Financial Services Cybersecurity Weekly Briefing 10-27-2017

Weekly FS Cybersecurity Blast

Weekly FS Cybersecurity Blast

Today’s Bank Heists Aren’t What They Used to be With the Battle Now Fought Out in Cyberspace 
“Attacks used to be very crude misspelled [emails], now they are sophisticated – we have seen criminals researching targets, seeing where a CEO’s children go to school so an email looks like it comes from there,” he says, illustrating how hard it can be to spot a red flag. “These aren’t teenagers in a bedroom, these are seriously organized groups. They’ve taken the internet and gig economy model and hire people in.”

 

Financial Insecurity: 42 Percent of U.S. Financial Services Orgs Have Been Breached 
The report, based on a survey of more than 1,100 senior security executives worldwide, also found that 24 percent of financial services organizations suffered a data breach in the past year alone, up from 19 percent in 2016. Eighty-six percent of respondents believe their organizations are vulnerable to data threats. While 96 percent will use sensitive data in an advanced technology environment (cloud, big data, container, IoT) this year, 47 percent admitted they’re deploying those technologies without having the appropriate levels of security in place.

 

Bank of America Expands Its Use of Biometrics with Intel Hardware-Based Security Technologies

Bank of America announced today it would begin implementing Intel®Online Connect technology into its online banking platform, giving customers added security when they bank online. The two companies will jointly preview the technology at this week’s Money20/20 conference in Las Vegas. Bank of America plans to incorporate the security feature into its online banking authentication process in 2018, and will be the first financial services company to offer the technology to customers.

 

Crime Keeps Pace with Rise in Cryptocurrency Prices

Demands for at least $25m are likely to increase because technological changes in virtual currencies are making it easier for criminals to move sums anonymously, says MWR InfoSecurity. […] The surge in demand is slowly building the depth and liquidity of the market, with prices rising for bitcoin and Ripple and Ethereum, its emerging competitors, the company argues.

 

IRS: Tax Refund Fraudsters Already Had Much of That Equifax Stolen Data
[IRS] Commissioner John Koskinen said Tuesday that he’s doubtful that the Equifax breach will make a noticeable difference in tax-related ID scams. That’s because a significant amount of that data was stolen through earlier breaches in recent years at major employers, cyber attacks on the healthcare sector and even hacking incidents involving the federal government’s computer systems, including records of the Office of Personnel Management. Koskinen estimated personal information for more than 100 million tax filers was already stolen by hackers.

 

Banking Smart Cards Vulnerable to Cryptographic Attack 
Now it’s been revealed that many Gemalto smartcards are capable of being cloned by skilled cyber criminals, enabling them to bypass security protections, such as data encryption and two-factor authentication. Cyber crooks are able to access the private part of these keys by tapping into the public counterpart, and this process can be conducted within just a few minutes.

 

Class-Actions Still a Reality for U.S. Financial Firms with Bad Press
The U.S. Senate killed a rule late on Tuesday that allowed consumers to band together to sue banks and credit card companies even when the small print of their contracts forced them into closed-door arbitration with their grievances. It was a huge win for banks, who feared a flood of costly lawsuits. But for financial firms already in the spotlight for poor treatment of customers, the bad publicity may make it difficult for them to avoid court.

 

Financial Institutions Launch Their Own Cyber Range to Train Defenders, Test Tools
The initiative, by the Financial Sector Information Sharing and Analysis Council, or FS-ISAC, has already built out the first range and will stage the first exercise on it at the end of November at the Federal Reserve Bank of Boston, according to Shaun Brady, a consultant with FS-ISAC. […] The sector “does a great job with table top exercises,” said Brady, but those are more policy and management orientated. There was a dearth of “hands-on-keyboards” style war games, he said. Eventually, FS-ISAC wants to stage two regional exercises a month on the range, each based at one of the 12 regional Federal Reserve Banks, he said.

 

Class-actions Still a Reality for U.S. Financial Firms with Bad Press
The U.S. Senate killed a rule late on Tuesday that allowed consumers to band together to sue banks and credit card companies even when the small print of their contracts forced them into closed-door arbitration with their grievances. It was a huge win for banks, who feared a flood of costly lawsuits. But for financial firms already in the spotlight for poor treatment of customers, the bad publicity may make it difficult for them to avoid court.

 

Exchanges in Talks With U.S. SEC to Delay New Audit System: Sources
The U.S. exchanges are seeking to postpone implementation of a massive database, known as the Consolidated Audit Trail (CAT), due to concerns about fast approaching deadlines and worries about cyber security, said the sources, who asked for anonymity because the talks are private. The SEC, which ordered CAT after the May 2010 “flash crash” and views it as critical to the oversight of markets where trading happens in tiny fractions of a second, declined to comment.

 

 

Stay up to date on the Financial Services Information Security news that you need to know by signing up for our Financial Cybersecurity Briefing Here.

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.

//]]>