Financial Services Cybersecurity Weekly Briefing 11-10-2017

Weekly FS Cybersecurity Blast

Weekly FS Cybersecurity Blast

Crooks Poison Results for Financial-Related Searches to Deliver Banking Malware
“By targeting primarily financial-related keyword searches and ensuring that their malicious results are displayed, the attacker can attempt to maximize the conversion rate of their infections as they can be confident that infected users will be regularly using various financial platforms and thus will enable the attacker to quickly obtain credentials, banking and credit card information, etc,” Cisco Talos researchers noted.

 

Equifax Clears Executives Who Sold Shares After Hack
Equifax Inc said on Friday four of its executives who sold shares before the credit-reporting firm disclosed a massive data breach that wiped out billions from its market value were not aware of the incident when they made the trades. A special committee set up by Equifax’s board to investigate the trades concluded that no insider trading took place and that pre-clearance for the trades was appropriately obtained.

 

Securing the Future of Banking 
Attacks that lead to a systematic leakage of data over time don’t have the immediate shock effect of a swift attack, but they can be just as damaging, and serve to weaken the banks’ defenses over time. […] Securing all the various channels will only get more difficult for the industry as the way we bank continues to evolve and leaders must be armed with an agile cybersecurity plan to move into the next generation of finance with the confidence of their customers behind them.

 

Regulation Can’t Solve Cybersecurity Problems, Fed Official Says
There are already lots of rules and regulations that banks and other financial institutions have to follow when it comes to cybersecurity. Several lenders and trade groups collected all U.S. and global guidance documents, regulatory requirements and recent proposals on cybersecurity into a “financial sector profile,” said JPMorgan Chase & Co.’s Kevin Gronberg, who was also on the panel. It ended up being a 2,000-line spreadsheet showing a lot of overlap between rules and demands from different regulators, Gronberg said.

New Top U.S. Banking Regulator Urges ‘Fresh Look’ at Rules
America’s top financial regulator said on Tuesday “everything is up for a fresh look” as the Federal Reserve considers dialing back some crisis-era banking rules put in place over the last decade, offering hope to Wall Street and Republicans looking to cut red tape. […] New risks such as cyber security breaches and the growth of financial technology could spark the next financial crisis, he said. “History has shown that it’s not just a question of ‘where has the risk that we knew moved to’ but also what new risks are developing.”

 

Financial Institutions Hit with New Strain Of Banking Trojan Spread By Alleged Russian Cyber Gang 
To protect customers from the subsequent account takeovers, banks need to render banking credentials valueless to the hacker by implementing a layered security defense. “Techniques such as passive biometrics and behavioural analysis correctly identify a customer without relying on their credentials. These new technologies are based on observed consumer behaviour over the lifecycle of their interactions, and not simply on a password or a security question.

 

Fast-Growing Cyber Crime Threatens Financial Sector: Europol
Online criminals have become so sophisticated that gangs have created “conglomerations” with company structures that specialize in different criminal activities to carry out the attacks, Rob Wainwright, who leads the EU law enforcement agency, said. “What really concerns me is the sophistication of the capability, which is becoming good enough to really threaten parts of our critical infrastructure, certainly in the financial, banking sector,” he told Reuters.

 

Equifax Is Haunted by Its Costly Cyber Attack

Extra spending on security and lawyers in the wake of the hacking helped push third-quarter operating expenses to the highest on record, the Atlanta-based company said Thursday in a statement. The company also said it’s facing more than 240 class-action lawsuits and more than 60 regulatory or governmental inquiries. […] Equifax said it incurred $27.3 million of costs related to the incident last quarter.

Stay up to date on the Financial Services Information Security news that you need to know by signing up for our Financial Cybersecurity Briefing Here.

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.