Ransomware actors are using significant, time-sensitive financial events, such as mergers and acquisitions, to target and leverage victim companies, according to the Federal Bureau of Investigation (FBI) recent Private Industry Notification (PIN).
Salt Labs researchers investigated a large financial institution’s online platform that provides API services to thousands of partner banks and financial advisors. As a result of multiple API vulnerabilities, researchers were able to launch attacks where:
Biometric technology, and specifically its most modern iteration, facial recognition, has found its way into security systems essential to everyone. We rely on it to safeguard some of our most prized belongings, including our smartphones, laptops and now, with Apple Pay, even our bank accounts and credit cards. Security experts applaud facial recognition as one of the most secure and efficient means of authentication available today.
Why then, has the industry most hinged on security and identification – Banking, Financial Services and Insurance (BFSI) – been so slow to adopt this new wave of technology?
Rather than be caught off-guard and left to play catch-up, security and IT professionals should begin planning now for the many new and updated regulations, standards and proposed pieces of legislation that will be sweeping over the financial services industry and other sectors in the near future.
Comerica Incorporated announced that Juan Rodriguez has been named Executive Vice President, Chief Information Security Officer. Reporting to Executive Vice President and Chief Technology & Operations Services Officer Megan Crespi, Rodriguez oversees Comerica's enterprise-wide information security policy, strategy, architecture, operations and capability enhancements of the bank.
Sophos has published new research, “Gootloader Expands Its Payload Delivery Options,” that details how the delivery method for the six-year-old Gootkit financial malware has been developed into a complex and stealthy delivery system for a wide range of malware, including ransomware. Sophos researchers have named the platform, “Gootloader.” Gootloader is actively delivering malicious payloads through tightly targeted operations in the U.S., Germany and South Korea. Previous campaigns also targeted internet users in France.
ESET researchers recently discovered attempts to deploy Lazarus malware via a supply-chain attack (on less secure parts of the supply network) in South Korea. In order to deliver its malware, the attackers used an unusual supply-chain mechanism, abusing legitimate South Korean security software and digital certificates stolen from two different companies. The attack was made easier for Lazarus since South Korean internet users are often asked to install additional security software when visiting government or internet banking websites.
Financial services firms are reportedly hit by security incidents 300 times more frequently than other businesses, according to ID Theft Resource Center. To help financial planners protect their data and comply with the cybersecurity requirements established by the Securities and Exchange Commission (SEC) and FINRA, the Financial Planning Association (FPA) today launched Cybersecurity for Financial Planners: An FPA Certificate Program.
In new research from HelpSystems interviewing chief security officers in financial institutions about the security challenges they face, more than a third (35%) of survey respondents cite insider threats as one with potential to cause the most damage in the next 12 months.