Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Bank Cyber Security. Show all posts
Indian Bank
ATM ATM Skimmer Bank Cyber Security Banks Cyber Security Cyberattack Digital Money Hackers Steal Money Indian Bank

Indian Banks Failing to Protect Their Cyber Security

 


Indian Banks Failing to Protect Their Cyber Security In Thane, Maharastra some unidentified fraudsters hacked the server and tampered with the data of a cooperative bank. According to Police, the hackers allegedly siphoned off Rs. 1.51 crore to various accounts from the Dombivli Nagarik Sahkari (DNS) bank on March 12. 
 
Following the attack, a case has been registered against unidentified persons under section 420 (Cheating and dishonestly inducing delivery of property) of the Indian Penal Code (IPC) and section 65 of the Information Technology Act at Manpada police station under the Kalyan division who has started a probe into the incident in collaboration with Thane cyber police.  
 
The security incident draws light on the issue of bank frauds that have become deep-seated in the Indian Financial System. In just over seven years, Indian banks have witnessed frauds surpassing $5 trillion with total fraud loans amounting to Rs. 1.37 lakh crore in the last year alone.  
 
Shocking scams like Punjab National Bank (PNB) scam (2018), Cosmos Bank cyberattack (2018), Canara Bank ATM Hack (2018), along with many other vishing, phishing, ATM skimming, and spamming attacks have continued to plague Indian banks over the recent years. With an increase in digital-based transactions, money cheating cases have also witnessed a sharp rise. The techniques and resistance measures employed by banks to safeguard their customers’ financial data and money have met with progressive and sophisticated hacking techniques used by fraudsters in India.  
 
John Maynard Keynes, after examining the condition of banking in India said banking in India should be conducted on the safest possible principles while calling India a “dangerous country for banking”. The apprehension has proven to be prophetic in the modern world as financial institutions failing to conduct prudent banking have become the center of monetary scams. Reportedly, the State Bank of India (SBI), HDFC Bank, and ICICI Bank constituted a majority of incidents totaling more than 50,000 fraudulent incidents in the last 11 fiscal years.  
 
Digitalization in India has led to the manifestation of ‘Digital Money’ and cashless transactions have been on a continual rise. Consequently, the protection of data and privacy becomes more important as a fragile cybersecurity system can have serious repercussions for any bank’s customer base.  
 
Data breaches have emerged to be a serious threat in the banking sector which further amplifies the need for an impenetrable banking system as recovering from data breaches and regaining control of a breached server can be extremely stressful and time-consuming. In order to strengthen the evolution of the banking system, banks require to identify and plug the gaps in security. Part of the problem can be attributed to the accelerated pace of digitization which has increasingly required the same kind of investment on the cyber hygiene side as well.  
 
Some of the viable measures that banks can undertake include proactive security techniques like ‘Whitelisting’ (blocks unapproved programs while only allowing a limited set of programs to run) and BIOS passwords (prevents external access to systems and servers). Awareness of employees, stringent filtering, and communicating regularly with regional offices are some of the other preventive measures as advised by the security experts.
Read more »
Rootkit
Bank Credentials Bank Cyber Security Banking Data Caketap Cyber Security Data Data Hacking Fraud Rootkit

Caketap: A New Unix Rootkit Used to Steal ATM Banking Data

 

Following the activities of LightBasin, a financially motivated group of hackers, threat analysts have discovered a previously undisclosed Unix rootkit that is utilized to capture ATM banking data and execute fraudulent transactions. 

The specific group of adversaries has lately been seen targeting telecom businesses with tailored implants, as well as hacking managed service providers and victimising their clients back in 2020. Researchers present more proof of LightBasin activities in a new paper from Mandiant, focused on bank card fraud and the compromise of critical infrastructure. The new rootkit from LightBasin is a Unix kernel module called "Caketap" that is installed on servers running Oracle Solaris systems. 

Caketap hides network connections, processes, and files when it is loaded; it installs various hooks into system services so that remote commands and configurations can be received. The various commands observed by the analysts are as follows: 

• Add the CAKETAP module back to the loaded modules list 
• Change the signal string for the getdents64 hook 
• Add a network filter (format p) 
• Remove a network filter 
• Set the current thread TTY to not to be filtered by the getdents64 hook 
• Set all TTYs to be filtered by the getdents64 hook \
• Displays the current configuration Caketap's ultimate purpose is to steal financial card and PIN verification data from compromised ATM switch servers and utilise it to enable fraudulent transactions. 

Caketap intercepts data on their way to the Payment Hardware Security Module (HSM), a tamper-resistant hardware device used in the banking industry to generate, manage and validate cryptographic keys for PINs, magnetic stripes, and EMV chips. 

Caketap tampers with card verification messages, blocking those that match fraudulent bank cards instead of generating a genuine response. In a second phase, it saves valid messages that match non-fraudulent PANs (Primary Account Numbers) internally and delivers them to the HSM, ensuring that normal customer transactions are not disrupted and implant operations remain undetected. 

“We believe that CAKETAP was leveraged by UNC2891 (LightBasin) as part of a larger operation to successfully use fraudulent bank cards to perform unauthorized cash withdrawals from ATM terminals at several banks,” explains Mandiant’s report. 

Slapstick, Tinyshell, Steelhound, Steelcorgi, Wingjook, Wingcrack, Binbash, Wiperight, and the Mignogcleaner are further tools related to the actor in prior assaults, all of which Mandiant confirmed are still used in LightBasin attacks. 

LightBasin is a highly skilled threat actor that exploits weak security in mission-critical Unix and Linux systems, which are frequently viewed as intrinsically secure or are mostly ignored due to their obscurity. 

LightBasin and other attackers thrive in this environment, and Mandiant expects them to continue to use the same operating model. In terms of attribution, the analysts noticed some overlaps with the UNC1945 threat cluster, but they don't have enough clear evidence to draw any judgments.
Read more »
Russian Hackers
Bank Cyber Security Cyber Crime Cyber Crime Report Dark Web Monitoring Darkweb Russian Hackers

Russian hacker created the RedLine program, which steals passwords and bank card data in browsers

The RedLine malware attacks browsers based on the Chromium engine — Chrome, Edge, Yandex.Browser and Opera, as well as on the basis of the Gecko engine - Mozilla Firefox and Netscape. RedLine steals saved passwords, bank card data, information about cryptocurrency wallets, cookies, system information, and other information from browsers.

Further, experiments showed that the program collects any sensitive information stored in browsers, and in addition allows you to control the computers of victims via the SOAP remote access protocol and hypothetically create botnets from them. The problem affects not only companies but also ordinary users.

The RedLine program appeared on the Russian darknet in February 2020. The announcement of its sale was posted by a Russian-speaking user with the nickname REDGlade.

The AhnLab ASEC report calls RedLine a serious cyber threat. ASEC discovered the program in 2021 when they were investigating the hacking of the network of an unnamed company. It turned out that access was carried out through a VPN service from an employee's computer infected with RedLine.

Attackers sell malware on the darknet and telegram for an average of $150-200. RedLine is distributed using phishing mailings with attached files in the format .doc, .xls, .rar, .exe. It is also uploaded to domains that disguise themselves as an online casino or, for example, the website of the Krupskaya Confectionery Factory.

It is worth noting that in December 2021, RedLine became the most popular program used in cyber attacks. Since the beginning of the month, more than 22 thousand attacks have been carried out with the help of RedLine.

Experts urged not to store credentials in browsers, suggesting instead to use a password manager and enable two-factor authentication wherever possible.

Read more »
User Security
Bank Cyber Security Bank fraud Bank Security Banks Cyber Risk Cyber Security Finance Financial Regulators RBI User Privacy User Security

How Banks Evade Regulators For Cyber Risks

 


As of late, the equilibrium between the banks, regulators, and vendors has taken a hit as critics claim that banks are not doing enough for safeguarding the personally identifiable information of the clients and customers they are entrusted with. As there has been rapid modernization in internet banking and modes of instant payments, it has widened the scope of attack vectors, introducing new flaws and loopholes in the system; consequently, demanding financial institutions to combat the threat more actively than ever. 

In the wake of the tech innovations that have broadened the scope of cybercrime, the RBI has constantly felt the need to put forth reminders for banks to strengthen their cyber security mechanisms; of which they reportedly fell short. As financial frauds relating to electronic money laundering, identity theft, and ATM card frauds surge, banks have increasingly avoided taking the responsibility.  

It's a well-known fact that banks hire top-class vendors to circumvent cyber threats, however, not a lot of people would know that banks have gotten complacent with their reliance on vendors to the point of holding them accountable for security loopholes and cybersecurity mismanagement. Subsequently, regulators fine the third-party entity, essentially the 'vendors' providing diligent cyber security risk management to the banks.  

The question that arises is that are banks on their own doing enough to protect their customers from cyber threats? Banks need to understand monitoring and management tools available to manage cyber security and mitigate risks. Financial institutions have an inherent responsibility of aggressively combating fraud and working on behalf of their customers and clients to stay one step ahead of threats.  

Banks can detect and effectively prevent their customers' privacy and security from being jeopardized. For instance, banks can secure user transactions by proactively monitoring SMS using the corresponding mobile bank app. They can screen phishing links and unauthorized transactions and warn customers if an OTP comes during a call.  

Further, banks are expected to strictly adhere to the timeframe fixed for reporting frauds and ensuring that customer complaints regarding unscrupulous activities are timely registered with police and investigation agencies. Banks must take accountability in respect of reporting fraud cases of their customers by actively tracking the accounts and interrupting vishing/phishing campaigns on behalf of their customers as doing so will allow more stringent monitoring of the source, type, and modus operandi of the attacks. 

“We are getting bank fraud cases from the customers of SBI and Axis Bank also. It is yet to be verified whether the data has been leaked or not. There might be data loss or it could be some social engineering fraud,” Telangana’s Cyberabad Crimecrime police said. 

“Police said that the fraudsters had updated data of the thousands of customers who received new credit cards and it was a bank’s insider who is the architect of this whole fraud,” reads a report pertaining to an aforementioned security incident by The Hindu.  

“This is a classic case to explain the poor procedure practised by the network providers while issuing SIM cards, and of course the data security system at the banks,” a senior police officer said. 

In relation to the above stated, banks should assume accountability for their customers’ security and shall review and strengthen the monitoring process, while meticulously following the preventive course of action based on risk categorization like checking at multiple levels, closely monitoring credits and debits, sending SMS alerts, and (wherever required) alerting the customer via a phone call. The objective, essentially, is for banks to direct the focus on aspects of prevention, prompt detection, and timely reporting for the purpose of aggregation and necessary corrective measures by regulators which will inhibit the continuity of crime, in turn reducing the ‘quantum’ of loss.  

Besides, vigorously following up with police and law authorities, financial institutions have many chances to detect ‘early warning signals’ which they can not afford to ignore, banks should rather use those signals as a trigger to instigate detailed pre-investigations. Cyber security is a ‘many-leveled’ thing conception, blaming the misappropriations on vendors not only demonstrates the banks’ tendency to avoid being a defaulter but also impacts the ‘recoverability aspects’ like effective monitoring for the customers to a great degree.
Read more »
Ransomware
Banco Pichincha Bank Cyber Security Cobalt Strike Cyber Attacks Ecuador Ransomware

Banco Pichincha: Ecuador's Largest Bank Hit by a Cyber Attack

 

Banco Pichincha, Ecuador's biggest private bank by capitalization and depositors, has been struck by a cyberattack that has crippled its operations and knocked the ATM and online banking website to be unavailable to the users. 

The intrusion happened over the weekend, and the bank had to lock down parts of its network to prevent the attack from spreading to other systems. The bank's systems have been taken down, causing considerable inconvenience, with ATMs no longer functioning and service notifications appearing on internet banking websites. 

The bank has 1.8 million customers, $4.5 billion in assets, and $4 billion in deposits, along with over 200 offices; Banco Pichincha has subsidiaries in Peru (Banco Financiero Per), Colombia (Banco Pichincha) and Panama (Banco Pichincha Panamá). And it also has a representative office in Miami and eight in Spain, comprising two each in Madrid, Barcelona, Murcia, and Comunidad Valenciana. 

Employees were informed that bank applications, email, digital channels, and self-services would be unavailable due to a technological issue, in an internal notification addressed to the Bank's departments. Self-service consumers should be guided to bank teller windows for assistance during the downtime, as per the internal memo. 

Banco Pichincha published a statement on Tuesday afternoon following two days of silence over the bank's technological troubles, acknowledging that their systems were disrupted by a cyberattack. 

The statement read: "In the last few hours, we have identified a cybersecurity incident in our computer systems that have partially disabled our services. We have taken immediate actions such as isolating the systems potentially affected from the rest of our network and have cybersecurity experts assist in the investigation. 

At the moment, our network of agencies, ATMs for cash withdrawals and payments with debit and credit cards are operational. 

This technological incident did not affect the financial performance of the bank. We reiterate our commitment to safeguard the interests of our clients and restore normal care through our digital channels in the shortest possible time. 

We call for calm to avoid generating congestion and to stay informed through the official channels of Banco Pichincha to avoid the spread of false rumors." - Banco Pichincha. 

Although, the origin of the attack has not been revealed to the public by the bank, according to insiders in the cybersecurity field, the hack is a ransomware attack with malicious attackers placing a Cobalt Strike beacon on the network. 

Cobalt Strike is often used by ransomware gangs as well as other threat actors to obtain endurance and access to additional systems on a system.
Read more »
Trojan
Android Bank Cyber Security Banking Malware Banking scam Hydra Malware malware Malware Trojan Trojan

Hydra Malware Targets Germany's Second Largest Bank Customers

 

The Hydra banking trojan has resurfaced to target European e-banking platform users, especially Commerzbank customers, Germany's second-largest financial institution. 

MalwareHunterTeam discovered the two-year-old virus in a fresh dissemination operation that targets German users with a malicious APK called 'Commerzbank Security' with a lookalike icon to the legitimate application. 

This grabbed the attention of Cyble researchers, who sampled the file for a more in-depth study, revealing a sophisticated phishing tool with broad rights access. 

According to Cyble experts, Hydra is still evolving; the variations used in the latest campaign include TeamViewer features, similar to the S.O.V.A. Android banking Trojan, and utilize various encryption methods to avoid detection, as well as Tor for communication. 

The latest version additionally allows to turn off the Play Protect Android security function. The virus demands two very hazardous permissions, BIND_ACCESSIBILITY_PERMISSION and BIND_DEVICE_ADMIN, according to the experts. 

The Accessibility Service is a background service that assists users with disabilities, and the BIND_ACCESSIBILITY_SERVICE permission permits the app to access it. 

The analysis published by Cyble states, “Malware authors abuse this service to intercept and monitor all activities happening on the device’s screen. For example, using Accessibility Service, malware authors can intercept the credentials entered on another app.” 

“BIND_DEVICE_ADMIN is a permission that allows fake apps to get admin privileges on the infected device. Hydra can abuse this permission to lock the device, modify or reset the screen lock PIN, etc.” 

Other rights are requested by the malware to carry out harmful activities such as accessing SMS content, sending SMSs, making calls, modifying device settings, spying on user activity, and sending bulk SMSs to the victim's contacts: 
  • CHANGE_WIFI_STATE : Modify Device’s Wi-Fi settings 
  • READ_CONTACTS: Access to phone contacts 
  • READ_EXTERNAL_STORAGE: Access device external storage 
  • WRITE_EXTERNAL_STORAGE: Modify device external storage 
  • READ_PHONE_STATE: Access phone state and information 
  • CALL_PHONE: Perform call without user intervention 
  • READ_SMS : Access user’s SMSs stored in the device 
  • REQUEST_INSTALL_PACKAGES : Install applications without user interaction 
  • SEND_SMS: This allows the app to send SMS messages 
  • SYSTEM_ALERT_WINDOW: The display of system alerts over other apps 
The code analysis shows that many classes are missing from the APK file. To avoid signature-based detection, the malicious code uses a custom packer. 

Cyble concluded, “We have also observed that the malware authors of Hydra are incorporating new technology to steal information and money from its victims. Alongside these features, the recent trojans have incorporated sophisticated features. We observed the new variants have TeamViewer or VNC functionality and TOR for communication, which shows that TAs are enhancing their TTPs.” 

“Based on this pattern that we have observed, malware authors are constantly adding new features to the banking trojans to evade detection by security software and to entice cybercriminals to buy the malware. To protect themselves from these threats, users should only install applications from the official Google Play Store.” 

18 million potential targets

Commerzbank has 13 million German clients and another 5 million in Central and Eastern Europe. This amounts to a total of 18 million potential targets, which is always an important factor for malware distributors. 

Typically, threat actors utilise SMS, social media, and forum postings to direct potential victims to malicious landing pages that install the APK on German devices. 

If anyone believes they have already fallen into Hydra's trap, it is suggested that they clean their device with a trustworthy vendor's security tool and then do a factory reset.
Read more »
Russian Cyber Security
Bank Cyber Security Cyber Attacks Russian Cyber Security

The August cyber attacks targeted a dozen Russian banks

Up to 15 Russian financial organizations were subjected to a large-scale cyberattack in August and September of this year.

The first deputy head of the Information Security Department of the Bank of Russia, Artem Sychev, said that 10-15 Russian financial organizations that serve e-commerce were subjected to cyber attacks in August and early September.

According to him, it was several DDoS attacks. “Most of these attacks were repelled in an automated mode by the means that financial organizations have,” Sychev noted.

Financial CERT (Financial Sector Computer Emergency Response Team, a special division of the Bank of Russia) also helped to cope with the attacks, which quickly notified banks about the attacks and connected telecom operators to solving problems. They helped to quickly redirect traffic and enable tools that filter malicious traffic.

According to Sychev, the attacks were serious, but the attackers failed to disrupt the performance of credit institutions.

“But, nevertheless, there is such a risk of dependence on monopoly service providers for financial organizations,” he added.

“The events that took place in Russia in August and early September and were associated with massive DDoS attacks clearly showed that it is not enough for us, as the financial industry, to exchange information with each other, we need to do this with telecom operators, as they are the basis for interaction between customers and financial organizations. How quickly we can interact between financial organizations and telecom operators largely depends on how quickly we can respond to the attacks that occur in the financial sector, and how quickly we can cope with these attacks,” Sychev added.

On September 2, Deputy Chairman of the Board of Sberbank Stanislav Kuznetsov said that the bank had successfully repelled the world's most powerful DDoS attack on the financial sector.

Read more »
Technology
Bank Cyber Security Digital Ruble Technology

Banks have assessed the security of digital ruble payments

Major Russian banks are ready to take part in testing the digital ruble and have no doubt that it will be in demand among customers

According to market participants, special attention should be paid to information security: digital rubles can be paid offline and, according to banks, such operations may become a tidbit for fraudsters.

The Bank of Russia presented the idea of a digital ruble in mid-October. It is assumed that it will be in the form of a unique digital code stored in a special electronic wallet and become a full-fledged means of payment on a par with the ordinary ruble. Its prototype is scheduled to be tested next year and the regulator presented its concept last Thursday.

"VTB is ready to take part in pilot projects related to the introduction of the digital ruble. VTB estimates that it may take about two years to create the infrastructure for the implementation of the digital currency," said Vadim Kulik, Deputy President and Chairman of the Bank's Management Board. Apart from VTB, other major credit institutions, including Russian Standard and Promsvyazbank, are ready to take part in the testing of the digital ruble.

Participants of the pilot project will have to solve a number of issues and put a special emphasis on the safety of operations for clients. "The main risks of payments in digital rubles are gaining unauthorized access to an electronic wallet and committing fraudulent operations using social engineering methods", said Andrei Makosko, head of information security service of Novikombank.

In addition, banks are afraid of the possibility of some overflow of funds from non-cash payments to digital rubles. According to the head of the Raiffeisenbank innovation center, Evgenia Ovchinnikova, this may affect the existing relationship between banks, shops and payment systems.

"It is also important that the digital ruble platform does not result in capital expenditures on the part of banks", emphasized Olga Makhovaya, director of innovations and data management at Rosbank.

The digital ruble is expected to help combat payment slavery when customer service is tied to a single credit institution.

Read more »
Subscribe to: Posts (Atom)