Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Bank. Show all posts
Technology
AI-driven cyberattacks Artificial Intelligence Bank CyberCrime Cyberhackers DBS Technology

AI-Driven Changes Lead to Workforce Reduction at Major Asian Bank

 


Over the next three years, DBS, Singapore's largest bank, has announced plans to reduce the number of employees by approximately 4,000 by way of a significant shift toward automation. A key reason for this decision was the growing adoption of artificial intelligence (AI), which will gradually replace human employees in performing functions previously performed by humans. 

Essentially, these job reductions will occur through natural attrition as projects conclude, affecting primarily temporary and contract workers. However, the bank has confirmed that this will not have any adverse effects on permanent employees. A spokesperson for DBS stated that artificial intelligence-driven advances could reduce the need for temporary and contract positions to be renewed, thereby resulting in a gradual decrease in the number of employees as project-based roles are completed. 

According to the bank's website, the bank employs approximately 8,000-9,000 temporary and contract workers and has a total workforce of around 41,000 workers. Former CEO Piyush Gupta has highlighted the bank's longstanding investment in artificial intelligence, noting that DBS has been leveraging artificial intelligence technology for over a decade. According to him, DBS has employed over 800 artificial intelligence models in 350 applications in the bank, with the expected economic impact surpassing S$1 billion by 2025 (US$745 million; £592 million). 

DBS is also changing leadership as Gupta, the current CEO of the bank, is about to step down at the end of March, and his successor, Tan Su Shan, will take over from him. Artificial intelligence is becoming increasingly widely used, which has brought about a lot of discussion about its advantages and shortcomings. According to the International Monetary Fund (IMF), artificial intelligence will influence approximately 40% of global employment by 2050, with Managing Director Kristalina Georgieva cautioning that, in most scenarios, AI could worsen economic inequality. 

According to the International Monetary Fund (IMF), AI could lead to a reduction in nearly 40% of global employment in the future. Several CEOs, including Kristalina Georgieva, have warned that, in many scenarios, artificial intelligence has the potential to significantly increase economic inequality. For this reason, concerns are being raised about its long-term social implications. The Governor of the Bank of England, Andrew Bailey, told the BBC in an interview that artificial intelligence shouldn't be viewed as a 'mass destruction' of jobs, but that human workers will adapt to evolving technologies as they become more advanced. 

Bailey acknowledged the risks associated with artificial intelligence but also noted its vast potential for innovation in a wide range of industries by highlighting its potential. It is becoming increasingly apparent that Artificial Intelligence will play a significant role in the future of employment, productivity, and economic stability. Financial institutions are evaluating the long-term effects on these factors as it grows. In addition to transforming workforce dynamics, the increasing reliance on artificial intelligence (AI) is also delivering significant financial advantages to the banking sector as a whole.

Investing in artificial intelligence could potentially increase the profits of banks by 17%, which could increase to $180 billion in combined earnings, according to Bloomberg. According to Digit News, this will increase their collective earnings by $170 billion. Aside from the substantial financial incentives, banks and corporations are actively seeking professionals with AI and data analytics skills to integrate AI into their operations.

According to the World Economic Forum's Future of Work report, technological skills, particularly those related to artificial intelligence (AI) and big data, are expected to become among the most in-demand skills within the next five years, especially as AI adoption accelerates. As an evolving labor market continues to evolve, employees are increasingly being encouraged to learn new skills to ensure job security. 

The WEF has recommended that companies invest in retraining programs that will help employees adjust to the new workplace environment; however, some organizations are reducing existing positions and recruiting AI experts to fill the gaps left by the existing positions. They are taking a more immediate approach than the WEF has recommended. AI has become increasingly prevalent across various industries, changing employment strategies as well as financial priorities as a result. 

With artificial intelligence continuing to change industries in several ways, its growing presence in the banking sector makes it clear just how transformative it has the potential to be and the challenges that come with it. It is clear that AI is advancing efficiency and financial performance of companies; however, this integration is also forcing organizations to reevaluate their workforce strategies, skill development, and ethical considerations related to job displacement and economic inequality. 

There must be a balance struck between leveraging technological advancements and ensuring a sustainable transition for employees who will be affected by automation. To prepare the workforce for the future of artificial intelligence, governments, businesses, and educational institutions must all play a critical role. A significant amount of effort must be put into reskilling initiatives, policies that support equitable workforce transitions, and an ethical AI governance framework to mitigate the risks associated with job displacement. In addition, the advancement of artificial intelligence, industry leaders, and policymakers can help promote a more inclusive and flexible labor market. 

Financial institutions continue to embrace the technology for its efficiency and economic benefits, but they must also remain conscious of its impact on society at large. For technological progress to become a significant factor in long-term economic and social stability, it will be essential to plan for the workforce early, ethically deploy ethical AI, and upskill employees.
Read more »
WhatsApp
Automobile Bank Cyber Fraud Fraud Message WhatsApp

WhatsApp Message Fraud Dupes Automobile Firm of Rs.1 Crore

 


A well-known automobile company, JBM Group, has been duped for Rs.1 Crore in yet another fraudulent incident that took place via fake WhatsApp messages. 

As per the police, the fraudster, in a WhatsApp message to the Chief Finance Officer of JBM, Vivek Gupta claimed to be the company’s vice chairman and had the money transferred to the bank accounts. As per the officials, a total of eight transactions had been made with seven different bank accounts, worth Rs 1,11,71,696. 

In the wake of the incident, an FIR has been registered against the unidentified fraudster under section 419 (cheating by impersonation), 420 (cheating) of IPC, and Section 66-D of IT Act at Cybercrime police station.

“The fraudsters claimed to be a JBM Group vice chairman Nishant Arya. The WhatsApp profile picture of the caller displayed Arya’s photograph. On verifying Truecaller, it reflected that the number belonged to Arya. I was also informed by the sender that he is busy in an important meeting, I could not directly call to make any further inquiry.” The CFO stated in his complaint. 

“I carried out the instructions of the sender under the bona fide impression that the instructions were coming from my superior Nishant Arya who needed to effectuate these transactions which were both very important and extremely urgent. The sums were transferred from two entities of the JBM Group, namely JBM Industries and JBM Auto. At the request of the sender, the UTR numbers confirming such transfers were also shared on the same WhatsApp chat,” Gupta further added. 

Serum Institute of India duped of Rs. 1 Crore via WhatsApp

Earlier this month, on September 7, a similar case was seen involving the Serum Institute of India (SII) which was duped for Rs. 1 Crore via a WhatsApp message sent by the threat actor posing as its CEO Adar Poonawalla. The messages were being sent to one of the institute’s directors. The transactions were then made to a few bank accounts, worth Rs. 1,01,01,554. 

The police officials are looking for the identity of the accused, the one who sent the fraudulent messages, and the holder of the bank accounts to which the transactions were made. 

How to Avoid Cyber Fraud?

With ever-increasing cases of cyber fraud via WhatsApp and other popular messaging platforms,  users are recommended to stay vigilant and follow exercise caution to avoid any scam that may result in financial loss. Users must follow the given steps in order to safeguard themselves against cyber fraud: 

1. Ensure to crosscheck the identity of a person or entity, if you receive messages from an unknown contact, claiming to be someone you know. 

2. Crosscheck the authentication of the source from where you are receiving the messages. 
 
3. Do not share your bank details with anyone. Since banks do not ask for such details, be cautious if the messages claim to be delivered from a bank. 

4. Do not click on the links sent by a suspicious number. The link may lead to malicious websites that are capable of duping you into revealing your passwords and sensitive information.

Cyberfraud has become an increasingly troublesome form of cybercrime as more and more people are falling prey to different forms and kinds of cyberfraud. While reporting it to the cybercrime branch of the police is one solution, netizens must stay wary of lures presented on social media to trap them for financial purposes.

Read more »
Telegram
Bank Bank Hacking Bots Cyber Security OTP OTP Theft Telegram

Analysts Warn of Telegram Powered Bots Stealing Bank OTPs

 

In the past few years, two-factor verification is one of the simplest ways for users to safeguard their accounts. It has now become a major target for threat actors. As per Intel 471, a cybersecurity firm, it has observed a rise in services that allow threat actors to hack OTP (one time password) tokens. Intel 471 saw all these services since June which operate via a Telegram bot or provide assistance to customers via a Telegram channel. Through these assistance channels, users mostly share their feats while using this bot and often walk away thousand dollars from target accounts. 

Recently, threat actors have been providing access to services that call victims, which on the surface, looks like a genuine call from a bank and then fool victims into providing an OTP or other authentication code into a smartphone to steal and give the codes to the provider. Few services also attack other famous financial services or social media platforms, giving SIM swapping and e-mail phishing services. According to experts, a bot known as SMSRanger, is very easy to use. With one slash command, a user can enable various modes and scripts targeted towards banks and payment apps like Google Pay, Apple Pay, PayPal, or a wireless carrier. 

When the victim's phone number has been entered, the rest of the work is carried out by the bot, allowing access to the victim's account that has been attacked. The bot's success rate is around 80%, given the victims respond to the call and provides correct information. BloodOTPBot, a bot similar to SMSRanger sends the user a fake OTP code via message. In this case, the hacker has to spoof the target's phone number and appear like a company or bank agent. After this, the bot tries to get the authentication code with the help of social engineering tricks. 

The bot sends the code to the operator after the target receives the OTP and types it on the phone keyboard. A third bot, known as SMS buster, however, requires more effort from the attacker for retrieving out information. The bot has a feature where it fakes a call to make it look like a real call from a bank, and allows hackers to contact from any phone number. The hacker could follow a script to fake the victim into giving personal details like ATM pin, CVV, and OTP.
Read more »
Ursnif Trojan
Bank Cerberus Gozi Italy malware Ursnif Trojan

Ursnif Banking Trojan is Back in Italy

 

The banking trojan 'Ursnif' (aka 'Gozi') is back in business in Italy, targeting a large range of banking users with mobile malware. According to the IBM's Trusteer Team's analysis, the stakeholders behind Ursnif now include "Cerberus," in their operations, a Trojan whose code had been leaked in September 2020 after a failing auction attempt. 

Ursnif is a banking trojan and is seen in several automated exploit kits, spreading attachments and dangerous links. Ursnif is primarily related to data theft, although its component versions also contain (backdoors, spyware, file injectors, etc.).

Cerberus is a mobile overlay malware that was first developed in the midst of 2019. Cerberus is allegedly utilized to get two-factor authentication codes in real-time during the attack whereas it is also useful to obtain the screen code from the lock and remotely operate the device. 

In September 2020, the development team of Cerberus agreed to dissolve, encouraging an endeavor to sell the source code to the highest bidder starting at $100,000. 

As IBM notes, Ursnif is arguably now the oldest existing banking malware, with its main focus being Italy. It will usually be sent through e-mail with an attached document with harmful macros - to various business addresses. After that Web injection takes over and calls on the targets to download a presumed safe software - essentially a mobile Trojan app. This is done using a QR code with an encoded string of base64. 

“If users scan the QR code, they will open a web page on their smartphone and be sent to a fake Google Play page featuring a corresponding banking app logo of the banking brand the victim originally attempted to access. The campaign, in this case, included several domains that were most likely registered for that purpose and reported in other malicious activity in the past, such as hxxps://play.google.servlce.store/store/apps/details.php?id=it.[BANK BRAND],” wrote Itzik Chimino, a researcher at Security Intelligence. 

Each domain that hosts bogus Google Play pages uses identical terms or typosquatting to make it appear legitimate. Examples include:
 google.servlce.store
 gooogle.services
 goooogle.services
 play.google.servlce.store
 play.gooogle.services
 play.goooogle.services 

For a few months, these malicious domains have also been on VirusTotal, and additional reports have accumulated over time.

For customers who fail to scan the QR code effectively, a download link will be provided that asks them to give their telephone number and then receive an SMS message with a malicious app link, that warns consumers about a service disruption if the app is failing to collect them. 

The remote server sends a download URL to allow users to unintentionally download the Cerberus malware if they enter a phone number on a website injector. This injection also retains device IDs for victims associated with their bot ID and account passwords. 

These URLs bring Cerberus on the mobile phone, while Ursnif is on the PC. The performers are therefore completely infected by the mixture of both instruments, while Ursnif still has a job. The malware hooks the desktop internet browser on this front and handles websites that are dynamically used for the purpose. 

One of Ursnif's primary measures is to automatically change the transaction-receiving IBAN with one that it manages. In particular, the actors only specify a parameter that enables this swap if the amount of the account exceeds €3,000. 

Finally, it is noteworthy that the injections are highly adaptive and the actors differentiate their method depending on the victim and the bank service that is faked. The actors have considered everything, including security problems, log-in times, and even a fake maintenance notice, to prevent the victim from viewing the real service portal. 

Further, it is advised to not download the app outside the Play Store and neither to click on any URLs received via SMS. If one receives any message that claims its source as some bank, avoid acting according to that instead visit or contact the bank personally.
Read more »
User Privacy
Bank Data Breach New Zealand Reserve Bank User Data User Privacy

New Zealand Reserve Bank: Taking Action to Respond to Data Breach Reports

 

Two independent investigations into an unauthorized data breach and the handling of sensitive information have been announced by the Reserve Bank of New Zealand. 

“The Bank accepts the findings and has implemented, and will continue to implement, the recommendations,” stated Reserve Bank Governor Adrian Orr. 

“As signalled in our Statements of Intent, we are well advanced on multiyear investment initiatives related to our digital systems and data management. We have prioritized these initiatives consistent with the recommendations outlined in the reports". 

On December 25, 2020, the Reserve Bank became the target of a cyber-attack on the third-party application it utilizes to exchange and store information. Following that, KPMG was appointed to conduct an independent investigation into the bank's rapid response to the security incident and identify areas where the bank's systems and processes may improve. 

He also stated that, despite being the victim of a massive illegal attack on the file-sharing system, the Reserve Bank accepts complete responsibility for the inadequacies in the KPMG report. 

“We were over-reliant on Accellion – the supplier of the file transfer application (FTA) – to alert us to any vulnerabilities in their system. In this instance, their notifications to us did not leave their system and hence did not reach the Reserve Bank in advance of the breach. We received no advance warning". 

As per KPMG, the bank's controls and processes need to be enhanced, which is now being done. If these procedures had been in place at the time of the unlawful breach, the damage would have been lessened. 

Background 

In late 2020, the Bank recruited Deloitte to conduct an independent investigation to assist the Reserve Bank of New Zealand in better managing sensitive data. This was in response to two incidents in which sensitive information was improperly kept in a draft internal report and disclosed to a small group of financial services firms just before it was made public. 

Initiatives to put the report's recommendations into action are also underway. The Bank estimates that the total cost of the security breach response, including internal resources, will be around $3.5 million.

In January 2021, the Reserve Bank discovered a data breach through Accellion FTA, a third-party file-sharing application that was utilized to share and store information. As part of the inquiry into the event, the Bank recruited KPMG to conduct an independent assessment of its systems and processes.
Read more »
Security Advisory
ATM Hacking ATM hacks Bank Canara Canara bank Cyber Fraud Security Advisory

Canara bank issues advisory for ATM users after fraud bid



Over the last few days, a video of a cautious user who spotted a device to read debit card data at a Canara Bank ATM in New Delhi is being circulated widely. The video was shared by a Twitter user @rose_k01. Canara Bank was quick to address the issue, as it responded by ensuring there was no breach of sensitive user data. "It has come to our notice that a video is being circulated on an attempted fraud on one of our ATMs by installing a skimming device. This attempt, which was made in one of our ATMs in Delhi, was found out immediately and the devices were removed expeditiously. Thus no data compromise has happened. We have closed down this particular ATM pending completion of police investigation," Canara Bank said in a tweet.

“We, at Canara Bank take strict measures to safeguard our customers. We immediately located and removed the skimmer from Gowtami Nagar, Delhi ATM," the public sector bank added. The bank further informed through the same tweet that no data has been compromised.

Canara Bank said it has already taken some proactive, preventive and customer friendly measures to protect the interest of customers, so as to prevent loss of their precious money, the bank said further in the tweet.

1) Canara mServe Mobile app: Using the app, customers can switch off their credit or debit cards when not in use thereby preventing any unauthorise use.

2)The bank is installing anti-skimming and terminal security solutions in all the ATMs across the country.

3) For withdrawal of more than ₹10,000 from our ATMs by any of our customers, an OTP facility as additional security feature has been introduced thereby preventing unauthorized use.

4)Bank is flashing Do's/Don'ts to all customers through social media and SMS.

5) Fraudulent transactions due to third-party breaches where neither the customer nor bank is at fault, there cannot be any liability to the customer under the norms on limiting customer liability in unauthorised transactions, in case the incident is reported within three days. Thus the customer is totally protected from any monetary loss.
Read more »
Wi-Fi Router
Anonymous Hackers Bank Bank Information Security Darkweb hackers Hackers Wi-Fi Router

Your home wi-fi isn't safe: Hackers know router trick to access bank accounts, card details

Next time when you connect smartphone or a laptop to relatively secure home Wi-Fi, you might actually be surprised how easy it is to hack into your home Wi-Fi network, courtesy that router installed by your Internet Service Provider (ISP). A small vulnerability in the home Wi-Fi network can give a criminal access to almost all the devices that access that Wi-Fi. This could spell trouble for bank accounts, credit card details, child safety and a whole lot of other concerns.

Trouble could come in the form of a neighbourhood kid who piggybacks on your Internet service. While he plays video games online and talks to his friends over VOIP (Internet-based) telephone service, your Internet service may become sluggish.

But an unsecured home wireless system can also be used to commit crime.

According to the US Department of Justice, law enforcement officers will come knocking on your door if someone uses your Internet connection to upload or download child pornography.

And the bad guys don't have to live next door. Powerful Wi-Fi antennas can pull in a home network's signal from as far away as over 4 kms.

According to Finnish cyber security firm F-Secure, for very little money, a hacker can rent a Cloud-enabled computer and guess your network's password in minutes by brute force or using the powerful computer to try many combinations of your password.

The US Computer Emergency Readiness Team (US-CERT) recently issued an alert about Russia-sponsored hackers carrying out attacks against a large number of home routers in the U.S.

According to Sanjay Katkar, Joint Managing Director and CTO, Quick Heal Technologies, cyber criminals are known to exploit vulnerabilities in home Wi-Fi routers by delivering a payload.

"Once infected with the malware, the router can perform various malicious activities like redirecting the user to fake websites when visiting banking or other e-commerce sites," Katkar told IANS recently.
Read more »
Sure staff
Bank Bank Information Security Mobile Phone company Staff Sure Sure staff

Sure staff’s bank details stolen

Hundreds of staff at mobile phone company Sure have had their bank details and other personal data stolen in a "targeted" phishing attack.

Current and former employees working for the telecoms firm on the Isle of Man, Guernsey and Jersey have been affected.

The data includes names, addresses, account numbers and sort codes.

A spokesman said "fewer than 400" people were affected but no existing customers' data had been accessed.

The company is one of the main mobile and broadband providers on the islands.

The firm said it was contacting those affected, which includes "suppliers", urging them to be "extra vigilant" and working with the islands' authorities.

The attack is thought to have come in via a staff email account, which has since been shut down."Human error" was partly to blame, the company said.

A spokesman said Sure could not confirm any information about "the location or individual" whose account was targeted, for "confidentiality and security purposes".

Sure has apologised and said it was "constantly reviewing" its training programmes.

The Isle of Man Information Commissioner's office said it had been informed of the attack and an investigation had been launched.
Read more »
Trojan
Bank Banking fraud Banking Malware Banking Trojans malware Trojan

Trickbot Trojan Gets 'BokBot' Proxy Module to Steal Banking Info.




In 2017, IBM's X-Force team discovered a banking trojan named as 'BokBot', which redirects users to malicious online banking websites or can link victims to a browser procedure in order to insert unauthorized content onto official bank pages, it's also known as IcedID.

The authors of Trickbot trojan have begun to distribute a custom proxy module to the users; Trickbot trojan is a new component originated from BokBot's code for web injection, it works with some of the widely used web browsers.

The new variant came with its separate configuration file, it was detected on an infected system on 5th of July as "shadnewDll".

How does the malware work?

The malicious process begins with an infected Office Word document that downloads the Ursnif trojan after deploying a PowerShell script. Then, a Trickbot version along with the IcedID proxy module is received by the compromised host, it is programmed to intercept and modify web traffic.

After examining the component, Vitali Kremez, security researcher, said that it can be attached to the following web browsers: Microsoft Edge, Mozilla Firefox, Internet Explorer and Google Chrome.

Upon further inspection, the module appeared to be particularly adapted for TrickBot or other fraud bank operations which is based on the installion of this malware and its variants.

Referencing from the research of FireEye, "The TrickBot administrator group, which is suspected to be based in Eastern Europe, most likely provide the malware to a limited number of cyber criminal actors to use in operations." 
Read more »
Subscribe to: Posts (Atom)