Lucian Constantin, Computerworld.com, February 20, 2017
The hackers behind a sophisticated attack campaign that has recently targeted financial organizations around the world have intentionally inserted Russian words and commands into their malware in an attempt to throw investigators off.
Jeremy Kirk, Databreachtoday.com, February 20, 2017
Would you leave a bank after an unauthorized charge on a credit card or a strange debit from an account? It’s a question for financial institutions evaluating the impact of a security breach. A new study by Carnegie Mellon University researchers suggests that some customers will, in fact, leave even if they receive quick refunds of losses due to fraud. The study is one of only a few correlating the impact of a fraud incident on customer loyalty.
Matt Hamblen, Computerworld.com, February 9, 2017
Fileless malware attacks, which were recently discovered in the networks of at least 140 banks, telecoms and governments, account for about 15% of known attacks today and have been around for years in different forms.
Jeremy Kirk, Bankinfosecurity.com, February 17, 2017
New York’s controversial new cybersecurity regulation will come into effect March 1, imposing new rules on the banking and insurance sectors with the aim of better protecting institutions and consumers against cyberattacks.
Oscar Williams-Grut, Businessinsider.com, February 8, 2017
Fintech business GoCardless is offering some customers free credit monitoring for a year after admitting 19 laptops containing personal information were stolen from its offices.
Behnam Dayanim and Quinn Dang, Paulhastings.com, February 07, 2017
New York’s top banking regulator, the New York Department of Financial Services (“NYDFS”), recently issued a revised rule, effective March 1, 2017, that requires banks, insurance companies and other financial institutions regulated by NYDFS to establish and maintain a comprehensive cybersecurity program to respond to the growing threat of cyber-attacks.
Jeremy Kirk, Bankinfosecurity.com, February 13, 2017
A cyberattack first discovered in Poland is unfurling a bundle of technical clues that point to a larger global campaign against financial institutions, possibly executed by the Lazarus hacking group, which apparently was involved in the breach of Sony Pictures Entertainment and the theft of $81 million from Bangladesh Bank.
Matt Hamblen, Computerworld.com, February 3, 2017
One unfortunate side effect from the use of chip cards for in-store purchases has been an increase in online credit-card fraud. Hackers have taken the path of least resistance, moving from in-store fraud to e-commerce fraud, according to security experts.
Mathew J. Schwartz, Bankinfosecurity.com, February 6, 2017
Using malware to infect individuals’ PCs and drain their bank accounts continues to be a lucrative source of income for criminals, but such cybercrime has never been a risk-free undertaking.
Brian Krebs, Krebsonsecurity.com, January 27, 2017
Several readers have called attention to warnings coming out of Canada about a supposedly new form of card skimming called “shimming” that targets chip-based credit and debit cards. Shimming attacks are not new (KrebsOnSecurity first wrote about them in August 2015), but they are likely to become more common as a greater number of banks in the United States shift to issuing chip-based cards. Here’s a brief primer on shimming attacks, and why they succeed.
Mathew J. Schwartz, Bankinforsecurity.com, January 31, 2017
Progeny of the venerable Zeus banking Trojan live on. That’s thanks, in part, to the source code for Zeus leaking via underground forums in 2011. Since then, enterprising developers have continued to refine the banking Trojan to help them steal online banking customers’ credentials as well as to infect point-of-sale devices and harvest payment card details.