Tag Archive for: financial

Financial services increasingly targeted for API-based cyberattacks

/in


A report published Monday by cloud services and CDN (content delivery network) platform Akamai said that the financial services industry is an increasingly popular target for a wide range of cyberattacks, with application and API attacks against the vertical more than tripling in the past year.

APIs are a core part of how financial services firms are changing their operations in the modern era, Akamai said, given the growing desire for more and more app-based services among the consumer base. The pandemic merely accelerated a growing trend toward remote banking services, which led to a corresponding growth in the use of APIs.

With every application and every standardization of how various app functions talk to one another, which creates APIs, the potential target surface for an attacker increases, however. Only high-tech firms and e-commerce companies were more heavily targeted via API exploits than the financial services industry.

“Once attackers launch web applications attacks successfully, they could steal confidential data, and in more severe cases, gain initial access to a network and obtain more credentials that could allow them to move laterally,” the report said. “Aside from the implications of a breach, stolen information could be peddled in the underground or used for other attacks. This is highly concerning given the troves of data, such as personal identifiable information and account details, held by the financial services vertical.”

Beyond attacking financial services firms themselves, the report said, cybercriminals have customer accounts in their sights as well. More than 80% of attacks against companies in the industry target customers, instead of institutions, via phishing or direct attack.

Attackers have been quick to leverage zero-day vulnerabilities discovered in systems used by financial services companies, noted Akamai. One example from this year is the remote code execution vulnerability found in Atlassian’s Confluence Server and Data Center products—less than a week after the flaw was publicly disclosed, Akamai recorded nearly 80,000 Confluence-based attacks per hour during one period in the evening of June 7.

Source…

Play some ‘Financial Football’ designed by Visa to learn more about cybersecurity

/in


While cyber-attackers strike all year round, October, designated as Cybersecurity Awareness Month, is an ideal time to cover how to best protect yourself from online threats that can compromise your devices and data.

This annual educational campaign has occurred since 2004, but for the first time Khan Academy, the popular nonprofit that provides free educational lessons to learners of all ages, has partnered with tech giant Google to create courses and videos loaded with tips to helping you stay safe online.

In fact, this Khan Academy Internet Safety Course features Khan Academy founder Sal Khan, who paired up with Google security experts to provide actionable advice to keep online accounts secure, browse the web safely, detect phishing attempts and more.

“A lot of parents know about Khan Academy because their kids use Khan Academy at school,” says Khan, in an email interview with USA TODAY. “Tens of millions of learners, teachers and parents use our exercises, software and videos every month, and increasingly we are partnering with school districts serving underserved communities to accelerate the learning of their students.”

“Now we’ve created new lessons for adults, thanks to Google’s support,” continues Khan.

“Our internet safety course can help parents. And really, I mean any grownup, anywhere, stay safe online,” Khan adds. “Learn how to keep devices and accounts safe, how to recognize scams, and how to protect your personal data while shopping online. What’s more, all the lessons are free.”

According to Google, this video-centric content is based on what web users are searching for, including: password managers (reaching a record high this year, says Google); searches related to phishing and vishing (voice phishing); “identity theft” research (“how to report,” “how to prevent”); and virtual private networks (VPNs) went up a whopping 4,500 percent, says Google.

Lessons aplenty

The Khan Academy partnership was announced by Google back on Feb. 7 (“Safer Internet Day”), but has just launched in time for Cybersecurity Awareness Month.

Interviewed by Khan, the four Google speakers and topics are as follows:

Guemmy Kim, product management director, account security, at…

Source…

State of ransomware in financial services

/in


Ransomware is a scourge suffered by organizations across the industry spectrum, but financial services continues to be particularly hard hit, according to the latest Sophos report on The State of Ransomware in Financial Services.

Ransomware is nothing new to financial industry cybersecurity professionals, who have seen these attacks wreak havoc on institutions big and small for more than half a dozen years. And in recent months, ransomware attacks have stepped up, putting them front and center for the industry.

Indeed, financial IT security professionals and researchers alike have pointed out how ransomware attacks are not only becoming more pervasive, but more sophisticated — creating a wave of new threats that even the most security-conscious banks and investment firms are hard-pressed to stop.

Rise in ransomware attacks against financial services

In 2021, more than half (55%) of financial service firms were victims of at least one ransomware attack, up from 34% the previous year, representing a 62% rise in these threats in just one year, according to Sophos’ report. The study was derived from research Sophos commissioned with Vanson Bourne, which surveyed 5,600 IT professionals, including 444 from financial services in the first two months of 2022.

Among the report’s key findings:

  • Ransomware attacks on financial services increased – 55% of organizations were hit in 2021, up from 34% in 2020.
  • The increased attack rate is part of a cross-sector, global trend. Even though the attack rates are higher in 2021, financial services reported the lowest attack rates of all sectors.
  • Financial services reported the second-lowest rate of data encryption at 54%. The global average was 65%, for comparison.
  • 52% of financial services organizations paid the ransom to restore data, which is higher than the global average of 46%.
  • The amount of data restored by financial services has remained constant at 63% across 2020 and 2021; the global average is 61%. However, the percentage of financial services organizations that got ALL their encrypted data back went up from 4% in 2020 to 10% in 2021. For comparison, the global average in 2021 was just 4%.
  • The rate of ransom payment by the financial services…

Source…

The UK helps entrepreneurs develop innovative financial solutions in Mexico

/in


In Mexico, important gaps in financial inclusion mean only 68% of adults use at least one financial product, even though internet access is at 75.6%. The UK’s Financial Services Programme sponsored the Sandbox Challenge (SC), which helped increase financial inclusion in Mexico. It did this by helping Fintech entrepreneurs develop their offerings of digital and innovative financial solutions. The second edition of the SC initiative attracted 200 participants from the United States, Taiwan, Peru, Colombia and Ecuador.

To help SC winners develop their business models, they obtained bespoke support covering legal advice, business-consulting mentoring, financial modelling, cyber security advisory, and programming services, among others.

MoneyWays, a Venezuelan firm, provides a digital alternative to the high costs associated with cross-border fund transfers, which disproportionately affect migrant workers sending money to their families back home. MoneyWays solution consists of a platform providing money transfers, remittances, prepaid cards services, and payments through a real-time wallet system. According to MoneyWays, the support they received allowed them to accelerate the development of their services and have a presence in the Mexican market, which, in turn, helped them reduce the financial burden on remittance beneficiaries.

Plataforma 9.9% devised an innovative solution to help women and informal workers access home ownership through a collective, circular form of financing. Plataforma 9.9% recognised that participating in the Financial Services Programme gave them an opportunity to build their methodology whilst at the same accessing professional advice that guided them in structuring their services to comply with official regulations.
Sagrario Gutiérrez, member of Plataforma 9.9%, shared:

We were provided with skills, tools, guidance, structure, transparency and certainty; it has been an outstanding experience to help build our solution.

Escrivan helps consumers regularise their real estate assets, which is critical given that over 50% of homeowners in Mexico currently have “irregular” property status. By resolving this issue, more consumers are able to…

Source…