Financial Services Cybersecurity Weekly Briefing 06-22-2018

Weekly FS Cybersecurity Blast

Weekly FS Cybersecurity Blast

Every CPA Firm Needs to be a Security Company
These firms often have staff with the knowledge to adequately secure their own environment; however, they rarely work with internal initiatives. The problem is the work performed for the firm’s external clients are revenue generating, while securing internal systems yields no revenue, or is seen as taking away revenue due to the opportunity cost. […] For firms on a tight time frame or need a concise reference, the following checklist covers fifteen of the most common controls that should be considered when deploying a new technology.

Attackers Spy and Steal from Financial Firms
In an attempt to steal sensitive data, cyber-criminals have been targeting financial firms by building hidden tunnels in order to break into networks. According to a report released today by Vectra, these attack behaviors are the same as those that led to the 2017 Equifax breach. According to a new report, 2018 Spotlight Report on Financial Services, attackers are able to gain remote access through the use of command-and-control (C&C). In the data analyzed, attackers had established nearly 30 web shells accessible from approximately 35 different public IP addresses, which allowed them to exfiltrate data while going undetected.

The Cybersecurity 202: ‘A Wake Up Call.’ OPM Data Stolen Years Ago Surfacing Now in Financial Fraud Case
A woman admitted in federal court this week that she used the identities of OPM breach victims to take out fraudulent loans through a federal credit union, as my colleague Rachel Weiner and I reported. It appears to be the first criminal case involving OPM data that the Justice Department has publicly disclosed. The revelation could give new momentum to legislation seeking to provide better protection to the federal employees, retirees and others whose personal information was stolen from two government databases in 2014, and spur lawmakers to consider broader safeguards for victims of similar compromises.

Banking by Smart Speaker Arrives, but Security Issues Exist
And with the rapid adoption of Zelle, a bank-to-bank transfer system, it soon could be possible to send money to friends or family instantly with voice commands.But the potential to do such sensitive tasks through a smart speaker raises security concerns. Virtual assistants and smart speakers are still relatively new technologies, and potentially susceptible to being exploited by cyber criminals.

 

 

Stay up to date on the Financial Services Information Security news that you need to know by signing up for our Financial Cybersecurity Briefing Here.

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.