Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Finance. Show all posts
Sensitive data
API Cyber Security Finance Healthcare NHIs Sensitive data

Why Non-Human Identities Are the New Cybersecurity Nightmare







In April, business intelligence company Sisense fell victim to a critical security breach that exposed all vulnerability in managing non-human identities (NHIs). The hackers accessed the company's GitLab repository that contained hardcoded SSH keys, API credentials, and access tokens. Indeed, this really opened the book on why NHIs are a must and how indispensable they have become in modern digital ecosystems.

Unlike human users, NHIs such as service accounts, cloud instances, APIs, and IoT manage data flow and automate processes. Therefore, in the majority of enterprise networks, with NHIs now far outscaling human users, their security is crucial to prevent cyberattacks and ensure business continuity.

The Threat of Non-Human Identities

With thousands or even millions of NHIs in use within an organisation, no wonder cybercrooks are turning their attention to these. Typically, digital identities are less comprehensively understood and protected, so that easily becomes an easy target for them. In fact, data breaches involving NHIs have already become more widespread, especially as companies increase their usage of cloud infrastructures and automation.

Healthcare and finance are basically soft targets because these industries have strict regulations on compliance. Getting found in violation of standards such as the Health Insurance Portability and Accountability Act (HIPAA) or the Payment Card Industry Data Security Standard (PCI DSS) could come in the form of a fine, reputational damage, and a loss of customer trust.

Why Secure NHIs?

With the complexity of digital ecosystems constantly growing, the security of NHIs becomes all the more important. Companies are drifting toward a "zero-trust" security model, where no user--neither human nor non-human-is trusted by default. Every access request needs to be verified. And especially, this concept has been very effective in decentralised networks that come with large numbers of NHIs.

Locking down NHIs lets the organisations control sensitive data, reduce unauthorised access, and comply with regulation. In the case of Sisense, when management of NHIs is poor, they very soon become a gateway for the cybercriminals.

Best Practices in Managing NHI

To ensure the security of non-human identity, these best practices have to be adopted by an organisation:


 1. Continuous Discovery and Inventory
Automated processes should be in place so that there is always a live inventory of all the NHI across the network. This inventory captures proper details of the owner, permissions, usage patterns, and related risks associated with that NHI. Control and monitoring over these digital identities is enhanced through this live catalog.


 2. Risk-Based Approach
Not all NHIs are the same, however. Some have access to highly sensitive information, while others simply get to perform routine tasks. Companies should have a risk-scoring system that analyses what the NHI has access to, what it accesses in terms of sensitivity, and the effect if broken into.

3. Incident Response Action Plan
A percentage of security will then be allocated based on those with the highest scores. Organisations should have a structured incident response plan aligned with NHIs. They  should also have pre-defined playbooks on the breach related to non-human identities. These playbooks should outline the phases involved in the incident containment, mitigation, and resolution process, as well as the communication protocols with all stakeholders.

4. NHI Education Program
A good education program limits security risks associated with NHI. Developers should be trained on coding secure practices, including the dangers of hardcoded credentials, and operations teams on proper rotation and monitoring NHIs. Regular training ensures that all employees are aware of best practices.


 5. Automated Lifecycle Management
The NHIs will also get instantiated, updated, and retired automatically. Thus, security policies will be enforced for all the identity lifecycle stages. This will eradicate human errors in the form of unused or misconfigured NHIs with possible exploits by attackers.


 6. Non-Human Identity Detection and Response (NHIDR)
The NHIDR tools set baseline behaviour patterns for NHIs and detect the anomaly that could indicate a breach. Organisations can monitor the activities of NHIs with these tools and respond quickly to suspicious behaviour, thereby preventing more breaches.


 7. Change Approval Workflow
In most cases, change approval workflow should be embedded before changes to NHIs like the change of permissions or transfers between systems are affected. The security and IT teams must assess and approve the process so that there are no unnecessary risks developed.

8. Exposure Monitoring and Rapid Response
Organisations must expose NHIs, which means they must identify and resolve the vulnerabilities quickly. Automated monitoring solutions can find exposed credentials or compromised APIs, set off alerts, and initiate incident response procedures before a potentially malicious actor could act.

The Business Case for NHI Management

Investments in the proper management of NHI can produce large, long-term benefits. Companies can prevent data breaches that cost on average $4.45 million per incident and keep money at the bottom line. Simplified NHI process also helps save precious IT resources, thereby redirecting security teams' efforts toward strategic initiatives.

For industries that require high levels of compliance, such as health and finance, much of the NHI management investment often pays for itself through better regulatory compliance. Organisations can innovate more safely, knowing their digital identities are safe, through a good NHI management system.

As businesses start relying more and more on automation and the cloud, it will be based on the solid and well-rounded management of NHI. A good approach toward NHI management would largely prevent security breaches and ensure industry compliance. Such a posture will not only save the data but help the organisation position itself as a long-term winner in the fast-changing digital world.


Read more »
Technology
Bank Security Credit Card data security Finance Personal Data Slim CD Technology

The Slim CD Data Breach: 1.7 Million Credit Cards Compromised


Credit card security has always been a challenge for users, as hackers try innovative ways to lure the victims. In a massive data breach, payment gateway provider Slim CD (it offers payment processing services for both online and offline merchants) revealed it has suffered a data breach that impacted credit card and personal data that belongs to around 1.7 million users. 

About Slim CD Breach

Like recent data breaches, your personal information could now be with threat actors, and it is not your fault. This blog covers details related to the breach, and the steps you can take to protect your credit card and avoid misuse of credit card numbers.

In the notification sent to affected victims, Slim CD said hackers gained access to its network for almost a year, from August 2023 to June 2024. But they could only steal credit card details between June 14 and 15 of this year.

Earlier this year in June, Slim CD found that suspicious users had access to its systems. After that, the company launched an inquiry, which revealed that hackers had first gained entry into the networks in August 2023. The stolen data includes physical addresses, full names, credit card numbers and card expiry dates. Luckily, card verification numbers or CVVs weren't stolen, the company says.

Experts believe that without CVV, hackers can't do much with the stolen credit card data or make any fraudulent transactions with your credit card. But the risk of credit card fraud is still there.

How to protect yourself?

Generally, if you suffer a major data breach, the company offers free access to either credit monitoring or identity theft protection services. But in the case of Slim CD, it isn't doing anything like this for affected users.

What have we learned?

The Slim CD incident has highlighted various gap areas for both businesses and customers.

1. Robust Security Measures: Investment is crucial in this area this includes encryption, two-factor authentication, and frequent security audits. These steps can help protect against unauthorized attempts at stealing sensitive info.

2. Monitoring: Customers should frequently keep an eye on their bank statements and credit reports for any suspicious activity. Threat detection at an early stage can reduce the damage caused by a data breach.

3. Quick Response: In the event of a data breach, a fast response becomes important. Informing impacted individuals and offering support can help minimize the damage and rebuild trust.

4. Being Informed and Educated: Both companies and customers should be aware about the basic safety steps needed to be safe from a data breach. For businesses awareness programs and training campaigns can provide certain help.

Read more »
Technology
AI AI regulation Artificial Intelligence Finance Healthcare Technology

Australia’s Proposed Mandatory Guardrails for AI: A Step Towards Responsible Innovation


Australia has proposed a set of 10 mandatory guardrails aimed at ensuring the safe and responsible use of AI, particularly in high-risk settings. This initiative is a significant step towards balancing innovation with ethical considerations and public safety.

The Need for AI Regulation

AI technologies have the potential to revolutionise various sectors, from healthcare and finance to transportation and education. However, with great power comes great responsibility. The misuse or unintended consequences of AI can lead to significant ethical, legal, and social challenges. Issues such as bias in AI algorithms, data privacy concerns, and the potential for job displacement are just a few of the risks associated with unchecked AI development.

Australia’s proposed guardrails are designed to address these concerns by establishing a clear regulatory framework that promotes transparency, accountability, and ethical AI practices. These guardrails are not just about mitigating risks but also about fostering public trust and providing businesses with the regulatory certainty they need to innovate responsibly.

The Ten Mandatory Guardrails

Accountability Processes: Organizations must establish clear accountability mechanisms to ensure that AI systems are used responsibly. This includes defining roles and responsibilities for AI governance and oversight.

Risk Management: Implementing comprehensive risk management strategies is crucial. This involves identifying, assessing, and mitigating potential risks associated with AI applications.

Data Protection: Ensuring the privacy and security of data used in AI systems is paramount. Organizations must adopt robust data protection measures to prevent unauthorized access and misuse.

Human Oversight: AI systems should not operate in isolation. Human oversight is essential to monitor AI decisions and intervene when necessary to prevent harm.

Transparency: Transparency in AI operations is vital for building public trust. Organizations should provide clear and understandable information about how AI systems work and the decisions they make.

Bias Mitigation: Addressing and mitigating bias in AI algorithms is critical to ensure fairness and prevent discrimination. This involves regular audits and updates to AI models to eliminate biases.

Ethical Standards: Adhering to ethical standards in AI development and deployment is non-negotiable. Organizations must ensure that their AI practices align with societal values and ethical principles.

Public Engagement: Engaging with the public and stakeholders is essential for understanding societal concerns and expectations regarding AI. This helps in shaping AI policies that are inclusive and reflective of public interests.

Regulatory Compliance: Organizations must comply with existing laws and regulations related to AI. This includes adhering to industry-specific standards and guidelines.

Continuous Monitoring: AI systems should be continuously monitored and evaluated to ensure they operate as intended and do not pose unforeseen risks.

Read more »
North Korea Hackers
Crypto Hacking cryptocurrency cryptocurrency theft Cyber Security Finance North Korea Hackers

The Week of Crypto Platform Breaches: Prisma Finance Incident Highlights

 

The past week witnessed a series of bewildering events in the realm of cryptocurrency, marked by breaches on two prominent platforms that left the crypto community grappling with perplexing motives and unexpected outcomes. 

The first incident unfolded on Tuesday evening when the Munchables blockchain-based game fell victim to an attack, resulting in the theft of approximately $62 million worth of cryptocurrency. Initial speculation pointed towards North Korea-linked hackers, given the country's history of targeting cryptocurrency platforms for financial gain. However, the situation took an unexpected turn when the alleged perpetrator voluntarily returned the stolen funds without any ransom demands. 

In a surprising twist, Munchables shared that the individual behind the attack had relinquished access to the private keys containing the stolen funds, expressing gratitude for their cooperation. Despite this resolution, questions lingered about the circumstances surrounding the incident, including the attacker's identity and motives, prompting calls for enhanced security measures within the crypto community. Shortly thereafter, another breach occurred on Thursday evening, this time affecting Prisma Finance, a popular decentralized finance (DeFi) platform, which suffered a loss of approximately $11.6 million. 

However, the aftermath of this breach was marked by cryptic messages from the hacker, who claimed the attack was a "white hat" endeavour aimed at highlighting vulnerabilities in the platform's smart contracts. The hacker, whose identity remained undisclosed, reached out to Prisma Finance seeking to return the stolen funds and engaging in a discourse about smart contract auditing and developer responsibilities. 

Despite the hacker's apparent altruistic intentions, the incident underscored the importance of rigorous security measures and comprehensive audits in the DeFi space. Prisma Finance later released a post-mortem report detailing the flash loan attack that led to the breach, shedding light on the exploitation of vulnerabilities in the platform. The report emphasized ongoing efforts to investigate the incident and ensure the safety of users' funds, highlighting the collaborative nature of the crypto community in addressing security breaches. 

These breaches come against the backdrop of heightened scrutiny of cyberattacks on cryptocurrency platforms, with a recent United Nations report identifying North Korean hackers as key perpetrators. The report highlighted a staggering $3 billion in illicit gains attributed to North Korean cyberattacks over a six-year period, underscoring the persistent threat posed by state-sponsored hackers in the crypto space. 

As the investigation into these breaches continues, the crypto community remains vigilant, emphasizing the importance of robust security measures and proactive collaboration to safeguard against future threats. While the motives behind these breaches may remain shrouded in mystery, the incidents serve as a stark reminder of the ever-present risks associated with digital assets and the imperative of maintaining heightened security protocols in the evolving landscape of cryptocurrency.
Read more »
Technology
Cyberattacks CyberCrime Cybersecurity CyberThreat Finance Google Play Store MoS Technology

MoS Finance Comments Google's Swift Response in Removing 2,200 Deceptive Loan Apps

 


According to the government, over 2,200 fraudulent loan apps have been suspended or removed from Google's Play Store between September 2022 and August 2023, as outlined in a written statement issued by the government on Tuesday. 

As per a written reply to a Rajya Sabha question, Minister of State for Finance Bhagwat K Karad said the government has been in constant contact with the Reserve Bank of India (RBI) and other regulators and stakeholders to control fraudulent loan apps. 

Based on the information provided by MeitY (Ministry of Electronics and Information Technology), it seems that Google has reviewed about 3,500 to 4,000 loan apps between April 2021 and July 2022 and has suspended or removed over 2,500 of those apps from its Play Store during this period. 

It was stated that the Reserve Bank of India has released a set of regulatory guidelines that aim to strengthen the regulatory framework for digital lending and to make sure the customer's safety and well-being are protected, as well as ensuring a safe and secure digital lending ecosystem so that, ultimately, a more secure digital lending environment can be created. 

Several regulatory guidelines have been issued by the Reserve Bank of India on digital lending, according to the minister, aimed at strengthening the regulatory framework for digital lending, improving customer protection, and making the digital lending ecosystem a safer and healthier place to operate. 

The Indian Cyber Crime Coordination Centre (I4C), Ministry of Home Affairs (MHA) has been continuously analysing digital lending apps, he said. The Minister of State of Finance, MoS Karad, revealed that the government has been actively working with regulatory authorities like the Reserve Bank of India to reduce the number of illegal loan apps in the country. 

To mitigate vulnerabilities in the Indian financial system, Karad stressed the need for timely action by the Indian government to maintain cybersecurity preparedness. According to him, one of the efforts in this regard had been the RBI sharing with MeitY an exclusive list of 442 unique digital lending applications for whitelisting, a list which had also been shared with Google and was part of a similar effort. 

In the preceding two and a half years of collaborating with the tech giant, MeitY has removed or suspended over 4,700 fraudulent loan apps from the Google Play Store due to its collaboration with MeitY. The purge was carried out between April 2021 and July 2022 by Karad. After that, another 2,200 apps were removed between September 2022 and August 2023 by Karad. 

As per Karad, about 2,500 loan apps were taken down between April 2021 and July 2022. In addition to that, the minister also pointed out that Google has implemented stricter policies regarding the enforcement of loan apps on its Play Store, only allowing those apps that are created by regulated entities or those that are affiliated with them. 

Aside from this, it was also mentioned that the RBI has issued regulatory guidelines on digital lending in tandem with the actions mentioned above, to enhance customer protection in the digital lending ecosystem by strengthening the regulatory framework and fortifying oversight. As part of its efforts to combat cybercrime, the Indian Cybercrime Coordination Centre (I4C) is actively monitoring digital lending applications under the Ministry of Home Affairs. 

A national cybercrime reporting portal and a dedicated helpline number have been established by the union home ministry to give citizens the ability to report cybercrime incidents, including those related to illegal loan apps. 

The government of India and the Reserve Bank of India have undertaken several awareness initiatives, such as social media safety tips, educational handbooks, and campaigns to combat cybercrime, as part of their efforts to raise public awareness. 

According to the minister, the government will maintain vigilance, take regulatory actions, and conduct awareness campaigns, including e-BAAT, electronic banking awareness and training (e-BAAT) programs run by the Reserve Bank of India, to combat cybercrimes, particularly those relating to fraudulent loan apps. 

Since JanSamarth launched its portal at the end of last year, more than 1,83,903 beneficiaries have applied for loans via the JanSamarth portal, reaching a total of more than 2,10,000 beneficiaries. During 2022-23, Karad reportedly reported 7,25 cases of fraud related to UPI in a separate response. In total, there were 573 crores involved in these fraud cases, which amounts to a large amount of money.
Read more »
Private Information
CISA Citrix Bleed Bug Cyber Security Finance Healthcare Malicious actor Private Information

Ransomware Surge: 2023 Cyber Threats

In the constantly changing field of cybersecurity, 2023 has seen an increase in ransomware assaults, with important industries like healthcare, finance, and even mortgage services falling prey to sophisticated cyber threats.

According to recent reports, a ransomware outbreak is aimed against critical services like schools, hospitals, and mortgage lenders. These attacks have far-reaching consequences that go well beyond the digital sphere, producing anxiety and disturbances in the real world. The state of affairs has sparked worries about the weaknesses in our networked digital infrastructure.

A concerning event occurred at Fidelity National Financial when a ransomware debacle shocked homeowners and prospective purchasers. In addition to compromising private financial information, the hack caused fear in those who deal in real estate. This incident highlights the extensive effects of ransomware and the necessity of strong cybersecurity protocols in the financial industry.

Widespread technology vulnerabilities have also been exposed, with the Citrix Bleed Bug garnering media attention. The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings due to the growing damage caused by this cybersecurity vulnerability. The growing dependence of businesses and organizations on digital platforms presents a significant risk to data security and integrity due to the potential for exploiting vulnerabilities.

On the legislative front, the National Defense Authoration Act (NDAA) looms large in the cybersecurity discourse. As the specter of cyber threats continues to grow, policymakers are grappling with the need to bolster the nation's defenses against such attacks. The imminent NDAA is expected to address key issues related to cybersecurity, aiming to enhance the country's ability to thwart and respond to cyber threats effectively.

The healthcare sector has not been immune to these cyber onslaughts, as evidenced by the Ardent Hospital cyberattack. This incident exposed vulnerabilities in the healthcare system, raising questions about the sector's preparedness to safeguard sensitive patient information. With the increasing digitization of medical records and critical healthcare infrastructure, the need for stringent cybersecurity measures in the healthcare industry has never been more pressing.

The ransomware landscape in 2023 is characterized by a concerning surge in attacks across various critical sectors. From financial institutions to healthcare providers, the vulnerabilities in our digital infrastructure are being ruthlessly exploited. As the world grapples with the fallout of these cyber threats, the importance of proactive cybersecurity measures and robust legislative frameworks cannot be overstated. The events of 2023 serve as a stark reminder that the battle against ransomware is an ongoing and evolving challenge that requires collective and decisive action.



Read more »
Sensitive data
Crypto Crypto Currency Crypto Firms Cyber Secuirty Encryption Finance Protocol Sensitive data

Modern Cryptographic Methodologies Are Essential for Cybersecurity

Robust cybersecurity measures are more important than ever in a time when technological breakthroughs rule the day. A major risk to an organization's security is outdated cryptographic protocols, which make it open to cyberattacks. According to recent reports, organizations must immediately upgrade their cryptography methods in order to keep up with the constantly changing landscape of cyber threats.

The cybersecurity landscape is constantly evolving, and cybercriminals are becoming increasingly sophisticated in their techniques. This means that older cryptographic protocols, once considered secure, may now be vulnerable to attacks. The use of outdated protocols can expose sensitive data and leave organizations susceptible to breaches.

According to a recent article on Help Net Security, organizations can mitigate these risks by adopting modern cryptographic protocols. By staying informed about the latest advancements and best practices in encryption, businesses can ensure that their data remains secure.

One company at the forefront of modern encryption solutions is Virtru. Their platform offers state-of-the-art encryption tools designed to protect sensitive information across various platforms and applications. By leveraging Virtru's technology, organizations can enhance their data security and safeguard against potential breaches.

Moreover, maintaining robust cybersecurity practices can also have financial benefits. A report from Help Net Security suggests that organizations can decrease their cyber insurance premiums while still maintaining adequate coverage. By demonstrating a commitment to strong security measures, companies can negotiate better insurance rates, ultimately saving on costs.

In addition to updating cryptographic protocols, it's essential for organizations to implement a multi-layered approach to security. This includes regular security assessments, employee training, and proactive monitoring for potential threats. By taking a comprehensive approach to cybersecurity, businesses can fortify their defenses against evolving cyber threats.

Keeping up with cryptographic protocols is essential to ensuring strong cybersecurity. Organizations must maintain constant awareness and implement proactive security measures due to the ever-changing world of cyber threats. Businesses may strengthen their defenses and protect their sensitive data from potential intrusions by adopting modern encryption technologies and putting in place a multifaceted security approach.



Read more »
User Data
Aadhaar card Credit Card Digital Payment Finance Online Payments OTP Payment Apps Paytm Privacy Sensitive Information User Data

Paytm's Innovative ID-Based Checkout Solution

Paytm has made history by being the first payment gateway to provide retailers an alternative ID-based checkout solution. The way transactions are carried out in the world of digital payments is about to undergo a revolutionary change because of this ground-breaking innovation.

Traditional Internet transactions need a multi-step procedure that includes entering personal information, OTP verification, and payment confirmation. By enabling consumers to make payments using additional IDs like Aadhaar, PAN, or mobile numbers, Paytm's new system accelerates this procedure. This not only streamlines the checkout process but also improves security and lowers the possibility of mistakes.

The alternate ID-based checkout solution comes at a crucial time when the demand for seamless and secure online payments is higher than ever. With the surge in e-commerce activities, consumers seek faster and more convenient payment methods. Paytm's innovative approach addresses this need by eliminating the need for remembering complex passwords or digging through wallets for credit card information.

One of the major advantages of this system is its inclusivity. It caters to a wide range of users, including those who may need access to traditional banking services but possess valid alternate IDs. This democratization of online payments is a significant step towards financial inclusion.

Moreover, Paytm's solution is not limited to registered users. It includes a guest checkout option, allowing even first-time users to enjoy the benefits of this streamlined payment process. This opens up a whole new market of potential customers who may have been deterred by the complexity of conventional payment methods.

Security remains a paramount concern in the digital payment ecosystem, and Paytm has taken meticulous steps to ensure the safety of every transaction. The alternate ID-based system employs advanced encryption protocols and multi-factor authentication to safeguard sensitive information. This reassures both merchants and consumers that their data is protected.

Paytm's launch of the alternative ID-based checkout solution establishes a new benchmark for online payments as one of the fintech sector's innovators. The user experience is improved by this innovation, which also responds to the changing needs of a broad and expanding consumer base. Paytm is well-positioned to take the lead in determining the direction of future online transactions with its user-friendly approach and uncompromising dedication to security.

Read more »
Unauthorized access
Digital Currency. Digital Payment Encryption Europe Finance online transactions Policymaking process Privacy Unauthorized access

Consumer Finance Group Supports Enhanced Privacy in the Use of Digital Euro

Privacy and security in financial transactions are becoming increasingly important in our digital age. The Consumer Finance Group's recent call for stricter privacy protections for the digital Euro is a proactive step to ensure that people's financial information is protected.

The Consumer Finance Group, a prominent advocate for consumer rights, has raised concerns about the potential privacy vulnerabilities associated with the digital Euro, which is currently under development by the European Central Bank. As reported by ThePrint and Reuters, the group emphasizes the need for robust privacy protections.

One of the key concerns highlighted by the Consumer Finance Group is the risk of digital Euro transactions being traced and monitored without adequate safeguards. This could lead to an invasion of financial privacy, as every transaction could potentially be linked to an individual, raising concerns about surveillance and misuse of data.

To address these concerns, the group has proposed several measures:

  • Enhanced Encryption: They suggest implementing advanced encryption protocols to protect the privacy of digital Euro users. This would make it exceedingly difficult for unauthorized parties to access transaction details.
  • Anonymous Transactions: The group advocates for the option of anonymous transactions, allowing users to make payments without revealing their identities. While this could raise concerns about potential illicit activities, it also protects the privacy of law-abiding citizens.
  • Clear Data Retention Policies: Consumer Finance Group also calls for transparent data retention policies, ensuring that personal financial data is not stored longer than necessary and is subject to strict regulations.
  • User Consent: They propose that users should have clear and informed consent regarding the collection and use of their financial data, empowering individuals to make choices about their privacy.

While these measures are essential for safeguarding privacy, it's essential to strike a balance between privacy and security. Implementing stringent privacy measures must also consider the need to combat financial crimes such as money laundering and terrorism financing.

The European Central Bank and policymakers should carefully consider the recommendations put forth by the Consumer Finance Group. Finding the right balance between privacy and security in the digital Euro's design will be crucial in gaining public trust and ensuring the widespread adoption of this digital currency.

The need for stronger privacy protections in the digital Euro is a reminder of the importance of safeguarding personal financial data in our increasingly digitalized society. Regulators and financial institutions must prioritize addressing these privacy issues as digital currencies become more widely used.

Read more »
Technology
Account Aggregators AI Artificial Intelligence Finance Finance ministry Generative AI GOI Government of India Public sector bank State-run Banks Technology

India’s Finance Ministry Tell State-run Banks to Adopt Emerging Technologies to Increase Operational Efficiency


The Indian finance ministry has ordered state-run banks to collaborate and take use of emerging technology to improve operational effectiveness and customer experience.

In a meeting, headed by Finance Minister Nirmala Sitharaman to assess the activities and performance of public sector banks (PSBs), utilization of account aggregators and generative artificial intelligence for banking operations was taken into consideration in order to correspond with the innovative technological advancements.

The finance minister further highlighted the significance of PSBs into exploring partnerships in human resource training and utilizing technology to provide a cost efficient service to customers. These resources and knowledge will ultimately provide enhancement in the PSBs’ operational capability and a better experience to their customers.

What are These Technologies? 

Account Aggregators provide consented sharing of financial data within and between financial institutions once the customers have approved. This enables a consolidated overview of a person's financial data from many accounts and organizations.

Generative Artificial Intelligence is the AI system that can be used to generate content, like text, images or applications, based on training data. Its ability to automate a number of processes and tasks, improves its efficiency and productivity.

Adopting these emerging technologies will streamline the bank’s operations, cut off the costs, and provide a better customer experience. The instruction from the finance ministry emphasizes the government's dedication to using technology in the banking sector and improve overall performance and customer satisfaction.

Security Approach

The government has also issued a cautionary state to the state-controlled banks over the protection of customer data when contracting out essential services, notably technological services. In order to reduce costs and improve security, the statement demonstrates the value of protecting personal information and the necessity of lender cooperation.

While the state-run banks are inclined into investing in technological upgrades like AI and machine learning, this is eventually leading to higher expenses. To evade the issue, the government has asked banks to work collaboratively in sharing information in areas like ‘cybersecurity,’ thus aiding in reducing cost.

Banks can work on collaborating and adopting effective cybersecurity measures and secure the personal information of their clients by pooling resources and sharing infrastructure. This cooperative strategy can reduce the dangers of data breaches and improve the state-run institutions' overall security posture.

The government's warning indicated a rising understanding of the significance of cybersecurity and data protection in the financial industry. It emphasizes the necessity for banks to exercise caution when contracting out technical services, making sure that sufficient safeguards are put in place to protect customer data throughout the entire process.

Read more »
Finance
Blockchain cryptocurrency Cyberscams DeFi Digital WAllets Finance

DeFi Clients Lost $228 Million to Hackers in Past 3 Months


In the recent past, there has been a dramatic rise in the number of cyber incidents, where cyber threat actors have tried to exploit many cryptocurrency projects. It is interesting to note that hackers have significantly targeted DeFi, according to the latest report by the leading bug bounty program – Immunefi.

According to this report, the total hacks across blockchains have increased up to 63%, during the second quarter of 2023 when compared to the activities recorded from the same period last year. While the overall losses went as low as 60%, ImmuneFi notes that the number of hacks has only grown by 65%, with the losses shooting up by 225%.  

According to Immunefi's analysis of the attacks that were launched against DeFi platforms, they lost an overall sum of around $228 million in the second quarter across 79 separate cyber incidents. In comparison, over the course of two instances, centralized platforms lost $37 million. 

The firm’s analysis further concluded that most of the losses in cryptocurrency were a result of two specific incidents – the Atomic Wallet Hack of June 3 and the exit scam by the Fintoch platform, which is no longer in use. 

Atomic Wallet Hack 

The self-custodial wallet – Atomic Wallet – lost a whopping $100 million in crypto allegedly to the North Korea-linked hackers, Lazarus Group. According to the Atomic Wallet team, the threat organization affected “less than 0.1” of its customers, however, they did not make it clear if Lazarus was actually behind the attacks.

Fontoch 

After promising users a 1% daily interest on their investments, FinToch disappeared, losing almost $32 million in user funds in May. The scam, better known by the name ‘rugpull,’ was first discovered by Twitter blockchain sleuth ZackXBT. 

In addition, Immunefi also found that some chains were targeted more than others. The firm found that assaults on Ethereum and BNB Chain accounted for 77% of all losses in the most recent quarter, with Arbitrum coming in second at 12%. Given that Arbitrum had absolutely no issues during the same time period last year, they claimed that attacks on it were noteworthy. However, both Arbitrum and Binance spokespeople denied to comment on the matter.  

Read more »
InfraGard
Cyber Security Database Breach FBI Finance InfraGard

Attacker Uses InfraGard Devices to Access FBI by Posing as Firm

According to experts that spoke to independent cybersecurity writer Brian Krebs, who first reported the incident, the hacker gained access to InfraGard's online site by pretending to be the CEO of a finance company. They described the screening procedure as surprisingly loose. 

Tens of thousands of contact info for public figures were advertised for sale on the dark web after hackers took advantage of a security flaw in one of the FBI's databases. 

According to reports, a hacker who pretended to be the CEO of a financial institution claims to have gained access to the than 80,000-member database of InfraGard, an FBI outreach program that communicates sensitive information on cybersecurity and threats to national security with public officials and private sector actors who manage critical infrastructure in the United States.

Last weekend, a hacker claimed to have samples from the database and posted them to a website forum frequented by internet criminals. They claimed to be seeking $50,000 for the complete database.

The FBI made no attempt to explain how the hacker managed to trick the organization into granting the InfraGard membership. When submitting an application to join InfraGard in November, the hacker reportedly will include a contact email address under its control as well as the CEO's actual mobile phone number. 

The FBI can interact with corporate leaders, entrepreneurs, lawyers, security personnel, military, and government officials, IT experts, academia, and state and local law enforcement through the InfraGard site. The Infragard homepage states that the portal is primarily intended for information exchange and education regarding new threats.   

The associated information from the hacker's chat has been submitted by KrebsOnSecurity so they can be taken down from the InfraGard forum. However, the hacker revealed to Krebs they had been contacting InfraGard personnel while assuming the role of the CEO of the financial institution in an effort to gather more private information that could be used in criminal activity.  
Read more »
User Privacy
Cyber Security Digital Currency. Finance Indian Bank Indian Rupee RBI UPI User Privacy

Indian Digital Currency Era – A Quick Look

Compared to more conventional forms of money like cash notes or coins, electronic money stored in bank accounts, mobile banking applications, and credit cards is quickly replacing the public's perception of finance.

The popularity of UPI demonstrates the preference for digital money systems. India has been pushing hard to become cashless, starting with the decision to implement demonetization in 2016. That same year also saw the launch of the real-time payments system known as the Unified Payments Interface (UPI). The paradox in the existing system is that although digital transactions are becoming more common, cash is still very popular in India.

In terms of transaction value, UPI executed 7.3 billion transactions in October, totaling Rs. 12.11 lakh crore, a record high. While volumes increased 73.3 percent during the same period, transaction values increased by 56.6 percent year over year.

Cryptocurrencies vs. Digital Rupee

A CBDC, as defined by the RBI, is "a legal tender issued by a central bank in digital form. It can be exchanged one-to-one for fiat money and is equivalent to it. All that has changed is its form. "

However, it is impossible to directly compare a CBDC to a cryptocurrency.

"A CBDC is not a commodity or a claim on a commodity or a digital asset, unlike cryptocurrencies. They are not money definitely not a currency in the sense that the term has historically been used, "according to the RBI's release.

According to the tracker maintained by the Atlantic Council, 98 nations are currently investigating CBDCs. Of these, 11 nations have started CBDCs. In light of this situation, the RBI is acting in a calibrated way to start CBDCs. It is currently looking into the possibility of implementing wholesale CBDCs based on accounts and retail CBDCs based on tokens.

"When something new enters the market, the old need to adapt, and the new need to control the change", says Nikhil Kamath, co-founder of Zerodha. "While many have been critical of #CBDC, we might be overlooking the big picture, remittances, unbanked economy, and minimizing subsidy leakage."

The increasing use of cryptocurrency stablecoins, which tie their value to another currency or asset, has also alarmed a number of central banks. According to a Press Trust of India report, RBI officials informed a parliamentary finance committee in 2022 that the 'dollarization' of a portion of the economy by cryptocurrencies could be detrimental to the nation's interests.

Money transfers via cell phones would be quick and easy, according to Sathvik Vishwanath, co-founder, and CEO of Unocoin, a rival cryptocurrency exchange. The digital rupee will most importantly aid in the eradication of problems with counterfeit money.

According to FIS's Cheema, adoption of the CBDC in the wholesale sector (CBDC-W) has large benefits and substantially fewer dangers than in the more complicated domain of retail CBDC (CBDC-R). In the future, CBDC-R will supplement existing payment structures, not replace them.

The digital rupee will therefore be available for use by all Indian citizens whenever the RBI begins to print it.




Read more »
FTX
bankruptcy Binance Crypto Crypto Firms Data Breach Finance FTX

FTX Filed for Bankruptcy Protection in US

Facing the digital equivalent of a banking collapse, the financially troubled cryptocurrency exchange FTX filed for US bankruptcy protection on Friday.

Bitcoin fell to a two-year low this week after a week of reports regarding the platform's financial difficulties, and by Friday night, the price of the cryptocurrency was trading at $16,861 (€16,256).

The company revealed that Sam Bankman-Fried, its former CEO, has also left after a remarkable turn of events at the second-largest cryptocurrency exchange in the world. His FTX empire crumbled in a little more than a week, shattering trust in the already unstable cryptocurrency market.

Coindesk and customer reports on social media claim that the unstable platform has finally permitted some users to withdraw money for the first time in days.

Summary of FXT company

According to a tweet from the company, FTX, Alameda Research, a cryptocurrency trading company that is linked with it, and roughly 130 of its other businesses have started voluntary Chapter 11 bankruptcy procedures in Delaware. In the US, a firm can use Chapter 11 to reorganize its debts while still operating under court supervision.

FTX Trading claimed in its bankruptcy filing that the firm has assets worth between $10 billion and $50 billion, liabilities between $10 billion and $50 billion, and more than 100,000 creditors.

Customers left FTX earlier this week because of concern about a lack of capital, leading to an agreement to sell the company to larger rival Binance.

Kingston student Thomas, 22, who has been a customer of FTX for over a year, calls it a 'hub for crypto.'For the £2,000 he claimed to have on the exchange, which he calls a 'fairly large amount of money,' he claims he was able to submit a withdrawal request.

However, he is worried about the number of requests being made by FTX consumers and is unsure if all of them will be fulfilled as the business struggles.

The cryptocurrency community had hoped that Binance, the biggest cryptocurrency exchange in the world, could be able to save FTX and its depositors.

After reviewing FTX's financial records, Binance came to the conclusion that the issues facing the smaller exchange were insurmountable, and it withdrew from the agreement. A business that was once the pride of the cryptocurrency market had a dramatic fall in popularity.

In January, FTX collected $400 million from investors, valuing the business at $32 billion.






Read more »
Telecom
Credential Phishing Dark Web Data Breach Finance Healthcare Malicious actor Ransomware Attacks. Stock market Telecom

Dark Web: 31,000 FTSE 100 Logins

 

With unveiling the detection of tens of thousands of business credentials on the dark web, security experts warn the UK's largest companies that they could unintentionally be exposed to significant vulnerability. Outpost24 trawled cybercrime sites for the compromised credentials, discovering 31,135 usernames and passwords related to FTSE 100 companies using its threat monitoring platform Blueliv.

The Financial Times Stock Exchange (FTSE) 100 Index comprises the top 100 companies on the London Stock Exchange in terms of market capitalization. Across several industry verticals, these businesses reflect some of the most powerful and lucrative businesses on the market. 

The following are among the key findings from the study on stolen and leaked credentials: 

  • Around three-quarters (75%) of these credentials were obtained by traditional data breaches, while a quarter was gained through personally targeted malware infections. 
  • The vast majority of FTSE 100 firms (81%) had at least one credential hacked and published on the dark web, and nearly half of FTSE 100 businesses (42%) have more than 500 hacked credentials. 
  • Since last year, there were 31,135 hacked and leaked credentials for FTSE 100 organizations, with 38 of them being exposed on the dark web. 
  • Up to 20% of credentials are lost due to malware infections and identity thieves.
  • 11% disclosed in the last three months (21 in the last six months, and 68% for more than a year) Over 60% of stolen credentials come from three industries: IT/Telecom (23%), Energy & Utility (22%), and Finance (21%). 
  • With the largest total number (7,303) and average stolen credentials per company (730), the IT/Telecoms industry is the most in danger. They are the most afflicted by malware infection and have the most stolen credentials disclosed in the last three months.
  • Healthcare has the biggest amount of stolen credentials per organization (485) due to data breaches, as they have become increasingly targeted by cybercriminals since the pandemic started. 

"Malicious actors could use such logins to get covert network access as part of "big-game hunting" ransomware assault. Once an unauthorized third party or initial access broker obtains user logins and passwords, they can either sell the credentials on the dark web to an aspiring hacker or use them to compromise an organization's network by bypassing security protocols and progressing laterally to steal critical data and cause disruption," Victor Acin, labs manager at Outpost24 company Blueliv, explained.
Read more »
User Security
Bank Cyber Security Bank fraud Bank Security Banks Cyber Risk Cyber Security Finance Financial Regulators RBI User Privacy User Security

How Banks Evade Regulators For Cyber Risks

 


As of late, the equilibrium between the banks, regulators, and vendors has taken a hit as critics claim that banks are not doing enough for safeguarding the personally identifiable information of the clients and customers they are entrusted with. As there has been rapid modernization in internet banking and modes of instant payments, it has widened the scope of attack vectors, introducing new flaws and loopholes in the system; consequently, demanding financial institutions to combat the threat more actively than ever. 

In the wake of the tech innovations that have broadened the scope of cybercrime, the RBI has constantly felt the need to put forth reminders for banks to strengthen their cyber security mechanisms; of which they reportedly fell short. As financial frauds relating to electronic money laundering, identity theft, and ATM card frauds surge, banks have increasingly avoided taking the responsibility.  

It's a well-known fact that banks hire top-class vendors to circumvent cyber threats, however, not a lot of people would know that banks have gotten complacent with their reliance on vendors to the point of holding them accountable for security loopholes and cybersecurity mismanagement. Subsequently, regulators fine the third-party entity, essentially the 'vendors' providing diligent cyber security risk management to the banks.  

The question that arises is that are banks on their own doing enough to protect their customers from cyber threats? Banks need to understand monitoring and management tools available to manage cyber security and mitigate risks. Financial institutions have an inherent responsibility of aggressively combating fraud and working on behalf of their customers and clients to stay one step ahead of threats.  

Banks can detect and effectively prevent their customers' privacy and security from being jeopardized. For instance, banks can secure user transactions by proactively monitoring SMS using the corresponding mobile bank app. They can screen phishing links and unauthorized transactions and warn customers if an OTP comes during a call.  

Further, banks are expected to strictly adhere to the timeframe fixed for reporting frauds and ensuring that customer complaints regarding unscrupulous activities are timely registered with police and investigation agencies. Banks must take accountability in respect of reporting fraud cases of their customers by actively tracking the accounts and interrupting vishing/phishing campaigns on behalf of their customers as doing so will allow more stringent monitoring of the source, type, and modus operandi of the attacks. 

“We are getting bank fraud cases from the customers of SBI and Axis Bank also. It is yet to be verified whether the data has been leaked or not. There might be data loss or it could be some social engineering fraud,” Telangana’s Cyberabad Crimecrime police said. 

“Police said that the fraudsters had updated data of the thousands of customers who received new credit cards and it was a bank’s insider who is the architect of this whole fraud,” reads a report pertaining to an aforementioned security incident by The Hindu.  

“This is a classic case to explain the poor procedure practised by the network providers while issuing SIM cards, and of course the data security system at the banks,” a senior police officer said. 

In relation to the above stated, banks should assume accountability for their customers’ security and shall review and strengthen the monitoring process, while meticulously following the preventive course of action based on risk categorization like checking at multiple levels, closely monitoring credits and debits, sending SMS alerts, and (wherever required) alerting the customer via a phone call. The objective, essentially, is for banks to direct the focus on aspects of prevention, prompt detection, and timely reporting for the purpose of aggregation and necessary corrective measures by regulators which will inhibit the continuity of crime, in turn reducing the ‘quantum’ of loss.  

Besides, vigorously following up with police and law authorities, financial institutions have many chances to detect ‘early warning signals’ which they can not afford to ignore, banks should rather use those signals as a trigger to instigate detailed pre-investigations. Cyber security is a ‘many-leveled’ thing conception, blaming the misappropriations on vendors not only demonstrates the banks’ tendency to avoid being a defaulter but also impacts the ‘recoverability aspects’ like effective monitoring for the customers to a great degree.
Read more »
Vulnerability and Exploits
Finance NEFT RBI RTGS Vulnerability and Exploits

Reserve Bank of India Experiences a Technical Glitch; NEFT and RTGS Go Down for Half a Day!


Electronic money transfer is something that has changed the way people used to transact. It has offered a way more convenient method that goes along the lines of modernity and the need of recent times.

The most widely used and popular mediums of transferring money between bank accounts in India are NEFT and RTGS. While NEFT has neither minimum nor maximum limits, RTGS is designed for heavier sums of money with 2 lac being the minimum amount and 10 lac being the maximum per day.

Per reports, National Electronic Funds Transfer (NEFT) and Real-Time Gross Settlement (RTGS) were disrupted for more than half a day. The signs of this started to show from Monday midnight.

Sources mention that this happened because of a technical glitch in the systems of the Reserve Bank of India. Nevertheless, NEFT and RTGS have been reinstated after inactivity of 12 hours.

Several reports reveal that the main issue allegedly was grappled by the Indian Financial Technology and Allied Services (IFTAS), which is an RBI affiliated branch when the “disaster recovery site” was being moved from locale A to B.

Sources impart that the NEFT transactions have as of now been brought back. The “end-of-day” RTGS transactions of the previous day are being worked on to get them to reach completion but the “start-of-day” for RTGS hasn’t ensued yet. Still, the restoration of RTGS is expected soon.

The setup for NEFT was established and supported by the Institute for Development and Research in Banking Technology. People will now be able to use this medium for online transferring of funds and money 24x7. Meaning that holidays or weekends would never come in the way of money transfers and funds would be transferred any day and at any time at all.

NEFT and RTGS are the most commonly used routes for online transfer of funds.

The former medium facilitates a provision for limitless one-to-one transfer of money from and to individuals and corporates with an account in any bank branch in the country. The latter, however, has the aforementioned limits and is a continuous and real-time settlements of fund transfers.

Read more »
Technology
Bitcoin cryptocurrency digital currency Finance Technology

Bitcoin No More the World's Most Used Cryptocurrency, as Tether Takes Over

If someone were to ask you "what's the world's most used cryptocurrency?” you'd probably say "Bitcoin," which accounts for 70% of the world's market value digital assets. But in reality its Tether, which is now the world's most used cryptocurrency.

Although precise numbers on trading measures are arduous to get in this misty business environment, statistics from CoinMarketCap.com point that the Tether is the highest daily and monthly valued cryptocurrency, even though its market capitalization is 30% less.



In April, Tether's profit outdid Bitcoin for the first time, and since early August, it has steadily exceeded it at the rate of $21 billion per day, says CoinMarketCap.com. With its steadily trading volume nearly 18% greater than Bitcoin, Tether has no doubt become one of the most significant coins in the crypto sector.

It's also the leading cause why governors view cryptocurrencies with skepticism and have set a halt on crypto exchange-traded supplies among distress of business administration.

"Without Tether, we would have suffered a heavy cost of the regular amount -- about $1 billion or higher depending on the information reference, ” says Lex Sokolin, co-head, global financial technology at ConsenSys, which extends blockchain technology services.

"Few concerning possible tappings of dealing in the business may begin to drop off,” says Lex.

The reason being is Tether is the most accepted steady coin around the globe, as it avoids price fluctuations through stocks. Tether is also a road to the crypto market for most of the world's existing businesspeople. 'For instance, in China, a trading giant where cryptocurrency is outlawed, people can comfortably spend for cash with tethers on the tables without any uncertainty or mistrusts,' says Lex 'and furthermore they can swap it for bitcoins and distinct cryptocurrencies.'

Is it safe? 

 However, many people don't truly rely on Tether, says Thaddeus Dryja, a research scientist at the Massachusetts Institute of Technology. People think of Tether as some money in their account, without actually realizing that they are using it, he says.

'Some trades unspecified their folios, to send the idea that customers are holding money rather than Tethers,' said Thaddeus.
Read more »
Subscribe to: Posts (Atom)