10 Oct 2019

Financial industry spending millions to deal with breaches in 2019

82% of organizations suffered a DNS attack last year, and many companies were hit multiple times, with the average number of attacks per company falling just short of 9.5, a new report by EfficientIP shows. Because the average cost per attack exceed $1.3 million, companies can expect to lose over

Read More
24 Sep 2019

North Korean hackers are targeting ATMs in India with new data-stealing malware

Cybersecurity researchers with Kaspersky Lab say that hackers working for the North Korean government have been targeting ATM machines in India with a new strain of payment card skimming malware. The campaign has been active since last summer. The malware used in the attacks is called ATMDTrack, which is linked to

Read More
16 Aug 2019

ECB Says One of Its Websites Was Hacked, Data Possibly Captured

Earlier this year, a threat actor hacked the Banks’ Integrated Reporting Dictionary (BIRD) website of the European Central Bank and installed malware designed for phishing campaigns on the server of the third-party hosting provider. The ECB said the hackers may have obtained the names and email addresses of 481 subscribers

Read More
15 Aug 2019

Financial Phishing Grows in Volume and Sophistication in First Half of 2019

In the first half of this year, the number of potential phishing domains increased by 14%, while phishing domains with valid certificates doubled to 1,900, a new study[pdf] by Normshield found. Last year, 8.5% of phishing domains used a valid certificate and this number is expected to grow to 15% this

Read More
13 Aug 2019

UN Probing 35 North Korean Cyberattacks in 17 Countries

The United Nations (UN) is investigating at least 35 cyberattacks in 17 countries that are believed to be the work of hackers working for the North Korean government, an extended version of a recent UN report shows. A summary of the report released last week mentioned that Pyongyang has used

Read More
05 Aug 2019

FSI organizations are failing to assess their software for security vulnerabilities before release

Organizations in the Financial Services Industry (FSI) are doing a rather poor job at preventing cyberattacks, new research by Synopsys shows. The majority of FSI organizations have suffered a cyberattack that caused system failure and downtime (56%) or have had threat actors steal sensitive customer data (51%). Ransomware infections or

Read More
01 Aug 2019

Capital One is not alone: 3.5B malicious login attacks target banks and customers

Between November 2017 to April 2019, threat actors carried out 3.5 billion malicious login attempts as part of credential stuffing attacks, in which credentials exposed in a data breach at one firm are used to gain access to accounts at another company. Akamai also identified close to 200,000 phishing domains

Read More
24 Jul 2019

FIN8 Reappears with BADHATCH Malware

Researchers with Gigamon have spotted a new campaign by the financially motivated hacking group FIN8 that relies on a new type of reverse shell dubbed BADHATCH. The BADHATCH malware is designed to execute malicious code on Windows systems by taking advantage of pre-installed administrative tools including PowerShell and WMIC. This technique

Read More
11 Jul 2019

Big Banks Vulnerable to Web, Mobile Attacks

ImmuniWeb researchers have found vulnerabilities in the web applications, APIs and/or mobile apps of 97 of the 100 largest financial organizations in the world, which are located across 22 countries. The report shows that 85 online banking apps where not compliant with GDPR, while 49 were not compliant with PCI

Read More
10 Jul 2019

Cyber Attacks Biggest Threat to Financial Sector

A new Wandera report looks at the mobile threats targeting financial services firms. It shows that phishing accounts for the majority (57%) of attacks, which is significantly higher than the average across other industries (42%). Man-in-the-middle attacks are also more common in the financial services sector (36%) than in other

Read More