Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Bank Security. Show all posts

The Slim CD Data Breach: 1.7 Million Credit Cards Compromised


Credit card security has always been a challenge for users, as hackers try innovative ways to lure the victims. In a massive data breach, payment gateway provider Slim CD (it offers payment processing services for both online and offline merchants) revealed it has suffered a data breach that impacted credit card and personal data that belongs to around 1.7 million users. 

About Slim CD Breach

Like recent data breaches, your personal information could now be with threat actors, and it is not your fault. This blog covers details related to the breach, and the steps you can take to protect your credit card and avoid misuse of credit card numbers.

In the notification sent to affected victims, Slim CD said hackers gained access to its network for almost a year, from August 2023 to June 2024. But they could only steal credit card details between June 14 and 15 of this year.

Earlier this year in June, Slim CD found that suspicious users had access to its systems. After that, the company launched an inquiry, which revealed that hackers had first gained entry into the networks in August 2023. The stolen data includes physical addresses, full names, credit card numbers and card expiry dates. Luckily, card verification numbers or CVVs weren't stolen, the company says.

Experts believe that without CVV, hackers can't do much with the stolen credit card data or make any fraudulent transactions with your credit card. But the risk of credit card fraud is still there.

How to protect yourself?

Generally, if you suffer a major data breach, the company offers free access to either credit monitoring or identity theft protection services. But in the case of Slim CD, it isn't doing anything like this for affected users.

What have we learned?

The Slim CD incident has highlighted various gap areas for both businesses and customers.

1. Robust Security Measures: Investment is crucial in this area this includes encryption, two-factor authentication, and frequent security audits. These steps can help protect against unauthorized attempts at stealing sensitive info.

2. Monitoring: Customers should frequently keep an eye on their bank statements and credit reports for any suspicious activity. Threat detection at an early stage can reduce the damage caused by a data breach.

3. Quick Response: In the event of a data breach, a fast response becomes important. Informing impacted individuals and offering support can help minimize the damage and rebuild trust.

4. Being Informed and Educated: Both companies and customers should be aware about the basic safety steps needed to be safe from a data breach. For businesses awareness programs and training campaigns can provide certain help.

Xapo Bank Aims To Boost Bitcoin Safety With Tech And Bunkers

 

Satoshi Nakamoto, the pseudonymous developer of Bitcoin, published the system's whitepaper in 2008, bluntly criticising financial institutions and the confidence they demand. However, in 2010, one of the most notable Bitcoin collaborators in its early days and the recipient of the first Bitcoin transaction in history, cypherpunk and cryptography specialist Hal Finney, predicted the existence of bitcoin banks. Today, bitcoin-native banks such as Xapo Bank exist in this grey area between the ethos and the potential deployment of this system across the global financial sector. 

Finney claims that Xapo Bank, which was founded in 2013, is among the leaders in the custodial space of Bitcoin. Wences Casares, an Argentinean entrepreneur and innovator who is well-known in Silicon Valley for his support of this technology, developed it as a solution for his friends and family. However, it expanded significantly. Currently, it is one of the few fully licensed banks in the world that deals with Bitcoin and other digital assets. 

Its business idea combines cutting-edge Bitcoin technology with a physical bunker in the Swiss highlands. This physical location blends old-fashioned Swiss standards with the latest safety technology. It's an atomic bunker that serves as the foundation of what Xapo provides its clients: high-quality security for digital assets. Xapo is exploring new technical opportunities. The custody business is dominated by multi-signature solutions, but the greatest alternative and security solution for the Gibraltar-registered bitcoin bank is the multi-party computation protocol. On a broad level, MPC enables several parties to share information without fully exposing the shared data. 

In the case of Xapo, this works by breaking the digital asset master private key into several unique fragments known as "key shares," which Xapo Bank has stored and distributed in hidden places around the world, including the Swiss bunker. The MPC protocol ensures that participants' contributions remain private during key creation and signing, without being revealed. This functionality assures that no single participant in the quorum has total access to or control over the stored assets, reducing the chance of collusion to nearly zero. 

"MPC is a much more modern and secure setup compared to a still more popular multi-signature approach. The fact that the private key is not put together at any point in the transaction means there is no moment it can be potentially exposed or hacked, which is not the case with the more traditional multi-sig technology," Xapo Bank's Chief Technology Officer, Kamil DziubliÅ„ski, stated. 

However, there are threats and concerns, even with a movie-style bunker and this novel method of securing the keys and transaction signing process. Security threats include hacking and phishing attempts. Financial risks include money laundering, terrorist financing, and various types of financial attacks.

Passkeys Aren't Foolproof: New Study Reveals Vulnerabilities in Popular Authentication Method

 

Despite their growing popularity, passkeys are not as secure as many believe. According to Joe Stewart, principal security researcher at eSentire's Threat Response Unit (TRU), many online accounts using passkeys can still fall victim to adversary-in-the-middle (AitM) attacks. This issue stems not from the passkeys themselves but from their implementation and the need for account recovery options. Passkeys, a password-less authentication method, aim to provide secure access to online accounts like banking, e-commerce, and social media. 

However, an eSentire study found that poor implementation of passkeys, such as less secure backup authentication methods, allows AitM attacks to bypass this security. In these attacks, the adversary modifies the login prompts shown to users, controlling the authentication flow by altering the HTML, CSS, images, or JavaScript on the login page. 

This manipulation can make the passkey option disappear, tricking users into using less secure backup methods like passwords. Stewart's research demonstrated how open-source AitM software, like Evilginx, can deceive users of services like GitHub, Microsoft, and Google. By slightly modifying scripts (phishlets) that capture authentication tokens and session cookies from real login pages, attackers can make users believe they are on the genuine site. 

The attacker then captures the user's credentials and authentication tokens, allowing them to maintain access to the account. The study highlights that most passkey implementations are vulnerable to similar attacks. Backup methods such as passwords, security questions, SMS codes, and email verifications are prone to AitM attacks. Only methods like social trusted contacts recovery, KYC verification, and magic links offer better protection, though they can be cumbersome. 

To enhance security, Stewart recommends using multiple passkeys, including a FIDO2 hardware key, which is secured by a PIN. As passkey adoption grows, magic links remain a secure backup method for account recovery in case of passkey loss or AitM attacks. While passkeys offer a promising alternative to traditional passwords, their current implementation can leave accounts vulnerable. Users and developers must adopt stronger backup methods and remain vigilant against AitM attacks.

The Importance of Whitelisting Scanner IPs in Cybersecurity Assessments


In the realm of cybersecurity, ensuring the safety and integrity of a network is a multifaceted endeavor. One crucial aspect of this process is the regular assessment of potential vulnerabilities within the system. As a cybersecurity professional, our work revolves around identifying these vulnerabilities through automated scans and red team exercises, meticulously recording them in a Bugtrack Excel sheet, and collaborating with human analysts to prioritize and address the most critical issues. However, a recurring challenge in this process is the reluctance of some customers to whitelist the IP addresses of our scanning tools.

The Role of Whitelisting in Accurate Assessments

Whitelisting the scanner IP is essential for obtaining accurate and comprehensive results during security assessments. When the IP address of the scanning tool is whitelisted, it allows the scanner to perform a thorough evaluation of the network without being hindered by security measures such as firewalls or intrusion detection systems. This unrestricted access enables the scanner to identify all potential vulnerabilities, providing a realistic picture of the network's security posture.

The Reluctance to Whitelist

Despite the clear benefits, many customers are hesitant to whitelist the IP addresses of cybersecurity vendors. The primary reason for this reluctance is the perception that it could expose the network to potential threats. Customers fear that by allowing unrestricted access to the scanner, they are inadvertently creating a backdoor that could be exploited by malicious actors.

Moreover, there is a prevalent falsity in this approach. By not whitelisting the scanner IP, the results of the security assessments are often incomplete or misleading. The scanners may miss critical vulnerabilities that are hidden behind security measures, resulting in a report that underestimates the actual risks. Consequently, the management and auditors, relying on these reports, task the IT team with addressing only the identified issues, leaving the undetected vulnerabilities unaddressed.

The Illusion of Security

This approach creates an illusion of security. The customer, management, and auditors may feel satisfied with the apparent low number of vulnerabilities, believing that their network is secure. However, this false sense of security can be detrimental. Hackers are relentless and innovative, constantly seeking new ways to infiltrate networks. They are not deterred by the same security measures that hinder our scanners. By not whitelisting the scanner IP, customers are effectively blinding themselves to potential threats that hackers could exploit.

The Hacker's Advantage

Hackers employ manual methods and conduct long-term reconnaissance to find vulnerabilities within a network. They utilize a combination of sophisticated techniques and persistent efforts to bypass security measures. The tools and strategies that block scanner IPs are not effective against a determined hacker's methods. Hackers can slowly and methodically map out the network, identify weaknesses, and exfiltrate data without triggering the same alarms that automated scanners might. This means that even if a scanner is blocked, a hacker can still find and exploit vulnerabilities, leading to potentially catastrophic breaches.

The Need for Continuous and Accurate Scanning

Security scanners need to perform regular assessments—daily or weekly—to keep up with the evolving threat landscape. For these scans to be effective, the scanner IP must be whitelisted to ensure consistent and accurate results. This repetitive scanning is crucial for maintaining a robust security posture, as it allows for the timely identification and remediation of new vulnerabilities.

The Conference Conundrum

Adding to this challenging landscape is the current trend in cybersecurity conferences. Instead of inviting actual security researchers, security engineers, or architects who write defensive software, many conferences are being hosted by OEM vendors or Consulting organizations. These vendors often showcase the users of their security products rather than the experts who develop and understand the intricate details of cybersecurity defense mechanisms. This practice can lead to a superficial understanding of security products and their effectiveness, as the focus shifts from in-depth technical knowledge to user experiences and testimonials.

Conclusion

In conclusion, the reluctance to whitelist scanner IPs stems from a misunderstanding of the importance of comprehensive and accurate security assessments. While it may seem counterintuitive, whitelisting these IP addresses is a necessary step in identifying and addressing all potential vulnerabilities within a network. 

By embracing this practice, customers can move beyond the illusion of security and take proactive measures to protect their networks from the ever-evolving threats posed by cybercriminals. The ultimate goal is to ensure that both the customer and their management are genuinely secure, rather than merely appearing to be so. Security measures that block scanner IPs won't thwart a dedicated hacker who uses manual methods and long-term reconnaissance. Thus, comprehensive vulnerability assessments are essential to safeguarding against real-world threats. Additionally, there needs to be a shift in how cybersecurity conferences are organized, prioritizing the inclusion of true security experts to enhance the industry's collective knowledge and capabilities.

--

Suriya Prakash and Sabari Selvan

CySecurity Corp 

5 Signs Your Wi-Fi Has Been Hacked: Protect Your Bank Details

5 Signs Your Wi-Fi Has Been Hacked: Protect Your Bank Details

The tech company Aura sent its experts to investigate the telltale indicators that cybercriminals have overcome your wi-fi. A hacker can access all of your sensitive information through your wifi in a number of methods, and it's far easier to detect than you might believe.

In the event that this occurs, outsiders will have access to your bank account information and other private information. They may even be able to listen in on your private discussions with loved ones, parents, or other family members.

However, you can tell if your wifi has been hacked or not by looking for these five indicators:

1. Reduced internet speed

If your internet provider is normally trouble-free, an abrupt and unusual slowdown in your access to the internet may indicate that hackers have attacked your router.

2. Finding strange devices or IP addresses

Unknown gadgets, sometimes known as rogue devices, may indicate that hackers are trying to access private data from your router.

If you see this, you need to check if any unidentified devices are included in the list of connected devices by logging in to your router's IP address, which is typically found on the router itself.

3. Suddenly, the Wi-Fi password has changed

Should this occur without warning, there may be a connection to hacker activity.

You won't be able to access the router and resolve the problem on your own because these annoying hackers typically alter your login credentials after they have access.

4. Unknown or new software installed on your devices

If you notice any strange new software on your device, it can be a sign that hackers have been targeting your network and maybe installing malware.

5. Strange activities on your web browser

You will almost certainly notice this: if your browser starts directing you to strange websites, it's possible that hackers have altered your DNS settings. You may also notice things like ransomware messages appearing that purport to have sensitive data or photos, suggesting that hackers may have gained access to your router.

Fake purchasers will often contact real sellers of goods and appear to be interested in making a purchase in an attempt to obtain your private information.

The scammer would then lie and claim to have transferred monies that are only available through a dubious link, so the transaction never actually happens.

Usually, the link is a phishing one, where the seller enters their bank card information thinking they will get money, but inadvertently allows their account to be drained. There are, nevertheless, safety measures you can do. Downloading antivirus software would help prevent those hackers from getting near you.

UK Banks Issue a Warning Regarding an Upsurge in Internet Scams

 

Banks have issued a warning about a sharp rise in fraud in 2022, much of it coming from online sources. 77% of frauds now take place on dating apps, online markets, and social media., Barclays reported.

According to TSB, the major causes of this were an enormous rise in impersonation, investment, and purchase fraud instances. It was discovered that fraudulent listings on Facebook Marketplace had doubled, while impersonation frauds on WhatsApp had increased thrice in a year. 

Additionally, it claimed that there had been "huge fraud spikes" on Meta-owned platforms including Facebook and WhatsApp. Fraud, according to a spokesperson for Meta, is "an industry-wide issue," the BBC reported. 

"Scammers are using increasingly sophisticated methods to defraud people in a range of ways, including email, SMS, and offline," the company stated. "We don't want anyone to fall victim to these criminals, which is why our platforms have systems to block scams, financial services advertisers now have to be FCA (Financial Conduct Authority)-authorised and we run consumer awareness campaigns on how to spot fraudulent behaviour." 

"Epidemic of scams" 

Banks are dealing with an "epidemic of scams," according to Liz Ziegler, director of fraud protection for Lloyds Banking Group. 

"With more than 70% of fraud starting with contact through the main tech platforms, these companies must be held responsible for stopping scams at source and putting things right for innocent victims," she explained. 

Three million people in the UK would become victims of fraud in 2022, NatWest CEO Alison Rose previously warned a Treasury Select Committee. 

She stated, "we have seen an 87% increase in fraud," noting that NatWest believed that 60% of frauds started on social media and other internet platforms. 

Meanwhile, TSB stated 60% of purchase fraud cases of which it is aware - where a fraudster offers an item they never intend to send to the customer - occurs on Facebook Marketplace, and two-thirds of impersonation fraud cases it sees are happening on WhatsApp, The bank claims that 2,650 refunds covering these incidents were given out last year. 

According to Paul Davis, TSB's director of fraud prevention, social media companies "must urgently clean up their platforms" to safeguard users. 

Returned funds 

56% of the total money was lost to scammers in the first half of 2022, according to the most recent data from UK Finance, which represents the banking and finance industry. 

The Contingent Reimbursement Model Code, which intends to pay consumers if they fall victim to an Authorised Push Payment (APP) scam "and have acted appropriately," has been endorsed by many institutions, including NatWest, Lloyds, and Barclays. 

A consumer may be duped into sending money to a fraudulent account through an APP scam. However, TSB asserts that it reimburses victims in 97% of the fraud incidents it observes and is urging other organisations to do the same.

Octo: A New Malware Strain that Targets Banking Institutions

 

Last year, an Android banking malware strain was found in the open, few organizations called it "Coper," belonging to a new family, however, ThreatFabric intelligence hinted it as a direct inheritance of the infamous malware family Exobot. Found in 2016, Exobot used to target financial institutions until 2018, these campaigns were focused in France, Turkey, Thailand, Germany, Japan, and Australia. Following the incident, another "lite" variant surfaced, named ExobotCompact by the developer famous as "Android" on the dark web. 

Analysts from ThreatFabric established a direct connection between ExobotCompact and the latest malware strain, named "ExobotCompact.B." The latest malware strain surfaced in November 2021, named ExobotCompact.D. "We would like to point out that these set of actions that the Trojan is able to perform on victim’s behalf is sufficient to implement (with certain updates made to the source code of the Trojan) an Automated Transfer System (ATS)," says ThreatFabric report. The recent actions by this malware family involve distribution via various malicious apps on Google Play Store. 

The apps were installed more than 50k times, targeting financial organizations around the world, including broad and generic campaigns having a high number of targets, along with focused and narrow campaigns across Europe. Earlier this year, experts noticed a post on a dark web forum, a user was looking for an Octo Android botnet. Later, a direct connection was found between ExobotCompact and Octo. Interestingly, ExobotCompact was updated with various features and rebranded as Octo, bringing remote access capability, therefore letting malicious actors behind the Trojan to perform on-device fraud (ODF). 

ODF is the riskiest, most dangerous fraud threat. Here, transactions begin from the same device that a target uses on a daily basis. Here, anti-fraud programmes are challenged to detect the scam activity with less in number malicious indicators and different fraud done via different channels. ThreatFabric reports, "to establish remote access to the infected device, ExobotCompact.D relies on built-in services that are part of Android OS: MediaProjection for screen streaming and AccessibilityService to perform actions remotely."

Users at Citibank Attacked by a Massive Phishing Scam

 

Scammers impersonating Citibank are now targeting customers in an online phishing campaign. Thousands of bogus email messages were sent to bank customers, according to Bitdefender's Antispam Lab, with the intent of collecting sensitive personal information and internet passwords. 

Responding to unusual activities or an unauthorized login attempt, the accounts have been placed on hold. As a result, the attackers claim all users should authenticate existing accounts as soon as possible to avoid a permanent ban.

According to Bitdefender's internal telemetry, these campaigns are focused primarily on the United States, with 81 percent of the phishing emails sent ending up in the mailboxes of American Citibank customers. However, it has also reached the United Kingdom (7 percent), South Korea (4 percent), and a small number have indeed made it to Canada, Ireland, India, and Germany. When it comes to the origins of these phishing attacks, 40% of the phoney emails appear to have come from the United States, while 13% came via IP addresses in Mexico. 

The cybercriminals behind the effort utilize email subject lines like "Account Confirm Confirmation Required," "Second Reminder: Your Account Is On Hold," and "Account Confirm Confirmation Required" to deceive Citibank clients into opening the emails. Other subject lines were, "Urgent: Account Confirmation Required," "Security Alert: Your Account Is On Hold," and "Urgent: Your Citi Account Is On Hold." 

Since some of the phishing emails in the campaign use the official Citibank logo to make them appear more real, the scammers who sent them did not take the time to correctly fake the sender's email address or repair any punctuation issues in the email body.

Citing phoney transactions or payments, and also questionable login attempts is another strategy used to create these phishing emails which appear to be from Citibank itself, to fool potential victims into authenticating actual accounts. When victims click the verify button, users are taken to a cloned version of the legitimate Citibank homepage. However, if a Citibank customer goes this far, fraudsters will steal the credentials and utilize them in future assaults. 

Bitdefender has discovered another large-scale phishing campaign that went live between February 11 and 15, 2022, offering victims the opportunity to seek cash compensation from the United Nations. The challenge in this situation is to identify the beneficiary as a scam victim, one of the 150 people who were declared eligible for a $5 million payout from Citibank. 

Banks rarely send SMS or email alerts to customers about critical account changes, thereby users can contact the bank and ask to speak to an agent if they receive a message which makes strong claims. Instead of calling the phone numbers included in the email, users should go to the bank's official website and look up the information on the contact page.

Bankers Worried About Data Security, CSI Research Suggests

Research published by Consumer Services (CSI) reveals increasing threats among bank executives in hiring new talent and facing cybercrime threats as a challenge. The survey received 279 executive responses from the banking sector nationwide, bankers listed cybersecurity dangers (26%) and hiring employees (21%) as the top problems in 2022. 

The survey results, suggesting respondents from different bank asset sizes, provide an alternate look into how these organizations tackle concerning issues like compliance, technological innovations, and customer expectations. 

For example, to improve user experience and increase market shares, banks are promoting the use of digital tools, like account opening (51% responses), customer relationship management (43% responses), and digital loans (36% respondents). 

CSI is a leading fintech, regtech, and cybersecurity solutions partner operating at the intersection of innovation and service. It excels at driving the business forward with a unique blend of cutting-edge technology, effortless integration, and a commitment to authentic partnerships defined by our customer-first culture. 

Customers have raised the bar in expectations from banks, and the latter should respond accordingly, says David Culbertson, CSI president, and CEO. The data is paired with banks' aspirations to improve digital tools, the banking industry is moving towards a digital-first mindset and aiming for digital advancement. Interestingly, bank leaders also aspire to open banking for growth, particularly for digital progress. 

The latest research suggests how banking institutes measure their personal growth in the rising digital landscape scenario. "For example, although executives on average rated their institutions a healthy 4/5 on compliance readiness, regulatory changes remain top of mind, with 14% of respondents naming it their primary concern.," reports HelpNet Security. 

Keeping the new administration in mind, bankers have mentioned "data privacy" (39% responses) and CECL (20% responses) as the most needed measures for banking institutions. "The continuation of remote work will make this a critical component, along with new asset types such as cryptocurrencies being adopted, and increasing privacy regulations. 

On the other hand, ransomware is expected to remain a challenge alongside a bigger looming threat from quantum computing, which holds the potential to defeat modern encryption systems," reports HelpNet Security.

Breach into Mahesh Bank's Servers, Transfer Massive Amounts

 

The investigation into the hacking of A.P. Mahesh Co-operative Urban Bank Limited's servers has been taken up by Hyderabad city police's cybercrime officials.

The Bank has achieved a position of prominence by not sacrificing the spirit of cooperative ideals, while also attempting to integrate and implement innovative techniques of work organization and administration, all while remaining committed to its goals.

According to authorities, the incident occurred around 12 p.m. after bank staff discovered unauthorized access and over Rs. 12.50 crore was deposited to more than 100 trust funds in Telangana. Nearly 2.5 crores of the combined worth of the unauthorized charges have already been frozen by the police. Some individuals hacked into the bank's servers before logging into the major accounts and transferring the funds to over 100 separate bank accounts. 

The fraud was discovered by bank personnel, and a report was filed at the Hyderabad Cybersecurity police station after testing. A preliminary investigation was undertaken by the police, who investigated Mahesh Bank's main branch and examined the security features and procedures used by the management. Bank payment channels operate 24 hours a day, seven days a week, including holidays, and officials are constantly monitoring them. 

Three clients in Mahesh Bank's two city branches were reportedly questioned about the scam. The authorities were also looking into the connection between suspects and account holders at other banks across the country. 

Four teams have been created to examine the crime, according to Addl. Commissioner (Crimes) A.R. Srinivas, and bank personnel in the technical departments have been questioned. The money was transferred to 128 accounts in multiple banks in Delhi, Bihar, and the northeastern provinces by the cybercrooks. 

The RBI has awarded the Bank an Authorised Dealer – Category – II license, allowing it to conduct money transfer activity as well as certain non-trade current account transactions. In the states of Telangana and Andhra Pradesh, Mahesh Bank is the first Co-operative Urban Bank to have this license.

According to a police officer, a case has been filed and an investigating team has visited the bank's core branch. It is worth noting that, this is considered to be the city's first e-fraud attack on a bank.

How Banks Evade Regulators For Cyber Risks

 


As of late, the equilibrium between the banks, regulators, and vendors has taken a hit as critics claim that banks are not doing enough for safeguarding the personally identifiable information of the clients and customers they are entrusted with. As there has been rapid modernization in internet banking and modes of instant payments, it has widened the scope of attack vectors, introducing new flaws and loopholes in the system; consequently, demanding financial institutions to combat the threat more actively than ever. 

In the wake of the tech innovations that have broadened the scope of cybercrime, the RBI has constantly felt the need to put forth reminders for banks to strengthen their cyber security mechanisms; of which they reportedly fell short. As financial frauds relating to electronic money laundering, identity theft, and ATM card frauds surge, banks have increasingly avoided taking the responsibility.  

It's a well-known fact that banks hire top-class vendors to circumvent cyber threats, however, not a lot of people would know that banks have gotten complacent with their reliance on vendors to the point of holding them accountable for security loopholes and cybersecurity mismanagement. Subsequently, regulators fine the third-party entity, essentially the 'vendors' providing diligent cyber security risk management to the banks.  

The question that arises is that are banks on their own doing enough to protect their customers from cyber threats? Banks need to understand monitoring and management tools available to manage cyber security and mitigate risks. Financial institutions have an inherent responsibility of aggressively combating fraud and working on behalf of their customers and clients to stay one step ahead of threats.  

Banks can detect and effectively prevent their customers' privacy and security from being jeopardized. For instance, banks can secure user transactions by proactively monitoring SMS using the corresponding mobile bank app. They can screen phishing links and unauthorized transactions and warn customers if an OTP comes during a call.  

Further, banks are expected to strictly adhere to the timeframe fixed for reporting frauds and ensuring that customer complaints regarding unscrupulous activities are timely registered with police and investigation agencies. Banks must take accountability in respect of reporting fraud cases of their customers by actively tracking the accounts and interrupting vishing/phishing campaigns on behalf of their customers as doing so will allow more stringent monitoring of the source, type, and modus operandi of the attacks. 

“We are getting bank fraud cases from the customers of SBI and Axis Bank also. It is yet to be verified whether the data has been leaked or not. There might be data loss or it could be some social engineering fraud,” Telangana’s Cyberabad Crimecrime police said. 

“Police said that the fraudsters had updated data of the thousands of customers who received new credit cards and it was a bank’s insider who is the architect of this whole fraud,” reads a report pertaining to an aforementioned security incident by The Hindu.  

“This is a classic case to explain the poor procedure practised by the network providers while issuing SIM cards, and of course the data security system at the banks,” a senior police officer said. 

In relation to the above stated, banks should assume accountability for their customers’ security and shall review and strengthen the monitoring process, while meticulously following the preventive course of action based on risk categorization like checking at multiple levels, closely monitoring credits and debits, sending SMS alerts, and (wherever required) alerting the customer via a phone call. The objective, essentially, is for banks to direct the focus on aspects of prevention, prompt detection, and timely reporting for the purpose of aggregation and necessary corrective measures by regulators which will inhibit the continuity of crime, in turn reducing the ‘quantum’ of loss.  

Besides, vigorously following up with police and law authorities, financial institutions have many chances to detect ‘early warning signals’ which they can not afford to ignore, banks should rather use those signals as a trigger to instigate detailed pre-investigations. Cyber security is a ‘many-leveled’ thing conception, blaming the misappropriations on vendors not only demonstrates the banks’ tendency to avoid being a defaulter but also impacts the ‘recoverability aspects’ like effective monitoring for the customers to a great degree.

The largest banks in Russia were subjected to a large-scale DDoS attack

A new large-scale DDoS attack carried out late in the evening on September 2 led to the system failure of major banks and made some of their services unavailable. Thus, a number of large banks experienced problems with payments and card services for some time.

VTB, Sberbank and Alfa-Bank withstood the attack, but their Internet provider Orange Business Services experienced significant difficulties.

"Everything that went through Internet providers, including land points that are connected by wires, ATMs, POS terminals, did not work for some time," said a bank representative.

"The IT services of our partners and their communication providers faced a DDoS attack, which affected the payment of customers in remote service channels," VTB reported.

Sberbank reported that on September 2, a failure was recorded on the side of an external service provider, which could lead to short delays in the operation of individual services.

"Some reports recorded by the Downdetector resource could be related to problems with one of the local Internet providers," Alfa-Bank reported.

Olga Baranova, Operational Director of Orange Business Services in Russia and the CIS, said that since August 9, the company's cyber threat monitoring center has been recording attacks on financial clients around the clock using capacitive attacks such as Amplification, as well as attacks using encrypted protocols (HTTPS).

"These attacks continue even now. The most powerful one was about 100 Gbps. Moreover, in terms of the number of attacks we detected, this August is comparable to the entire last year," added she.

As explained by the founder and CEO of Qrator Labs, Alexander Lyamin, Amplification attacks are aimed at communication channels, and HTTPS or Application Layer attacks are aimed directly at applications. "DDoS attacks of this type are the most dangerous: they are difficult to detect and neutralize since they can simulate legitimate traffic," noted he.

Vulnerabilities in bank chatbots allow hackers to steal money

Awillix specialists discovered vulnerabilities in bank chatbots that could allow fraudsters to transfer money without the knowledge of customers. Positive Technologies confirmed the risks. The largest banks reported that they limit the functionality of chatbots in messengers. 

It should be noted that about 10% of Russian banks use chatbots: they can be used in messengers, mobile applications, social networks, on the website and in the contact center.

Alexander Gerasimov, Director of Information Security at Awillix, said that chatbots in messengers, which are used for individual account transactions, may be vulnerable to malicious attacks.

The company's specialists checked the security of chatbots in two Russian credit organizations and found similar logical vulnerabilities. They allow obtaining the number and expiration date of cards, as well as finding out the account balance and cell phone number of the client.

"During the pentests, it was possible to log into the test client's account and perform a money transfer operation," Alexander Gerasimov said.

Maxim Kostikov, head of the banking systems security research group at Positive Technologies, confirmed that chatbots can be subject to various vulnerabilities, which depend on their functionality. For example, security problems can allow you to get customer data, get into their personal accounts in the chatbot, and find out the card balance.

According to him, the most popular scenarios of deception are changing the functionality of the chatbot to collect information about the person who uses it, sending malicious software on behalf of a credit institution, replacing the robot with a fraudster during communication, creating fake chatbots of banks. 

"If a person uses a bank chatbot, which is able to make money transfers in the messenger, two-factor authentication can be configured to log into the application to protect funds," stressed Infosystems Jet expert, adding that there is also a danger in cases when an attacker gained direct access to the victim's device physically or as a result of a malicious attack.

Russian banks to launch a system against telephone fraud

Financial organizations are planning to launch a pilot project of a system for accounting and analyzing telephone fraud, said Alexey Voilukov, vice president of the Association of Banks of Russia. The service will allow to monitor calls, identify unscrupulous operators and more effectively track the fraudsters.

The Association will present the developments to the regulatory agencies along with proposals for changing the legislation. In order to improve the response to criminal attacks, the project should be implemented on the basis of the site of the supervisory authority, for example, the Ministry of Internal Affairs.

Experts believe that the owner of such a system should be one of the government agencies, authorized to request information from operators about the sources of traffic and to process data containing the secrecy of communications.

"It is necessary to tighten legislation in the field of personal data protection and tighten control over bank employees since fraudsters often obtain information about customers through leaks," added experts.

Tinkoff Bank believes that it will take about a month to test the project after the creation of an interdepartmental anti-fraud group. The bank will become one of the pilot's participants.

Other major credit organizations also supported the idea of implementing the system. The pilot of the project can start as early as the end of 2021 or the beginning of 2022. However, full work will require changes in the law.

According to Tinkoff, the number of malicious calls in the first quarter of 2021 increased 2.3 times compared to the same period in 2020. In addition, about 80% of phone scammers use number spoofing, so after launching the project of the system of accounting and analysis of telephone fraud, it will be much more difficult for them to carry out attacks.


Chinese Hackers Target Indian SBI Users Via Phishing

 

Recently Indian officials have reported that China-based cybercriminals are targeting customers of the Indian National Bank State Bank of India (SBI) with phishing scams by offering gifts. Hackers are asking users to update their KYC through a website link as they offer gifts worth around 5 million (INR 50 lakh) from the bank via a WhatsApp message. 

The research wing of New Delhi-based think tank CyberPeace Foundation, in collaboration with Autobot Infosec Pvt Ltd, investigated two similar cases that have targeted SBI customers, as of late. 

"All the domain names associated with the campaign have the registrant country like China," the research team informed IANS. The operational group will send you a message in which you will find a requesting KYC verification, the message will appear to be authentic and will resemble the official SBI online page. 

On clicking the "Continue to login" button, it will redirect the users to a full-kyc.php page, then it will ask them to fill in their credentials like username, password, and a captcha to log in to the online banking. 

"Following this, it asks for an OTP sent to the user's mobile number. As soon as the OTP is entered, it redirects the user to another page that asks the users to enter some confidential information again like account holder name, mobile number, date of birth. After entering the data, it redirects the user to an OTP page," the researchers informed. 

The team of researchers has suggested that the customers should avoid opening such links sent via social platforms, and if anyone finds anything suspicious they are recommended to contact their bank branch.

S&P: Cyberattacks Could Trigger More Rating Actions on Banks

 

Since the Covid pandemic intensified digitalization and remote working, the banking sector is becoming more vulnerable to cybercrime, according to S&P Global Ratings. 

In a report titled "Cyber Risk In A New Era: The Effect On Bank Ratings," the ratings agency stated that cyberattacks can affect credit ratings primarily through reputational damage and potential financial loss. Banks and other financial organizations are potential targets for cyber attackers because they hold valuable personal data and serve specific financial or economic requirements and sectors. 

Credit Analyst Irina Velieva stated, "Cyber attacks have had only a limited effect on bank ratings to date but can trigger more rating actions in the future as cyber incidents become more frequent and complex.”

Meanwhile, S&P stated, "Although it is crucial to learn from previous attacks and strengthen cyber-risk frameworks in real time, the appropriate detection and remediation of attacks takes precedence because the nature of threats will continue to evolve." 

According to the report, the cyber defense will become a more critical aspect of organizations' overall risk management and governance frameworks, necessitating increased expenditures and more advanced tools. The internet banking system is made up of many different programmes, networking devices, internet service providers, and other organizations. All of them are possible points of entry for attackers.

As per the RBI's annual report for 2019-20, the amount involved in banking frauds increased 2.5 times from Rs 71,500 crore in 2018-19 to Rs 1.85 lakh crore in 2019-20. 

Various banks and financial institutions rely on merchants and fintechs to provide third-party services. If outsider merchants don't have adequate security in place, the bank could find itself in hot water. Spoofing is also common when hackers create a website that appears and performs exactly like a financial institution's website's URL. 

When customers enter their login information on a spoof website, the information is stolen and used by those fraudsters later. There are chances that cybercriminals can commit fraud using a person's personal and financial information. A bank's privacy breach might result in the bank's customers' information being sold or purchased on the dark web by other attackers.

The largest international phishing center has been blocked in Ukraine

As a result of an international special operation, the Office of the Prosecutor General of Ukraine has stopped the activity of one of the world's largest phishing services for attacks on financial institutions in different countries.

The Prosecutor's Office said that as a result of the work of the phishing center, banks in 11 countries - Australia, Spain, the United States, Italy, Chile, the Netherlands, Mexico, France, Switzerland, Germany and the United Kingdom - were affected. According to preliminary data, the losses reach tens of millions of dollars.

It is reported that a hacker from Ternopil developed a phishing package and a special administrative panel aimed at the web resources of banks and their clients.

"The admin panel allowed to control the accounts of users who registered on compromised resources and entered their payment data, which were later received by the fraudsters. He created his own online store on the DarkNet network to demonstrate the functionality and sell his developments," the Prosecutor's Office explained the algorithm of the center's functioning.

More than 200 active buyers of malicious software were found.

According to the investigation, the hacker did not only sell their products but also provide technical support in the implementation of phishing attacks.

"According to the results of the analysis of foreign law enforcement agencies, more than 50% of all phishing attacks in 2019 in Australia were carried out with the help of the development of the Ternopil hacker," said the Department.

A criminal case has been opened on this fact under the article on unauthorized interference in the operation of computers, automated systems, computer networks, or telecommunications networks, as well as the creation of harmful software products for the purpose of using, distributing, or selling them.

Earlier, the deputy director of the National Coordination Center for Computer Incidents (NCCI), Nikolai Murashov, said that the United States had placed hackers in Montenegro and Ukraine. This was done allegedly under the pretext of protecting the elections.


TruKno TTP based Threat Intelligence Platform

TruKno’s ThreatBoard is a platform that helps security professionals uncover the root causes behind emerging cyber-attacks, Improving proactive defense postures..

TTP Based Threat Intelligence

Trukno, a Community-based Threat Intelligence Platform uncovering the root causes behind the latest cyber-attacks, is set to release their open-access beta December 22nd.

Every second a new attack in cyberspace takes place, according to a report by Acronis, 32% of all major companies are attacked at least once a day. Unless the outcome of these attacks are notable (like the FireEye breach), the reports of these attacks often get buried in the never-ending flow of new cyber information. These reports, when in the hands of the right people, oftentimes contain valuable intelligence on the Tactics, Techniques, and Procedures used by adversaries. This knowledge can help cyber defenders better assess risk and take proactive measures to prevent these same attack techniques from being effective against their organization. It can give valuable insights on where to funnel resources for more effective defense postures.

Hunt Smarter, not Harder.

Traditionally, uncovering root causes and criteria behind emerging cyber attacks is done in one of two ways:

    1. Manually scrolling through vendor blogs, government reports, and news outlets to find long-winded reports of cyber-attacks (trivial & time-intensive)

    2. Getting hand-curated, confidential reports from your threat intelligence team (requires multiple employees dedicated full-time to threat analysis)

The thing is, cyber security professionals rarely have time to do the manual sourcing, and even if they did, there is no certainty they would be able to find that one attack report that is relevant to their situation. Additionally, Threat intelligence analysts are in high demand and low supply, making them reserved for only the most mature security operations. 

TruKno’s AI engine ensures with a high level of confidence that not breach, campaign, or attack report goes unnoticed. It is actively keeping a pulse on the industry’s leading intelligence sources, identifying critical reports in real-time. TruKno’s analyst team then does manual analysis on these reports, identifying affected industries, technologies, actors, malware, and more. Most importantly, TruKno analyses these cyber-attacks through the lens of the MITRE ATT&CK Framework, offering a universal lexicon and database of observed threat techniques. 

TruKno wants to make TTP-based threat intelligence the foundation of any organization’s (or individual’s) Security posture. 

E Hacking news had a discussion with TruKno’s Founding Team: 

Manish Kapoor (Founder & CEO), Ebrahim Saed (Co-Founder & CTO), and Noah Binstock (Co-Founder & COO), in which we talked about the importance of TTP-Based Security and their upcoming beta release on the 22nd.

Manish Kapoor discussed the origins of TruKno:

 “Trukno was founded with the mission of arming security professionals with the information they need to keep us safe. The name itself is a translation of Gyaan, or True Knowledge. It is the clarity that comes from knowing the right information, at the right time.”

Before Founding TruKno, Manish spent 10 years helping the world’s largest service providers better understand the evolving threat landscapes to build better cybersecurity solutions for their customers. 

“My job required me to always be up to date with the latest emerging attacks, but there was no way for me, as a busy professional, to quickly and accurately stay up to date with new adversarial techniques and procedures. I knew there had to be a better solution than scrolling through hundreds of articles a day.”

Manish commented on the ‘gray-space’ between advanced intelligence tools reserved for advanced analysts at mature security organizations, and tools available to the cyber security community as a whole.

“There are a lot of incredible intelligence tools out there. The issue is, they are reserved for a very select group within the industry due to price point and complexity. Cyber security is a team sport, and a winning team is built up of individuals. There is a need for universal tools that can benefit all security stakeholders.”

Noah Binstock, Head of Operations at TruKno, also commented on their mission and the power of accessible intelligence.

“Informed decision making starts with having a full understand of the subject matter, this is true no matter what industry you are in. People are at the core of cybersecurity, and it is our mission to arm them with the tools they need to make the best decisions on behalf of us all.”

TruKno built its foundation off of the MITRE ATT&CK Matrix, a globally accessible knowledge base of adversary tactics and techniques based on real-world observation.

“We are seeing MITRE ATT&CK become a staple in many security organizations, and we align very closely with their mission of empowering the cyber community as a whole. We use the ATT&CK Framework to offer a common lexicon for all defenders”

Ebrahim Saed, the CTO of TruKno, is at the core of TruKno’s technical capabilities, allowing TruKno users to access an infinite database of cyber intelligence with no load time on the user end. He commented on the importance of responsive & user-friendly interfaces when it comes to intelligence.

“Gathering the intelligence is one thing. The real differentiator is making this critical intelligence instantly available, all at the users fingertips.”

Ebrahim is currently developing a mobile application for TruKno as well, enabling users to access real-world intelligence anywhere anytime. 

The Product:

Since its founding in October of 2018, TruKno has interviewed over 500 cybersecurity professionals, from Threat Analysts to CISOs, working in close collaboration with the cybersecurity community during product development. Here is what they are unveiling:

CyberFeed: 

Trukno’s CyberFeed is a free, customizable cybersecurity news manager to help the community easily access and organize the industry’s top intelligence and news channels. Access key articles while avoiding information overload. 

ThreatBoard: 

TruKno’s Threat Intelligence platform, ThreatBoard uses an AI engine to identify cyber-attacks as they are first reported on the web. They are then broken down by TruKno’s analyst team, extracting & curating key information, affected Industries, Technologies, Actors, Malware, and more. Additionally, Techniques behind these latest breaches are documented and paired with MITRE’s ATT&CK Framework, enabling users to identify potential risks to their organization based off of real-world observations. 

Upcoming Features: 

    • TruKno has already developed team collaboration functionalities, enabling users to securely collaborate on intelligence from Threatboard with their teams. They are waiting for key user feedback before they release team collaboration (TeamBoards).

    • Cyberfeed is currently being developed to allow users to upload their own source URLs, social media intelligence feeds and more. Sharing functions will also be enabled to empower the security community to easily share valuable resources.

    • TruKno is actively finding new ways to present the data being extracted from these reports and are currently improving interoperability between Threatboard analysis and the MITRE Organization’s ATT&CK Framework. 

    • TruKno’s AI effort, led by Dr. Rob Guinness, is constantly improving, automating more and more analysis, meaning more insights.

    • The team is currently working with key industry stakeholders to enable API integration with TruKno’s intelligence data, enabling more actionable intelligence for security teams.

Hunt Smarter, Not Harder

In short, TruKno’s goal is to help the cyber security community get the intelligence they need to help keep us safe. TTP based threat intelligence is a valuable lens for all security professionals, and they hope that their tools can help make it a community staple.

The TruKno Open beta is live at  www.TruKno.com

Cyber criminals scam bank customers pretending to be from bank security

 Attackers call a potential victim and offer to install an app on their phone that "reliably protects money from theft." And then, with the help of this app, they steal the money from the card or get a loan on behalf of the victim.

According to Sergey Sherstobitov, head of the Angara information security integrator, fraud is committed using a malicious program that can intercept passwords when they are activated in banking applications. Then, with their help, the attackers can easily transfer funds to another account.

Dmitry Kuznetsov, head of methodology and standardization at Positive Technologies, warns that Bank employees never ask customers for card or account details.

The police do not exclude that such fraud may be widespread and asks Russians to remain vigilant.

According to the Central Bank, the activity of telephone scammers increased four times in the first six months of this year. In total, the regulator recorded more than 360 thousand unauthorized transactions with funds of Russians for a total of about 4 billion rubles ($51,8 million). Banks returned about 485 million rubles ($6 million) of stolen money to their clients.

The low percentage of refunds from the Bank is due to the fact that people, in fact, become victims of their own free will. After all, the client signs an agreement with the Bank that prohibits the transfer of confidential information about the Bank card to third parties, said lawyer Yakovlev.

However, it should be noted that the data of clients of Russian banks has risen in price on DarkNet. Ashot Hovhannisyan, the founder of the DLBI DarkNet search and monitoring service, explains that the increase in the cost of such services indicates a decrease in the number of offers on the market. This, in turn, means that credit institutions reduce the chances of hackers to steal data and increase security.

Money stolen from bank accounts of Russians twice as much as last year

In Russia, for the period from January to August 2020, more than 100 thousand thefts of funds from a Bank account were recorded, twice as much as last year. The number of cases of fraud using electronic means of payment has also doubled.

According to the Prosecutor General's Office, now every fifth fact of theft is associated with the theft of funds from accounts.

The Central Bank said that hacker attacks are more frequent in 2020, but the effectiveness of attacks on banks has not increased. Fraudsters are now increasingly trying to deceive citizens using social engineering, so the number of calls has increased four times. At the same time, new criminal schemes have not appeared, but now criminals have begun to actively use the topic of COVID-19.

Vitaly Trifonov, Deputy head of the Group-IB Computer Forensics Laboratory, explained the reasons for the increase in attacks: "On the one hand, this is facilitated by the gradual digitalization of life, when more and more people make purchases online, pay with a card and use an ATM less. On the other hand, there are simple and working fraud schemes that do not require special skills or investment”.

Moreover, in the past year and a half, cases of theft of money from citizens using social engineering methods have become more frequent in Russia. According to a study by Digital Security, when files are transferred via email and cloud services, metadata about them is saved and used by fraudsters.