Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Bank Security. Show all posts
NSA
Bank Security Banking Security CISA Cyber Security cybersecurity concerns Financial Institutions Hacker attack Iran hackers Iran-based hacker group Iranian cyber attack NSA

Iranian Hackers Threaten More Trump Email Leaks Amid Rising U.S. Cyber Tensions

 

Iran-linked hackers have renewed threats against the U.S., claiming they plan to release more emails allegedly stolen from former President Donald Trump’s associates. The announcement follows earlier leaks during the 2024 presidential race, when a batch of messages was distributed to the media. 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) responded by calling the incident “digital propaganda,” warning it was a calculated attempt to discredit public officials and mislead the public. CISA added that those responsible would be held accountable, describing the operation as part of a broader campaign by hostile foreign actors to sow division. 

Speaking virtually with Reuters, a hacker using the alias “Robert” claimed the group accessed roughly 100 GB of emails from individuals including Trump adviser Roger Stone, legal counsel Lindsey Halligan, White House chief of staff Susie Wiles, and Trump critic Stormy Daniels. Though the hackers hinted at selling the material, they provided no specifics or content. 

The initial leaks reportedly involved internal discussions, legal matters, and possible financial dealings involving RFK Jr.’s legal team. Some information was verified, but had little influence on the election, which Trump ultimately won. U.S. authorities later linked the operation to Iran’s Revolutionary Guard, though the hackers declined to confirm this. 

Soon after Trump ordered airstrikes on Iranian nuclear sites, Iranian-aligned hackers began launching cyberattacks. Truth Social, Trump’s platform, was briefly knocked offline by a distributed denial-of-service (DDoS) attack claimed by a group known as “313 Team.” Security experts confirmed the group’s ties to Iranian and pro-Palestinian cyber networks. 

The outage occurred shortly after Trump posted about the strikes. Users encountered error messages, and monitoring organizations warned that “313 Team” operates within a wider ecosystem of groups supporting anti-U.S. cyber activity. 

The Department of Homeland Security (DHS) issued a national alert on June 22, citing rising cyber threats linked to Iran-Israel tensions. The bulletin highlighted increased risks to U.S. infrastructure, especially from loosely affiliated hacktivists and state-backed cyber actors. DHS also warned that extremist rhetoric could trigger lone-wolf attacks inspired by Iran’s ideology. 

Federal agencies remain on high alert, with targeted sectors including defense, finance, and energy. Though large-scale service disruptions have not yet occurred, cybersecurity teams have documented attempted breaches. Two groups backing the Palestinian cause claimed responsibility for further attacks across more than a dozen U.S. sectors. 

At the same time, the U.S. faces internal challenges in cyber preparedness. The recent dismissal of Gen. Timothy Haugh, who led both the NSA and Cyber Command, has created leadership uncertainty. Budget cuts to election security programs have added to concerns. 

While a military ceasefire between Iran and Israel may be holding, experts warn the cyber conflict is far from over. Independent threat actors and ideological sympathizers could continue launching attacks. Analysts stress the need for sustained investment in cybersecurity infrastructure—both public and private—as digital warfare becomes a long-term concern.
Read more »
United States
Bank Security Generative AI KPMG Survey Technology United States

Generative AI May Handle 40% of Workload, Financial Experts Predict

 

Almost half of bank executives polled recently by KPMG believe that generative AI will be able to manage 21% to 40% of their teams' regular tasks by the end of the year. 
 
Heavy investment

Despite economic uncertainty, six out of ten bank executives say generative AI is a top investment priority this year, according to an April KPMG report that polled 200 U.S. bank executives from large and small firms in March about the tech investments their organisations are making. Furthermore, 57% said generative AI is a vital part of their long-term strategy for driving innovation and remaining relevant in the future. 

“Banks are walking a tightrope of rapidly advancing their AI agendas while working to better define the value of their investments,” Peter Torrente, KPMG’s U.S. sector leader for its banking and capital markets practice, noted in the report. 

Approximately half of the executives polled stated their banks are actively piloting the use of generative AI in fraud detection and financial forecasting, with 34% stating the same for cybersecurity. Fraud and cybersecurity are the most prevalent in the proof-of-concept stage (45% each), followed by financial forecasting (20%). 

Nearly 78 percent are actively employing generative AI or evaluating its usage for security or fraud prevention, while 21% are considering it. The vast majority (85%) are using generative AI for data-driven insights or personalisation. 

Senior vice president of product and head of AI at Alphasense, an AI market intelligence company, Chris Ackerson, stated that banks are turning to third-party providers for at least certain uses since the present rate of AI development "is breathtaking." 

Alphasense the and similar companies are being used by lenders to streamline their due diligence procedures and assist in deal sourcing in order to identify potentially lucrative possibilities. The latter, according to Ackerson, "can be a revenue generation play," not merely an efficiency increase. 

As banks include generative AI into their cybersecurity, fraud detection, and financial forecasting responsibilities, ensuring that their employees understand how to appropriately use generative AI-powered solutions has become critical to assuring a return on investment. 

Training staff on how to use new tools or software is "a big element of all of this, to get the benefits out of the technology, as well as to make sure that you're upskilling your employees," Torrente stated. 

Numerous financial institutions, particularly larger lenders, are already investing in such training as they implement various AI tools, according to Torrente, but banks of all sizes should prioritise it as consumer expectations shift and smaller banks struggle to remain competitive.
Read more »
Financial Security
Bank Security Credit Card Credit Card Fraud Credit Cards Cyber Security Digital Wallet Financial Security

Virtual Credit Cards: How They Work, Benefits, and Security Features

 

Virtual credit cards are digital versions of traditional credit cards, designed to enhance security in online transactions. Instead of using a physical card number, they generate a unique number for each purchase, reducing the risk of data breaches and fraud. If compromised, a virtual card can be canceled without affecting the main credit card account, making it a valuable security tool. 

Many issuers also provide immediate access to virtual cards upon account approval, allowing users to shop before receiving their physical card. Virtual credit cards function by generating a random 16-digit number linked to a real credit card account. They can be used for online purchases, certain phone transactions, and even in physical stores if added to a digital wallet like Apple Pay or Google Pay. Unlike traditional cards, virtual cards often allow users to set expiration dates and spending limits, giving them greater control over their transactions. Although similar, virtual credit cards are different from digital wallets. 

Digital wallets, such as Apple Pay and Google Pay, store actual card details and other digital assets, while virtual cards generate new numbers for each transaction, offering more protection against cyber threats. However, virtual cards do have limitations—they may not be accepted at all physical locations and can pose challenges for hotel or rental car bookings that require a physical card. Additionally, not all credit card issuers offer virtual cards. To obtain a virtual credit card, users should check if their issuer provides this feature. 

Some banks, like Capital One and Citi, offer virtual card numbers through browser extensions or account portals. Others, such as Chase and Wells Fargo, do not provide one-time-use virtual cards but allow integration with digital wallets. Once generated, users can adjust settings like spending limits and expiration dates to enhance security. While virtual credit cards add an extra layer of protection, they are not entirely foolproof. Hackers may still access an active virtual card, but most issuers provide fraud protection, ensuring users aren’t liable for unauthorized transactions. 

If compromised, a virtual card can be canceled and replaced without changing the main account number. To further enhance online security, consumers can use digital wallets, secure payment platforms like PayPal, and avoid storing payment details in web browsers. Using strong passwords, shopping only on secure networks, and enabling multi-factor authentication also help prevent fraud. 

For those interested in a virtual credit card, the process is simple—choose a card that offers this feature, apply through the issuer’s secure site, and access a virtual number upon approval. By integrating virtual credit cards into their payment methods, users can enjoy safer and more controlled online transactions.
Read more »
Technology
Bank Security Credit Card data security Finance Personal Data Slim CD Technology

The Slim CD Data Breach: 1.7 Million Credit Cards Compromised


Credit card security has always been a challenge for users, as hackers try innovative ways to lure the victims. In a massive data breach, payment gateway provider Slim CD (it offers payment processing services for both online and offline merchants) revealed it has suffered a data breach that impacted credit card and personal data that belongs to around 1.7 million users. 

About Slim CD Breach

Like recent data breaches, your personal information could now be with threat actors, and it is not your fault. This blog covers details related to the breach, and the steps you can take to protect your credit card and avoid misuse of credit card numbers.

In the notification sent to affected victims, Slim CD said hackers gained access to its network for almost a year, from August 2023 to June 2024. But they could only steal credit card details between June 14 and 15 of this year.

Earlier this year in June, Slim CD found that suspicious users had access to its systems. After that, the company launched an inquiry, which revealed that hackers had first gained entry into the networks in August 2023. The stolen data includes physical addresses, full names, credit card numbers and card expiry dates. Luckily, card verification numbers or CVVs weren't stolen, the company says.

Experts believe that without CVV, hackers can't do much with the stolen credit card data or make any fraudulent transactions with your credit card. But the risk of credit card fraud is still there.

How to protect yourself?

Generally, if you suffer a major data breach, the company offers free access to either credit monitoring or identity theft protection services. But in the case of Slim CD, it isn't doing anything like this for affected users.

What have we learned?

The Slim CD incident has highlighted various gap areas for both businesses and customers.

1. Robust Security Measures: Investment is crucial in this area this includes encryption, two-factor authentication, and frequent security audits. These steps can help protect against unauthorized attempts at stealing sensitive info.

2. Monitoring: Customers should frequently keep an eye on their bank statements and credit reports for any suspicious activity. Threat detection at an early stage can reduce the damage caused by a data breach.

3. Quick Response: In the event of a data breach, a fast response becomes important. Informing impacted individuals and offering support can help minimize the damage and rebuild trust.

4. Being Informed and Educated: Both companies and customers should be aware about the basic safety steps needed to be safe from a data breach. For businesses awareness programs and training campaigns can provide certain help.

Read more »
Vulnerability management
Bank Security Bitcoin Digital Assets Technology Vulnerability management

Xapo Bank Aims To Boost Bitcoin Safety With Tech And Bunkers

 

Satoshi Nakamoto, the pseudonymous developer of Bitcoin, published the system's whitepaper in 2008, bluntly criticising financial institutions and the confidence they demand. However, in 2010, one of the most notable Bitcoin collaborators in its early days and the recipient of the first Bitcoin transaction in history, cypherpunk and cryptography specialist Hal Finney, predicted the existence of bitcoin banks. Today, bitcoin-native banks such as Xapo Bank exist in this grey area between the ethos and the potential deployment of this system across the global financial sector. 

Finney claims that Xapo Bank, which was founded in 2013, is among the leaders in the custodial space of Bitcoin. Wences Casares, an Argentinean entrepreneur and innovator who is well-known in Silicon Valley for his support of this technology, developed it as a solution for his friends and family. However, it expanded significantly. Currently, it is one of the few fully licensed banks in the world that deals with Bitcoin and other digital assets. 

Its business idea combines cutting-edge Bitcoin technology with a physical bunker in the Swiss highlands. This physical location blends old-fashioned Swiss standards with the latest safety technology. It's an atomic bunker that serves as the foundation of what Xapo provides its clients: high-quality security for digital assets. Xapo is exploring new technical opportunities. The custody business is dominated by multi-signature solutions, but the greatest alternative and security solution for the Gibraltar-registered bitcoin bank is the multi-party computation protocol. On a broad level, MPC enables several parties to share information without fully exposing the shared data. 

In the case of Xapo, this works by breaking the digital asset master private key into several unique fragments known as "key shares," which Xapo Bank has stored and distributed in hidden places around the world, including the Swiss bunker. The MPC protocol ensures that participants' contributions remain private during key creation and signing, without being revealed. This functionality assures that no single participant in the quorum has total access to or control over the stored assets, reducing the chance of collusion to nearly zero. 

"MPC is a much more modern and secure setup compared to a still more popular multi-signature approach. The fact that the private key is not put together at any point in the transaction means there is no moment it can be potentially exposed or hacked, which is not the case with the more traditional multi-sig technology," Xapo Bank's Chief Technology Officer, Kamil DziubliÅ„ski, stated. 

However, there are threats and concerns, even with a movie-style bunker and this novel method of securing the keys and transaction signing process. Security threats include hacking and phishing attempts. Financial risks include money laundering, terrorist financing, and various types of financial attacks.
Read more »
passkeys for account protection
Bank Security Cyber Security passkeys for account protection

Passkeys Aren't Foolproof: New Study Reveals Vulnerabilities in Popular Authentication Method

 

Despite their growing popularity, passkeys are not as secure as many believe. According to Joe Stewart, principal security researcher at eSentire's Threat Response Unit (TRU), many online accounts using passkeys can still fall victim to adversary-in-the-middle (AitM) attacks. This issue stems not from the passkeys themselves but from their implementation and the need for account recovery options. Passkeys, a password-less authentication method, aim to provide secure access to online accounts like banking, e-commerce, and social media. 

However, an eSentire study found that poor implementation of passkeys, such as less secure backup authentication methods, allows AitM attacks to bypass this security. In these attacks, the adversary modifies the login prompts shown to users, controlling the authentication flow by altering the HTML, CSS, images, or JavaScript on the login page. 

This manipulation can make the passkey option disappear, tricking users into using less secure backup methods like passwords. Stewart's research demonstrated how open-source AitM software, like Evilginx, can deceive users of services like GitHub, Microsoft, and Google. By slightly modifying scripts (phishlets) that capture authentication tokens and session cookies from real login pages, attackers can make users believe they are on the genuine site. 

The attacker then captures the user's credentials and authentication tokens, allowing them to maintain access to the account. The study highlights that most passkey implementations are vulnerable to similar attacks. Backup methods such as passwords, security questions, SMS codes, and email verifications are prone to AitM attacks. Only methods like social trusted contacts recovery, KYC verification, and magic links offer better protection, though they can be cumbersome. 

To enhance security, Stewart recommends using multiple passkeys, including a FIDO2 hardware key, which is secured by a PIN. As passkey adoption grows, magic links remain a secure backup method for account recovery in case of passkey loss or AitM attacks. While passkeys offer a promising alternative to traditional passwords, their current implementation can leave accounts vulnerable. Users and developers must adopt stronger backup methods and remain vigilant against AitM attacks.
Read more »
Security Audit
Bank Security bfsi CIO CISO Cybersecurity PenTesting Security Audit

The Importance of Whitelisting Scanner IPs in Cybersecurity Assessments


In the realm of cybersecurity, ensuring the safety and integrity of a network is a multifaceted endeavor. One crucial aspect of this process is the regular assessment of potential vulnerabilities within the system. As a cybersecurity professional, our work revolves around identifying these vulnerabilities through automated scans and red team exercises, meticulously recording them in a Bugtrack Excel sheet, and collaborating with human analysts to prioritize and address the most critical issues. However, a recurring challenge in this process is the reluctance of some customers to whitelist the IP addresses of our scanning tools.

The Role of Whitelisting in Accurate Assessments

Whitelisting the scanner IP is essential for obtaining accurate and comprehensive results during security assessments. When the IP address of the scanning tool is whitelisted, it allows the scanner to perform a thorough evaluation of the network without being hindered by security measures such as firewalls or intrusion detection systems. This unrestricted access enables the scanner to identify all potential vulnerabilities, providing a realistic picture of the network's security posture.

The Reluctance to Whitelist

Despite the clear benefits, many customers are hesitant to whitelist the IP addresses of cybersecurity vendors. The primary reason for this reluctance is the perception that it could expose the network to potential threats. Customers fear that by allowing unrestricted access to the scanner, they are inadvertently creating a backdoor that could be exploited by malicious actors.

Moreover, there is a prevalent falsity in this approach. By not whitelisting the scanner IP, the results of the security assessments are often incomplete or misleading. The scanners may miss critical vulnerabilities that are hidden behind security measures, resulting in a report that underestimates the actual risks. Consequently, the management and auditors, relying on these reports, task the IT team with addressing only the identified issues, leaving the undetected vulnerabilities unaddressed.

The Illusion of Security

This approach creates an illusion of security. The customer, management, and auditors may feel satisfied with the apparent low number of vulnerabilities, believing that their network is secure. However, this false sense of security can be detrimental. Hackers are relentless and innovative, constantly seeking new ways to infiltrate networks. They are not deterred by the same security measures that hinder our scanners. By not whitelisting the scanner IP, customers are effectively blinding themselves to potential threats that hackers could exploit.

The Hacker's Advantage

Hackers employ manual methods and conduct long-term reconnaissance to find vulnerabilities within a network. They utilize a combination of sophisticated techniques and persistent efforts to bypass security measures. The tools and strategies that block scanner IPs are not effective against a determined hacker's methods. Hackers can slowly and methodically map out the network, identify weaknesses, and exfiltrate data without triggering the same alarms that automated scanners might. This means that even if a scanner is blocked, a hacker can still find and exploit vulnerabilities, leading to potentially catastrophic breaches.

The Need for Continuous and Accurate Scanning

Security scanners need to perform regular assessments—daily or weekly—to keep up with the evolving threat landscape. For these scans to be effective, the scanner IP must be whitelisted to ensure consistent and accurate results. This repetitive scanning is crucial for maintaining a robust security posture, as it allows for the timely identification and remediation of new vulnerabilities.

The Conference Conundrum

Adding to this challenging landscape is the current trend in cybersecurity conferences. Instead of inviting actual security researchers, security engineers, or architects who write defensive software, many conferences are being hosted by OEM vendors or Consulting organizations. These vendors often showcase the users of their security products rather than the experts who develop and understand the intricate details of cybersecurity defense mechanisms. This practice can lead to a superficial understanding of security products and their effectiveness, as the focus shifts from in-depth technical knowledge to user experiences and testimonials.

Conclusion

In conclusion, the reluctance to whitelist scanner IPs stems from a misunderstanding of the importance of comprehensive and accurate security assessments. While it may seem counterintuitive, whitelisting these IP addresses is a necessary step in identifying and addressing all potential vulnerabilities within a network. 

By embracing this practice, customers can move beyond the illusion of security and take proactive measures to protect their networks from the ever-evolving threats posed by cybercriminals. The ultimate goal is to ensure that both the customer and their management are genuinely secure, rather than merely appearing to be so. Security measures that block scanner IPs won't thwart a dedicated hacker who uses manual methods and long-term reconnaissance. Thus, comprehensive vulnerability assessments are essential to safeguarding against real-world threats. Additionally, there needs to be a shift in how cybersecurity conferences are organized, prioritizing the inclusion of true security experts to enhance the industry's collective knowledge and capabilities.

--

Suriya Prakash and Sabari Selvan

CySecurity Corp 

Read more »
WiFi
Bank Security Cyber Attacks Hacker Personal Data WiFi

5 Signs Your Wi-Fi Has Been Hacked: Protect Your Bank Details

5 Signs Your Wi-Fi Has Been Hacked: Protect Your Bank Details

The tech company Aura sent its experts to investigate the telltale indicators that cybercriminals have overcome your wi-fi. A hacker can access all of your sensitive information through your wifi in a number of methods, and it's far easier to detect than you might believe.

In the event that this occurs, outsiders will have access to your bank account information and other private information. They may even be able to listen in on your private discussions with loved ones, parents, or other family members.

However, you can tell if your wifi has been hacked or not by looking for these five indicators:

1. Reduced internet speed

If your internet provider is normally trouble-free, an abrupt and unusual slowdown in your access to the internet may indicate that hackers have attacked your router.

2. Finding strange devices or IP addresses

Unknown gadgets, sometimes known as rogue devices, may indicate that hackers are trying to access private data from your router.

If you see this, you need to check if any unidentified devices are included in the list of connected devices by logging in to your router's IP address, which is typically found on the router itself.

3. Suddenly, the Wi-Fi password has changed

Should this occur without warning, there may be a connection to hacker activity.

You won't be able to access the router and resolve the problem on your own because these annoying hackers typically alter your login credentials after they have access.

4. Unknown or new software installed on your devices

If you notice any strange new software on your device, it can be a sign that hackers have been targeting your network and maybe installing malware.

5. Strange activities on your web browser

You will almost certainly notice this: if your browser starts directing you to strange websites, it's possible that hackers have altered your DNS settings. You may also notice things like ransomware messages appearing that purport to have sensitive data or photos, suggesting that hackers may have gained access to your router.

Fake purchasers will often contact real sellers of goods and appear to be interested in making a purchase in an attempt to obtain your private information.

The scammer would then lie and claim to have transferred monies that are only available through a dubious link, so the transaction never actually happens.

Usually, the link is a phishing one, where the seller enters their bank card information thinking they will get money, but inadvertently allows their account to be drained. There are, nevertheless, safety measures you can do. Downloading antivirus software would help prevent those hackers from getting near you.

Read more »
User Privacy
Bank Security Cyber Fraud Data Safety Internet Scam UK Banks United Kingdom User Privacy

UK Banks Issue a Warning Regarding an Upsurge in Internet Scams

 

Banks have issued a warning about a sharp rise in fraud in 2022, much of it coming from online sources. 77% of frauds now take place on dating apps, online markets, and social media., Barclays reported.

According to TSB, the major causes of this were an enormous rise in impersonation, investment, and purchase fraud instances. It was discovered that fraudulent listings on Facebook Marketplace had doubled, while impersonation frauds on WhatsApp had increased thrice in a year. 

Additionally, it claimed that there had been "huge fraud spikes" on Meta-owned platforms including Facebook and WhatsApp. Fraud, according to a spokesperson for Meta, is "an industry-wide issue," the BBC reported. 

"Scammers are using increasingly sophisticated methods to defraud people in a range of ways, including email, SMS, and offline," the company stated. "We don't want anyone to fall victim to these criminals, which is why our platforms have systems to block scams, financial services advertisers now have to be FCA (Financial Conduct Authority)-authorised and we run consumer awareness campaigns on how to spot fraudulent behaviour." 

"Epidemic of scams" 

Banks are dealing with an "epidemic of scams," according to Liz Ziegler, director of fraud protection for Lloyds Banking Group. 

"With more than 70% of fraud starting with contact through the main tech platforms, these companies must be held responsible for stopping scams at source and putting things right for innocent victims," she explained. 

Three million people in the UK would become victims of fraud in 2022, NatWest CEO Alison Rose previously warned a Treasury Select Committee. 

She stated, "we have seen an 87% increase in fraud," noting that NatWest believed that 60% of frauds started on social media and other internet platforms. 

Meanwhile, TSB stated 60% of purchase fraud cases of which it is aware - where a fraudster offers an item they never intend to send to the customer - occurs on Facebook Marketplace, and two-thirds of impersonation fraud cases it sees are happening on WhatsApp, The bank claims that 2,650 refunds covering these incidents were given out last year. 

According to Paul Davis, TSB's director of fraud prevention, social media companies "must urgently clean up their platforms" to safeguard users. 

Returned funds 

56% of the total money was lost to scammers in the first half of 2022, according to the most recent data from UK Finance, which represents the banking and finance industry. 

The Contingent Reimbursement Model Code, which intends to pay consumers if they fall victim to an Authorised Push Payment (APP) scam "and have acted appropriately," has been endorsed by many institutions, including NatWest, Lloyds, and Barclays. 

A consumer may be duped into sending money to a fraudulent account through an APP scam. However, TSB asserts that it reimburses victims in 97% of the fraud incidents it observes and is urging other organisations to do the same.
Read more »
Trojan
Bank Security Banking Trojan Banks malware Trojan

Octo: A New Malware Strain that Targets Banking Institutions

 

Last year, an Android banking malware strain was found in the open, few organizations called it "Coper," belonging to a new family, however, ThreatFabric intelligence hinted it as a direct inheritance of the infamous malware family Exobot. Found in 2016, Exobot used to target financial institutions until 2018, these campaigns were focused in France, Turkey, Thailand, Germany, Japan, and Australia. Following the incident, another "lite" variant surfaced, named ExobotCompact by the developer famous as "Android" on the dark web. 

Analysts from ThreatFabric established a direct connection between ExobotCompact and the latest malware strain, named "ExobotCompact.B." The latest malware strain surfaced in November 2021, named ExobotCompact.D. "We would like to point out that these set of actions that the Trojan is able to perform on victim’s behalf is sufficient to implement (with certain updates made to the source code of the Trojan) an Automated Transfer System (ATS)," says ThreatFabric report. The recent actions by this malware family involve distribution via various malicious apps on Google Play Store. 

The apps were installed more than 50k times, targeting financial organizations around the world, including broad and generic campaigns having a high number of targets, along with focused and narrow campaigns across Europe. Earlier this year, experts noticed a post on a dark web forum, a user was looking for an Octo Android botnet. Later, a direct connection was found between ExobotCompact and Octo. Interestingly, ExobotCompact was updated with various features and rebranded as Octo, bringing remote access capability, therefore letting malicious actors behind the Trojan to perform on-device fraud (ODF). 

ODF is the riskiest, most dangerous fraud threat. Here, transactions begin from the same device that a target uses on a daily basis. Here, anti-fraud programmes are challenged to detect the scam activity with less in number malicious indicators and different fraud done via different channels. ThreatFabric reports, "to establish remote access to the infected device, ExobotCompact.D relies on built-in services that are part of Android OS: MediaProjection for screen streaming and AccessibilityService to perform actions remotely."
Read more »
United Nations
Bank Security Cyber Attacks cybercriminals IP Address Phishing and Spam Phishing email United Nations

Users at Citibank Attacked by a Massive Phishing Scam

 

Scammers impersonating Citibank are now targeting customers in an online phishing campaign. Thousands of bogus email messages were sent to bank customers, according to Bitdefender's Antispam Lab, with the intent of collecting sensitive personal information and internet passwords. 

Responding to unusual activities or an unauthorized login attempt, the accounts have been placed on hold. As a result, the attackers claim all users should authenticate existing accounts as soon as possible to avoid a permanent ban.

According to Bitdefender's internal telemetry, these campaigns are focused primarily on the United States, with 81 percent of the phishing emails sent ending up in the mailboxes of American Citibank customers. However, it has also reached the United Kingdom (7 percent), South Korea (4 percent), and a small number have indeed made it to Canada, Ireland, India, and Germany. When it comes to the origins of these phishing attacks, 40% of the phoney emails appear to have come from the United States, while 13% came via IP addresses in Mexico. 

The cybercriminals behind the effort utilize email subject lines like "Account Confirm Confirmation Required," "Second Reminder: Your Account Is On Hold," and "Account Confirm Confirmation Required" to deceive Citibank clients into opening the emails. Other subject lines were, "Urgent: Account Confirmation Required," "Security Alert: Your Account Is On Hold," and "Urgent: Your Citi Account Is On Hold." 

Since some of the phishing emails in the campaign use the official Citibank logo to make them appear more real, the scammers who sent them did not take the time to correctly fake the sender's email address or repair any punctuation issues in the email body.

Citing phoney transactions or payments, and also questionable login attempts is another strategy used to create these phishing emails which appear to be from Citibank itself, to fool potential victims into authenticating actual accounts. When victims click the verify button, users are taken to a cloned version of the legitimate Citibank homepage. However, if a Citibank customer goes this far, fraudsters will steal the credentials and utilize them in future assaults. 

Bitdefender has discovered another large-scale phishing campaign that went live between February 11 and 15, 2022, offering victims the opportunity to seek cash compensation from the United Nations. The challenge in this situation is to identify the beneficiary as a scam victim, one of the 150 people who were declared eligible for a $5 million payout from Citibank. 

Banks rarely send SMS or email alerts to customers about critical account changes, thereby users can contact the bank and ask to speak to an agent if they receive a message which makes strong claims. Instead of calling the phone numbers included in the email, users should go to the bank's official website and look up the information on the contact page.
Read more »
data security
Bank Security Banking CSI Cyber Security CyberCrime data security

Bankers Worried About Data Security, CSI Research Suggests

Research published by Consumer Services (CSI) reveals increasing threats among bank executives in hiring new talent and facing cybercrime threats as a challenge. The survey received 279 executive responses from the banking sector nationwide, bankers listed cybersecurity dangers (26%) and hiring employees (21%) as the top problems in 2022. 

The survey results, suggesting respondents from different bank asset sizes, provide an alternate look into how these organizations tackle concerning issues like compliance, technological innovations, and customer expectations. 

For example, to improve user experience and increase market shares, banks are promoting the use of digital tools, like account opening (51% responses), customer relationship management (43% responses), and digital loans (36% respondents). 

CSI is a leading fintech, regtech, and cybersecurity solutions partner operating at the intersection of innovation and service. It excels at driving the business forward with a unique blend of cutting-edge technology, effortless integration, and a commitment to authentic partnerships defined by our customer-first culture. 

Customers have raised the bar in expectations from banks, and the latter should respond accordingly, says David Culbertson, CSI president, and CEO. The data is paired with banks' aspirations to improve digital tools, the banking industry is moving towards a digital-first mindset and aiming for digital advancement. Interestingly, bank leaders also aspire to open banking for growth, particularly for digital progress. 

The latest research suggests how banking institutes measure their personal growth in the rising digital landscape scenario. "For example, although executives on average rated their institutions a healthy 4/5 on compliance readiness, regulatory changes remain top of mind, with 14% of respondents naming it their primary concern.," reports HelpNet Security. 

Keeping the new administration in mind, bankers have mentioned "data privacy" (39% responses) and CECL (20% responses) as the most needed measures for banking institutions. "The continuation of remote work will make this a critical component, along with new asset types such as cryptocurrencies being adopted, and increasing privacy regulations. 

On the other hand, ransomware is expected to remain a challenge alongside a bigger looming threat from quantum computing, which holds the potential to defeat modern encryption systems," reports HelpNet Security.

Read more »
Hacking Accounts
Bank Security Banking fraud Banking scam Cyber Crime Hacking Accounts

Breach into Mahesh Bank's Servers, Transfer Massive Amounts

 

The investigation into the hacking of A.P. Mahesh Co-operative Urban Bank Limited's servers has been taken up by Hyderabad city police's cybercrime officials.

The Bank has achieved a position of prominence by not sacrificing the spirit of cooperative ideals, while also attempting to integrate and implement innovative techniques of work organization and administration, all while remaining committed to its goals.

According to authorities, the incident occurred around 12 p.m. after bank staff discovered unauthorized access and over Rs. 12.50 crore was deposited to more than 100 trust funds in Telangana. Nearly 2.5 crores of the combined worth of the unauthorized charges have already been frozen by the police. Some individuals hacked into the bank's servers before logging into the major accounts and transferring the funds to over 100 separate bank accounts. 

The fraud was discovered by bank personnel, and a report was filed at the Hyderabad Cybersecurity police station after testing. A preliminary investigation was undertaken by the police, who investigated Mahesh Bank's main branch and examined the security features and procedures used by the management. Bank payment channels operate 24 hours a day, seven days a week, including holidays, and officials are constantly monitoring them. 

Three clients in Mahesh Bank's two city branches were reportedly questioned about the scam. The authorities were also looking into the connection between suspects and account holders at other banks across the country. 

Four teams have been created to examine the crime, according to Addl. Commissioner (Crimes) A.R. Srinivas, and bank personnel in the technical departments have been questioned. The money was transferred to 128 accounts in multiple banks in Delhi, Bihar, and the northeastern provinces by the cybercrooks. 

The RBI has awarded the Bank an Authorised Dealer – Category – II license, allowing it to conduct money transfer activity as well as certain non-trade current account transactions. In the states of Telangana and Andhra Pradesh, Mahesh Bank is the first Co-operative Urban Bank to have this license.

According to a police officer, a case has been filed and an investigating team has visited the bank's core branch. It is worth noting that, this is considered to be the city's first e-fraud attack on a bank.
Read more »
User Security
Bank Cyber Security Bank fraud Bank Security Banks Cyber Risk Cyber Security Finance Financial Regulators RBI User Privacy User Security

How Banks Evade Regulators For Cyber Risks

 


As of late, the equilibrium between the banks, regulators, and vendors has taken a hit as critics claim that banks are not doing enough for safeguarding the personally identifiable information of the clients and customers they are entrusted with. As there has been rapid modernization in internet banking and modes of instant payments, it has widened the scope of attack vectors, introducing new flaws and loopholes in the system; consequently, demanding financial institutions to combat the threat more actively than ever. 

In the wake of the tech innovations that have broadened the scope of cybercrime, the RBI has constantly felt the need to put forth reminders for banks to strengthen their cyber security mechanisms; of which they reportedly fell short. As financial frauds relating to electronic money laundering, identity theft, and ATM card frauds surge, banks have increasingly avoided taking the responsibility.  

It's a well-known fact that banks hire top-class vendors to circumvent cyber threats, however, not a lot of people would know that banks have gotten complacent with their reliance on vendors to the point of holding them accountable for security loopholes and cybersecurity mismanagement. Subsequently, regulators fine the third-party entity, essentially the 'vendors' providing diligent cyber security risk management to the banks.  

The question that arises is that are banks on their own doing enough to protect their customers from cyber threats? Banks need to understand monitoring and management tools available to manage cyber security and mitigate risks. Financial institutions have an inherent responsibility of aggressively combating fraud and working on behalf of their customers and clients to stay one step ahead of threats.  

Banks can detect and effectively prevent their customers' privacy and security from being jeopardized. For instance, banks can secure user transactions by proactively monitoring SMS using the corresponding mobile bank app. They can screen phishing links and unauthorized transactions and warn customers if an OTP comes during a call.  

Further, banks are expected to strictly adhere to the timeframe fixed for reporting frauds and ensuring that customer complaints regarding unscrupulous activities are timely registered with police and investigation agencies. Banks must take accountability in respect of reporting fraud cases of their customers by actively tracking the accounts and interrupting vishing/phishing campaigns on behalf of their customers as doing so will allow more stringent monitoring of the source, type, and modus operandi of the attacks. 

“We are getting bank fraud cases from the customers of SBI and Axis Bank also. It is yet to be verified whether the data has been leaked or not. There might be data loss or it could be some social engineering fraud,” Telangana’s Cyberabad Crimecrime police said. 

“Police said that the fraudsters had updated data of the thousands of customers who received new credit cards and it was a bank’s insider who is the architect of this whole fraud,” reads a report pertaining to an aforementioned security incident by The Hindu.  

“This is a classic case to explain the poor procedure practised by the network providers while issuing SIM cards, and of course the data security system at the banks,” a senior police officer said. 

In relation to the above stated, banks should assume accountability for their customers’ security and shall review and strengthen the monitoring process, while meticulously following the preventive course of action based on risk categorization like checking at multiple levels, closely monitoring credits and debits, sending SMS alerts, and (wherever required) alerting the customer via a phone call. The objective, essentially, is for banks to direct the focus on aspects of prevention, prompt detection, and timely reporting for the purpose of aggregation and necessary corrective measures by regulators which will inhibit the continuity of crime, in turn reducing the ‘quantum’ of loss.  

Besides, vigorously following up with police and law authorities, financial institutions have many chances to detect ‘early warning signals’ which they can not afford to ignore, banks should rather use those signals as a trigger to instigate detailed pre-investigations. Cyber security is a ‘many-leveled’ thing conception, blaming the misappropriations on vendors not only demonstrates the banks’ tendency to avoid being a defaulter but also impacts the ‘recoverability aspects’ like effective monitoring for the customers to a great degree.
Read more »
Russian Cyber Security
Bank Security Cyber Attacks DDOS Attack Russia Russian Cyber Security

The largest banks in Russia were subjected to a large-scale DDoS attack

A new large-scale DDoS attack carried out late in the evening on September 2 led to the system failure of major banks and made some of their services unavailable. Thus, a number of large banks experienced problems with payments and card services for some time.

VTB, Sberbank and Alfa-Bank withstood the attack, but their Internet provider Orange Business Services experienced significant difficulties.

"Everything that went through Internet providers, including land points that are connected by wires, ATMs, POS terminals, did not work for some time," said a bank representative.

"The IT services of our partners and their communication providers faced a DDoS attack, which affected the payment of customers in remote service channels," VTB reported.

Sberbank reported that on September 2, a failure was recorded on the side of an external service provider, which could lead to short delays in the operation of individual services.

"Some reports recorded by the Downdetector resource could be related to problems with one of the local Internet providers," Alfa-Bank reported.

Olga Baranova, Operational Director of Orange Business Services in Russia and the CIS, said that since August 9, the company's cyber threat monitoring center has been recording attacks on financial clients around the clock using capacitive attacks such as Amplification, as well as attacks using encrypted protocols (HTTPS).

"These attacks continue even now. The most powerful one was about 100 Gbps. Moreover, in terms of the number of attacks we detected, this August is comparable to the entire last year," added she.

As explained by the founder and CEO of Qrator Labs, Alexander Lyamin, Amplification attacks are aimed at communication channels, and HTTPS or Application Layer attacks are aimed directly at applications. "DDoS attacks of this type are the most dangerous: they are difficult to detect and neutralize since they can simulate legitimate traffic," noted he.

Read more »
Vulnerabilities and Exploits
Bank Hacking Bank Security Vulnerabilities and Exploits

Vulnerabilities in bank chatbots allow hackers to steal money

Awillix specialists discovered vulnerabilities in bank chatbots that could allow fraudsters to transfer money without the knowledge of customers. Positive Technologies confirmed the risks. The largest banks reported that they limit the functionality of chatbots in messengers. 

It should be noted that about 10% of Russian banks use chatbots: they can be used in messengers, mobile applications, social networks, on the website and in the contact center.

Alexander Gerasimov, Director of Information Security at Awillix, said that chatbots in messengers, which are used for individual account transactions, may be vulnerable to malicious attacks.

The company's specialists checked the security of chatbots in two Russian credit organizations and found similar logical vulnerabilities. They allow obtaining the number and expiration date of cards, as well as finding out the account balance and cell phone number of the client.

"During the pentests, it was possible to log into the test client's account and perform a money transfer operation," Alexander Gerasimov said.

Maxim Kostikov, head of the banking systems security research group at Positive Technologies, confirmed that chatbots can be subject to various vulnerabilities, which depend on their functionality. For example, security problems can allow you to get customer data, get into their personal accounts in the chatbot, and find out the card balance.

According to him, the most popular scenarios of deception are changing the functionality of the chatbot to collect information about the person who uses it, sending malicious software on behalf of a credit institution, replacing the robot with a fraudster during communication, creating fake chatbots of banks. 

"If a person uses a bank chatbot, which is able to make money transfers in the messenger, two-factor authentication can be configured to log into the application to protect funds," stressed Infosystems Jet expert, adding that there is also a danger in cases when an attacker gained direct access to the victim's device physically or as a result of a malicious attack.

Read more »
Russian Cyber Security
Bank Security Cyber Fraud Russia Russian Cyber Security

Russian banks to launch a system against telephone fraud

Financial organizations are planning to launch a pilot project of a system for accounting and analyzing telephone fraud, said Alexey Voilukov, vice president of the Association of Banks of Russia. The service will allow to monitor calls, identify unscrupulous operators and more effectively track the fraudsters.

The Association will present the developments to the regulatory agencies along with proposals for changing the legislation. In order to improve the response to criminal attacks, the project should be implemented on the basis of the site of the supervisory authority, for example, the Ministry of Internal Affairs.

Experts believe that the owner of such a system should be one of the government agencies, authorized to request information from operators about the sources of traffic and to process data containing the secrecy of communications.

"It is necessary to tighten legislation in the field of personal data protection and tighten control over bank employees since fraudsters often obtain information about customers through leaks," added experts.

Tinkoff Bank believes that it will take about a month to test the project after the creation of an interdepartmental anti-fraud group. The bank will become one of the pilot's participants.

Other major credit organizations also supported the idea of implementing the system. The pilot of the project can start as early as the end of 2021 or the beginning of 2022. However, full work will require changes in the law.

According to Tinkoff, the number of malicious calls in the first quarter of 2021 increased 2.3 times compared to the same period in 2020. In addition, about 80% of phone scammers use number spoofing, so after launching the project of the system of accounting and analysis of telephone fraud, it will be much more difficult for them to carry out attacks.


Read more »
Indian Bank
Bank fraud Bank Security Cyber Fraud Indian Bank

Chinese Hackers Target Indian SBI Users Via Phishing

 

Recently Indian officials have reported that China-based cybercriminals are targeting customers of the Indian National Bank State Bank of India (SBI) with phishing scams by offering gifts. Hackers are asking users to update their KYC through a website link as they offer gifts worth around 5 million (INR 50 lakh) from the bank via a WhatsApp message. 

The research wing of New Delhi-based think tank CyberPeace Foundation, in collaboration with Autobot Infosec Pvt Ltd, investigated two similar cases that have targeted SBI customers, as of late. 

"All the domain names associated with the campaign have the registrant country like China," the research team informed IANS. The operational group will send you a message in which you will find a requesting KYC verification, the message will appear to be authentic and will resemble the official SBI online page. 

On clicking the "Continue to login" button, it will redirect the users to a full-kyc.php page, then it will ask them to fill in their credentials like username, password, and a captcha to log in to the online banking. 

"Following this, it asks for an OTP sent to the user's mobile number. As soon as the OTP is entered, it redirects the user to another page that asks the users to enter some confidential information again like account holder name, mobile number, date of birth. After entering the data, it redirects the user to an OTP page," the researchers informed. 

The team of researchers has suggested that the customers should avoid opening such links sent via social platforms, and if anyone finds anything suspicious they are recommended to contact their bank branch.
Read more »
Internet Banking
Bank Ratings Bank Security Cyber Attacks Internet Banking

S&P: Cyberattacks Could Trigger More Rating Actions on Banks

 

Since the Covid pandemic intensified digitalization and remote working, the banking sector is becoming more vulnerable to cybercrime, according to S&P Global Ratings. 

In a report titled "Cyber Risk In A New Era: The Effect On Bank Ratings," the ratings agency stated that cyberattacks can affect credit ratings primarily through reputational damage and potential financial loss. Banks and other financial organizations are potential targets for cyber attackers because they hold valuable personal data and serve specific financial or economic requirements and sectors. 

Credit Analyst Irina Velieva stated, "Cyber attacks have had only a limited effect on bank ratings to date but can trigger more rating actions in the future as cyber incidents become more frequent and complex.”

Meanwhile, S&P stated, "Although it is crucial to learn from previous attacks and strengthen cyber-risk frameworks in real time, the appropriate detection and remediation of attacks takes precedence because the nature of threats will continue to evolve." 

According to the report, the cyber defense will become a more critical aspect of organizations' overall risk management and governance frameworks, necessitating increased expenditures and more advanced tools. The internet banking system is made up of many different programmes, networking devices, internet service providers, and other organizations. All of them are possible points of entry for attackers.

As per the RBI's annual report for 2019-20, the amount involved in banking frauds increased 2.5 times from Rs 71,500 crore in 2018-19 to Rs 1.85 lakh crore in 2019-20. 

Various banks and financial institutions rely on merchants and fintechs to provide third-party services. If outsider merchants don't have adequate security in place, the bank could find itself in hot water. Spoofing is also common when hackers create a website that appears and performs exactly like a financial institution's website's URL. 

When customers enter their login information on a spoof website, the information is stolen and used by those fraudsters later. There are chances that cybercriminals can commit fraud using a person's personal and financial information. A bank's privacy breach might result in the bank's customers' information being sold or purchased on the dark web by other attackers.
Read more »
Ukrainian Cyber Security
Bank Security Cyber Security Ukraine Ukrainian Cyber Security

The largest international phishing center has been blocked in Ukraine

As a result of an international special operation, the Office of the Prosecutor General of Ukraine has stopped the activity of one of the world's largest phishing services for attacks on financial institutions in different countries.

The Prosecutor's Office said that as a result of the work of the phishing center, banks in 11 countries - Australia, Spain, the United States, Italy, Chile, the Netherlands, Mexico, France, Switzerland, Germany and the United Kingdom - were affected. According to preliminary data, the losses reach tens of millions of dollars.

It is reported that a hacker from Ternopil developed a phishing package and a special administrative panel aimed at the web resources of banks and their clients.

"The admin panel allowed to control the accounts of users who registered on compromised resources and entered their payment data, which were later received by the fraudsters. He created his own online store on the DarkNet network to demonstrate the functionality and sell his developments," the Prosecutor's Office explained the algorithm of the center's functioning.

More than 200 active buyers of malicious software were found.

According to the investigation, the hacker did not only sell their products but also provide technical support in the implementation of phishing attacks.

"According to the results of the analysis of foreign law enforcement agencies, more than 50% of all phishing attacks in 2019 in Australia were carried out with the help of the development of the Ternopil hacker," said the Department.

A criminal case has been opened on this fact under the article on unauthorized interference in the operation of computers, automated systems, computer networks, or telecommunications networks, as well as the creation of harmful software products for the purpose of using, distributing, or selling them.

Earlier, the deputy director of the National Coordination Center for Computer Incidents (NCCI), Nikolai Murashov, said that the United States had placed hackers in Montenegro and Ukraine. This was done allegedly under the pretext of protecting the elections.


Read more »
Subscribe to: Posts (Atom)