Financial Services Cybersecurity Weekly Briefing 11-03-2017

Weekly FS Cybersecurity Blast

Weekly FS Cybersecurity Blast

Malware That Can Empty Bank Accounts
CERTCC has reported that the downloaded file is named ‘E-Dadsara’ (e-judiciary in Persian). When users click on the file, without noticing it they authorize the malware to record all of their activities. The malware will collect data on the user, including keyboard input and online activities. Based on the gathered data, criminals can access users’ bank accounts and empty them within seconds.

 

Cyberattacks Top Concern for Bank of Canada Boss Amid Rapidly Changing Tactics
The central bank warned Canadians in June that the country’s interconnected banks are vulnerable to a cascading series of cyberattacks, something that could undermine broad confidence in the financial system. The report, known as the financial system review, also said such structural vulnerability could allow for the easy spread of an initial attack into other sectors, such as energy or water systems. The report urged commercial banks to co-operate on countering the threats, which aren’t going away any time soon.

 

Web Attacks Spike in Financial Industry 
Web application compromise has topped human error as the most common type of data breach for finance companies. This shift gives the financial sector reason to be worried about broader, and more dangerous cyberattacks, according to a recent report from BitSight. […] Web application compromise, or any incident in which a Web application was the attack vector, encompasses a range of incidents including SQL injection attacks or a hacker who bypasses employee authentication to gain access into the company.

 

Restoration Costs of Ransomware Attacks Triples Since 2016
Ransomware has become the new plague to run rampant through the cyber world, rising to the fifth most common malware type and causing the costs of restoring computer systems from such attacks to triple since 2016.

 

Hacking Group Targets Banks with Stealthy Trojan Malware Campaign
The initial attack techniques of Silence campaigns are similar threat actors including the infamous Carbanak group – initial victims are tricked by phishing emails which give the attackers a foothold into the network. They’ll remain there for a long time, only striking when they have enough information to steal large amounts.

 

Banks Fearing North Korea Hacking Prepare Defenses: Cyber Experts
Global banks are preparing to defend themselves against North Korea potentially intensifying a years-long hacking spree by seeking to cripple financial networks as Pyongyang weighs the threat of U.S. military action over its nuclear program, cyber security experts said.

 

Cyber Risk – Speaking the Language of the CFO
CFOs and FDs in particular have the best view of the entire threat landscape of their organisation, so must train their security leadership team to converse with them in the way they want to provide effective defence against cyber threats. […] This may require involving the CISO in strategy or business development meetings for example, as well as board meetings, so they are aware of recent initiatives and can express their security concerns from a business viewpoint.

 

Stay up to date on the Financial Services Information Security news that you need to know by signing up for our Financial Cybersecurity Briefing Here.

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.