Financial Services Cybersecurity Weekly Briefing 10-06-2017

Weekly FS Cybersecurity Blast

Weekly FS Cybersecurity Blast

Weaponizing Equifax Data
It’s already been suggested that this is a state actor (with no more specificity than that), and the desire to create financial impact can be separated from an actual profit motive. Selected entities and individuals, which may be a significant fraction of the population – could have a near-simultaneous financial nightmare, with no expectation on the part of the actors that the operation will be monetized.

 

Cyber Security Regulations: Financial Services
The entities covered by the New York State’s new regulations were permitted 6 months from the effective date to comply with most of the terms, past which, non-compliance will not be tolerated. This makes the next couple of months extremely vital for institutions that haven’t fulfilled the requirements. To be one step ahead of possible attacks though, banks will need to regularly evaluate their potential vulnerabilities. Their threat levels should be under constant surveillance to forecast possible problems, and threat intelligence should be employed to understand when potential cyber attackers might attempt to take advantage of such holes in their armor.

 

Bankers Anxious Over Consumer Reactions to Equifax Breach
“Banks hate credit freezes. The banks want people to buy things on credit without a second thought,” said Chris Hoofnagle, a law professor at the University of California, Berkley, and an author on consumer protection law. The time required to remove restrictions could thwart issuance of new credit cards, especially store credit cards that offer instant discounts on purchases. Second thoughts could lead drivers to spend less on cars when they reconsider how much they will have to borrow for more expensive models.

 

North Korean Hackers Plot to Loot Britain’s Finances With Cyber attack on the City’s Banks
The reclusive regime is improving its hacking through collaboration with Iran and criminal networks operating in southeast Asia and China, the expert said. He said the cyber attack that crippled computers at NHS hospitals and GP surgeries was an attempt to take money. “Their missiles are not going to reach the UK but their cyber-attacks did reach the NHS and other parts of Europe,” the 52-year-old said. “As sanctions bite further and North Korea becomes more desperate for foreign currency, they will get more aggressive and continue to come after the finance sector. They’re after our money.”

 

The Equifax Hack Has the Hallmarks of State-Sponsored Pros
The handoff to more sophisticated hackers is among the evidence that led some investigators inside Equifax to suspect a nation-state was behind the hack. Many of the tools used were Chinese, and these people say the Equifax breach has the hallmarks of similar intrusions in recent years at giant health insurer Anthem Inc. and the U.S. Office of Personnel Management; both were ultimately attributed to hackers working for Chinese intelligence.

 

Equifax Puts Silence Down to Fear of ‘Copycat’ Cyber Attacks
Equifax, the credit reporting company where hackers accessed personal details of tens of millions of Americans, has defended waiting to disclose the attack by saying it feared “copycat” raids — but the claim was immediately disputed by cyber security experts. The company made the assertion on in prepared testimony released in advance of a congressional hearing in which it also disclosed that, months earlier, the US government had alerted it to the system vulnerability exploited by the hackers.

 

Financial Cyber Threats Loom Large
With more than 1.2 million annual detections, the financial threat space is still 2.5 times bigger than that of ransomware. The financial Trojan threat landscape is dominated by three malware families: Ramnit, Bebloh (Trojan.Bebloh), and Zeus (Trojan.Zbot). These three families were responsible for 86 per cent of all financial Trojan attack activities in 2016. However, due to arrests, takedowns, and regrouping, we have seen a lot of fluctuations over the last year.

 

SEC Hack Came as Internal Security Team Begged for Funding
In a memo sent to the SEC’s inspector general, the head of the SEC’s Digital Forensics and Investigations Unit complained that his team was woefully underfunded, undertrained, and forced to work with repurposed equipment and hard drives that had been designated by other branches of the SEC for disposal. The memo to SEC Inspector General Carl Hoecker, shared with Reuters by a congressional staffer, cited “serious deficiencies” in funding and support.

 

Tech and Finance Firms Should be Held to the Same Account: Goyle
Tech giants should be held to the same account as other companies such as banks and insurers when it comes to their potential influence on politics, according to Raj Goyle, who served two terms in the Kansas House of Representatives and went on to found artificial intelligence startup Bodhala.

 

Retail Brokers, Regulators and the Authors of MiFID II: Why Not Embrace Facial Recognition for Compliance?
In this age of biometric national passports and automated airport security systems, the ability for a computerized government database to be able to connect to a biometric recognition system to vet entries and exits across the world is very much proven, and is very likely to be more accurate than human resources.

 

Stay up to date on the Financial Services Information Security news that you need to know by signing up for our Financial Cybersecurity Briefing Here.

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.