FINANCIAL INFOSECURITY NEWSLETTER

March 2017

Hackers Behind Bank Attack Campaign Use Russian Decoy

Lucian Constantin, Computerworld.com, February 20, 2017

The hackers behind a sophisticated attack campaign that has recently targeted financial organizations around the world have intentionally inserted Russian words and commands into their malware in an attempt to throw investigators off.

Read More

How Fraud Victims ‘Punish’ Their Banks

Jeremy Kirk, Databreachtoday.com, February 20, 2017

Would you leave a bank after an unauthorized charge on a credit card or a strange debit from an account? It’s a question for financial institutions evaluating the impact of a security breach.
A new study by Carnegie Mellon University researchers suggests that some customers will, in fact, leave even if they receive quick refunds of losses due to fraud. The study is one of only a few correlating the impact of a fraud incident on customer loyalty.

Read More

Fileless Malware’ Attacks, Used on Banks, Have Been Around for Years

Matt Hamblen, Computerworld.com, February 9, 2017

Fileless malware attacks, which were recently discovered in the networks of at least 140 banks, telecoms and governments, account for about 15% of known attacks today and have been around for years in different forms.

Read More

Reworked N.Y. Cybersecurity Regulation Takes Effect in March

Jeremy Kirk, Bankinfosecurity.com, February 17, 2017

New York’s controversial new cybersecurity regulation will come into effect March 1, imposing new rules on the banking and insurance sectors with the aim of better protecting institutions and consumers against cyberattacks.

Read More

19 Laptops Containing Customer Information Have Been Stolen From Fintech Company GoCardless

Oscar Williams-Grut, Businessinsider.com, February 8, 2017

Fintech business GoCardless is offering some customers free credit monitoring for a year after admitting 19 laptops containing personal information were stolen from its offices.

Read More

New York’s New Cybersecurity Rule for Financial Institutions & How It May Affect You

Behnam Dayanim and Quinn Dang, Paulhastings.com, February 07, 2017

New York’s top banking regulator, the New York Department of Financial Services (“NYDFS”), recently issued a revised rule, effective March 1, 2017, that requires banks, insurance companies and other financial institutions regulated by NYDFS to establish and maintain a comprehensive cybersecurity program to respond to the growing threat of cyber-attacks.

Read More

Is Bank Malware Campaign Linked to North Korea?

IJeremy Kirk, Bankinfosecurity.com, February 13, 2017

A cyberattack first discovered in Poland is unfurling a bundle of technical clues that point to a larger global campaign against financial institutions, possibly executed by the Lazarus hacking group, which apparently was involved in the breach of Sony Pictures Entertainment and the theft of $81 million from Bangladesh Bank.

Read More

Online Card Fraud up as Thieves Avoid More Secure Chip Cards for In-Store Payments

Matt Hamblen, Computerworld.com, February 3, 2017

One unfortunate side effect from the use of chip cards for in-store purchases has been an increase in online credit-card fraud. Hackers have taken the path of least resistance, moving from in-store fraud to e-commerce fraud, according to security experts.

Read More

FBI: Cybercrime Gang Stole $1.2 Million via Bank Malware

Mathew J. Schwartz, Bankinfosecurity.com, February 6, 2017

Using malware to infect individuals’ PCs and drain their bank accounts continues to be a lucrative source of income for criminals, but such cybercrime has never been a risk-free undertaking.

Read More

ATM ‘Shimmers’ Target Chip-Based Cards

Brian Krebs, Krebsonsecurity.com, January 27, 2017

Several readers have called attention to warnings coming out of Canada about a supposedly new form of card skimming called “shimming” that targets chip-based credit and debit cards. Shimming attacks are not new (KrebsOnSecurity first wrote about them in August 2015), but they are likely to become more common as a greater number of banks in the United States shift to issuing chip-based cards. Here’s a brief primer on shimming attacks, and why they succeed.

Read More

Zeus-Derived Malware Continues to Pwn POS Devices

Mathew J. Schwartz, Bankinforsecurity.com, January 31, 2017

Progeny of the venerable Zeus banking Trojan live on. That’s thanks, in part, to the source code for Zeus leaking via underground forums in 2011. Since then, enterprising developers have continued to refine the banking Trojan to help them steal online banking customers’ credentials as well as to infect point-of-sale devices and harvest payment card details.

Read More