Tag Archive for: Roundup

2022 Banking & Finance Security Intelligence Roundup

/in


The banking and finance industries deliver more services online now than ever before due to the pandemic. As a result, banking cybersecurity became more important than ever this year. Some of the threats to big data security in recent years included ransomware attacks, the growth of contactless payments, mobile malware attacks and even data breaches of major banking and finance apps.

Take a look at some of the major stories related to finance cybersecurity. How can IT executives and finance professionals enhance cyber defenses in banking, enhance customer security and reduce attacks?

Quick Briefs: Top Banking & Finance Cybersecurity Insights 

The Security Risks of Contactless Payments

3-Minute Read 🕒 

Contactless payments were on the rise before the pandemic, but their adoption soared during it. According to an article by FintechTimes.com, 51% of people adopted mobile wallets and radio frequency ID payment cards at the beginning of the pandemic, and 58% of people said they were more likely to use contactless payments than they were prior to the pandemic.

Contactless payments present security risks not just to retailers, but to banks and financial institutions that process the payments. Using it, attackers can create cloned cards or launch a variety of scams.

Self-Assessment: How You Can Improve Financial Services Cybersecurity

6-Minute Read 🕒

Finance cybersecurity affects everyone, from chief information officers within an organization to the consumers who use its services. Following the bare minimum of standards and regulations is not enough to ensure customers’ privacy and their funds. That’s even more true when dealing with funds not covered by Federal Deposit Insurance Corp. insurance, such as cryptocurrency.

When it comes to finance cybersecurity, a self-assessment can help you increase your organization’s database security and mitigate risks. Present these questions to your team at least quarterly, with a mindset of willingness to change:

  • Do you understand the finance cybersecurity risks and threats facing you?
  • Are you running security assessments?
  • Do you have a security-minded culture?
  • Are the right human and financial…

Source…

What was in store in the first quarter? Q1 2022 threat roundup

/in


The threat landscape is as active as ever.

This past quarter, Communication Service Providers that use Allot Secure saw several interesting new threats., including several threats that we thought had disappeared.

Here are three things that we found:

  • A rise and resurgence of banker trojans and other malware
  • Cryptocurrency trading scams
  • An explosion of adware

This is covered in-depth in Allot’s latest threat bulletin.

A banker trojan is a malicious computer program designed to gain access to privileged information from an online banking system. The Bian Banking Trojan was first discovered in 2019 and then went silent. However, it’s back. Allot security researchers have seen a resurgence since November 2021.

Allot researchers identified several hundred thousand blocks of the Coper banking trojan. First discovered in Colombia, it has spread to other parts of Latin America and has also been identified in Europe.

Allot researchers have also identified and blocked the Emotet malware. EUROPOL, the European Union’s law enforcement agency, announced that they disrupted the Emotet botnet in early January 2021. But it’s back.

Website spoofing is the act of creating a fake website to mislead visitors that the website is a different one. The website usually has a similar design as the real website.

For example, millions of subscribers of CSPs using Allot Secure were protected from website spoofing from a popular cryptocurrency trading site, Gate.io.

The site’s popularity made it a target for a lookalike site so criminals can trick users into giving up their credentials.

Want to see what the real and spoofed site look like? Read the threat bulletin.

The past few months also saw a rise in adware. We saw many cases of Fyben, targeting devices running Android. While Fyben is not a new threat, Allot security researchers identified a significant increase in blocks.

For the complete analysis and further details, check out our March threat bulletin.

Source…

The Hack Roundup: White House Sanctions Russia over SolarWinds

/in


The Biden administration assigned responsibility for a hacking campaign that used software from the firm SolarWinds to infiltrate nine federal agencies and 100 private-sector companies to Russia in conjunction with extensive sanctions on public- and private-sector Russian entities. 

“Today the United States is formally naming the Russian Foreign Intelligence Service (SVR), also known as APT 29, Cozy Bear, and The Dukes, as the perpetrator of the broad-scope cyber espionage campaign that exploited the SolarWinds Orion platform and other information technology infrastructures,” reads a fact sheet the White House released Thursday on the sanctions and other actions to impose costs for the cyber intrusion and other activities the White House deemed harmful. “The U.S. Intelligence Community has high confidence in its assessment of attribution to the SVR.”

The Treasury Department acted on an executive order the president issued designating the SVR as well as six companies—ERA Technopolis; Pasit, AO (Pasit); Federal State Autonomous Scientific Establishment Scientific Research Institute Specialized Security Computing Devices and Automation (SVA); Neobit, OOO (Neobit); Advanced System Technology, AO (AST); and Pozitiv Teknolodzhiz, AO (Positive Technologies)—as blocked from interacting with any U.S. entity. The sanctions were part of a large package brought on by the SolarWinds hack as well as ransomware activity, interference with the 2020 election and other aggressive Russian activities, according to an agency press release. 

“The private and state-owned companies designated today enable the Russian Intelligence Services’ cyber activities,” the release said. “These companies provide a range of services to [Russia’s Federal Security Service], [Russia’s Main Intelligence Directorate], and SVR, ranging from providing expertise, to developing tools and infrastructure, to facilitating malicious cyber activities.”

The administration is also considering further action under Executive Order 13873 to protect the Information and Communications Technology supply chain by banning related imports, according to the fact sheet. 

The U.S. also expelled 10 Russian diplomats…

Source…

Cyber Security Roundup for January 2021

/in


A suspected nation-state sophisticated cyber-attack of SolarWinds which led to the distribution of a tainted version the SolarWinds Orion network monitoring tool, compromising their customers, dominated the cyber headlines in mid-December 2020.  This was not only one of the most significant cyberattacks of 2020 but perhaps of all time. The United States news media reported the Pentagon, US intelligence agencies, nuclear labs, the Commerce, Justice, Treasury and Homeland Security departments, and several utilities were all compromised by the attack. For the full details of the SolarWinds cyber-attack see my article Sunburst: SolarWinds Orion Compromise Overview

Two other cyberattacks are possibly linked to the SolarWinds hack was also reported, the cyber-theft of sophisticated hacking tools from cybersecurity firm FireEye, a nation-state actor is suspected to be responsible. And the United States National Security Agency (NSA) advised a VMware security vulnerability was being exploited by Russian state-sponsored actors.

Amidst the steady stream of COVID-19 and Brexit news reports, yet another significant ransomware and cyber-extortion attack briefly made UK headlines. Hackers stole confidential records, including patient photos, from UK cosmetic surgery chain ‘The Hospital Group’, and threatening to publish patient’s ‘before and after’ photos. The UK cosmetic surgery firm, which has a long history of celebrity endorsements, confirmed it was the victim of a ransomware attack, and that it had informed the UK’s Information Commissioner’s Office about their loss of personal data.

Spotify users had their passwords reset after security researchers alerted the music streaming platform of a leaky database which held the credentials of up to 350,000 Spotify users, which could have been part of a credential stuffing campaign. Security researchers at Avast reported 3 million devices may have been infected with malware hidden within 28 third-party Google Chrome and Microsoft Edge extensions.

A McAfee report said $1 Trillion was lost to cybercrime in 2020, and companies remained unprepared for cyberattacks in 2021.

Stay safe and secure.

BLOG

VULNERABILITIES AND SECURITY…

Source…