at least three countries.

The firm, DSIRF, developed spyware – malicious software designed to spy on or steal information from a target’s device – called “Subzero” which uses so-called Zero-day exploits to access confidential information such as passwords, or logon credentials, Microsoft said in a blog post on Wednesday.

“Observed victims to date include law firms, banks, and strategic consultancies in countries such as Austria, the United Kingdom, and Panama,” the post said, without identifying the victims.

Register now for FREE unlimited access to Reuters.com

Vienna-based DSIRF, or DSR Decision Supporting Information Research Forensic GmbH, did not respond to email and telephone requests for comment.

Zero-day exploits are serious software flaws of great value to both hackers and spies because they work even when software is up to date.

The term comes from the amount of warning users get to patch their machines protectively; a two-day flaw is less dangerous because it emerges two days after a patch is available.

Some cybersecurity firms develop such tools to deploy alongside routine “pentesting”, or penetration testing, to test a company’s digital defences against malicious attacks.

“Microsoft’s interaction with a victim confirmed they had not consented to red teaming and malware deployment, and confirmed it was unauthorised activity,” Microsoft Security Unit general manager Cristin Goodwin, who authored the report, told Reuters.

According to a copy of an internal presentation published last year by German news website Netzpolitik, DSIRF advertises Subzero as a “next generation cyber warfare” tool which can take full control of a target’s PC, steal passwords, and reveal its location.

Another one of the slides in that presentation showed several uses for the spyware, including anti-terrorism and the targeting of human trafficking and child pornography rings.

Microsoft’s findings come as the United States and Europe mull tighter rules around vendors of spyware, a fast-growing and under-regulated…

Source…

Banks need best practices to fight rising cyberattacks

/in


Cyberattacks on the financial sector have been steadily increasing. According to VMware, financial institutions experienced a $238% increase in cyberattacks within the first six months of 2020 alone. In 2021, the trend continued with financial institutions/fintech being hit by ransomware, phishing, SQL injection, social engineering, and denial of service attacks, among others.

Government agencies have sought to stem the trend with regulations, resources, and regular warnings. But has this been enough and can financial institutions/fintech companies do more to protect the sensitive data of their customers and their own proprietary information? The answer is yes, and it involves executives’ gaining a better understanding of the progression of cyberattacks on the financial sector and responses to them, along with implementing best practices for cybersecurity that address current threat vectors.

On September 14, 2007, the online brokerage, TD Ameritrade, reported that it had experienced a data breach that resulted in the theft of 6.3 million customer account records. It was one of the first major wake-up calls for the financial sector and sadly would be followed by many others. A report by the Boston Consulting Group stated that financial services firms are 300 times more likely to experience a cyberattack than businesses in other industries. Their costs from a cyberattack are higher too. Accenture reported that the average cost of a cybercrime per financial services company in 2018 averaged $18.5 million compared with $13 million for companies in other sectors. It is likely that amount has increased. The good news is that there is greater awareness and measures in place to help combat cybercrime. This heightened awareness coupled with best practices can be extremely effective.

Serious cybercrime incidents in 2021

Since tracking and reporting of cyberattacks began, there has been a long pipeline of various cyberattacks on banks, credit unions, credit card companies, mortgage lenders, investment firms, cryptocurrency platforms, etc. worldwide.  Cybercriminals have included Russian hacking groups like the TA505, ransomware groups like DarkSide and Ragnar Locker, international crime…

Source…