Financial Services Cybersecurity Weekly Briefing 7-28-2017

Weekly FS Cybersecurity Blast

Weekly FS Cybersecurity Blast

AI Cyber Wars: Coming Soon To A Bank Near You

For example, as firms adopt voice biometrics to make customers’ access to their accounts and information more secure, cyber-criminals can use the same machine learning algorithms to mimic voices and gain unauthorized access. […] Staying one step ahead of the threat is difficult, but forward-thinking financial institutions realize it’s imperative. As financial institutions up their game to protect their assets, three AI priorities have emerged: focusing resources, visualizing the threat, and accelerating response time.

https://www.forbes.com/sites/steveculp/2017/07/21/ai-cyber-wars-coming-soon-to-a-bank-near-you/#3efaea922959

Who’s Responsible For Cybersecurity: The Adviser Or The Firm?

The number and frequency of attacks continue to grow, putting your clients’ money at risk (not to mention your firm’s). Broker-dealers that get hit with cyberattacks not only lose money as a direct result of the incursions, but also lose clients when their reputations take a hit — sometimes at a greater cost than the immediate loss from the financial breach. And if your firm loses clients, you can bet that you’re losing clients —and income — as well.

https://www.financial-planning.com/news/whos-responsible-for-cybersecurity-the-adviser-or-the-firm

Trickbot Malware Now Targets US Banks

The Trickbot banking Trojan is now targeting U.S. banks in new spam campaigns fueled by the prolific Necurs botnet. The malware has grown more potent with the introduction of a customized redirection method as part of its attacks. […] Flashpoint said Necurs has been used in three distinct spam campaigns. “These malicious emails contained a Zip-archived Windows Script File (WSF) attachment consisting of obfuscated JavaScript code. Upon being clicked, the files download and execute the Trickbot loader,” according to researchers.

https://threatpost.com/trickbot-malware-now-targets-us-banks/126976/

Learning From The Financial Sector’s Cybersecurity Regulations

All these institutions and organizations are at risk – great risk – despite the fact that they, too, are regulated to an extent, like financial institutions. What about businesses? What about the manufacturers, retail outlets, and supply chain members that are the fabric of society? What would happen if, for example, hackers were able to disable the system where meat and dairy is distributed to supermarkets from distribution centers for a week? That, too, is critical for the functioning of society – but unlike with banks, there is no one to tell them what to do to defend themselves, and how to do it.

https://www.infosecurity-magazine.com/opinions/learning-financial-cybersecurity/

Protect Against The Fastest-Growing Crime: Cyberattacks

Financial advisors are increasingly aware of this threat, with 81 percent saying cybersecurity is a high priority. Yet, just 29 percent say they are “fully prepared to manage and mitigate the risks associated with cybersecurity,” according to a study released last September by the Financial Planning Association’s Research and Practice Institute. However, just in the past year, advisors have been upping their security[.] Not only because of what they’ve seen in the news, but also because some large firms have taken hits and witnessed fraud attempts firsthand.

http://www.cnbc.com/2017/07/25/stay-protected-from-the-uss-fastest-growing-crime-cyber-attacks.html

PureFunds ISE Cyber Security ETF (HACK) Chart Update & Technical Review

Investors may be taking a look at some additional technical numbers on shares of PureFunds ISE Cyber Security ETF (HACK). The 14-day RSI is currently spotted at 50.42, the 7-day is at 47.68, and the 3-day is sitting at 32.07. The RSI, or Relative Strength Index, is a widely used technical momentum indicator that compares price movement over time.  […] The normal reading of a stock will fall in the range of 30 to 70. A reading over 70 would indicate that the stock is overbought, and possibly overvalued. A reading under 30 may indicate that the stock is oversold, and possibly undervalued.

https://finnewsweek.com/purefunds-ise-cyber-security-etf-hack-chart-update-technical-review/134367/

6 Billion Records Hacked In 2017 So Far; Ransomware Victims Paid $25 Million

According to a mid-year report by Risk Based Security (RBS), a Richmond Virginia based company who keeps an eye on data breaches, there have been 2,227 incidents of data breaches as of June 2017 allowing hackers to steal 6 billion records. This means that in last six months hackers have stolen more data than the total number of medical and financial records stolen in the whole of 2016.

https://www.hackread.com/6b-records-hacked-in-2017-25m-ransomware-paid/

SEC Must Improve How It Protects Against Cyberattacks: Report

The 27-page report by the Government Accountability Office found the Securities and Exchange Commission did not always fully encrypt sensitive information, used unsupported software, failed to fully implement an intrusion detection system and made missteps in how it configured its firewalls, among other things. “Information security control deficiencies in the SEC computing environment may jeopardize the confidentiality, integrity, and availability of information residing in and processed by its systems,” the GAO said. “Until SEC mitigates its control deficiencies, its financial and support systems and the information they contain will continue to be at unnecessary risk of compromise.”

https://www.reuters.com/article/us-usa-sec-cyber-idUSKBN1AC38S

 

Stay up to date on the Financial Services Information Security news that you need to know by signing up for our Financial Cybersecurity Briefing at: https://criticalinformatics.com/financial-services.

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.

//]]>