Security News

The Ukrainian Ministry of Defense, whose site has been taken down following the attacks, said that its "Website was probably attacked by DDoS: an excessive number of requests per second was recorded." "Starting from the afternoon of February 15, 2022, there is a powerful DDOS attack on a number of information resources of Ukraine," Ukraine's State Service for Special Communication and Information Protection added.

The Ukrainian Ministry of Defense, whose site has been taken down following the attacks, said that its "Website was probably attacked by DDoS: an excessive number of requests per second was recorded. Technical works on restoration of regular functioning are carried out." While the Ukrainian defense ministry site has been knocked out, Oschadbank's website is still accessible although customers cannot log in to their online banking accounts.

The Reserve Bank of India has warned the nation's finance sector that outsourcing information technology jobs could "Expose them to significant financial, operational and reputational risks." A quick reminder: since the late 1990s, India has championed outsourcing IT services and profited mightily as a result.

Spain's National Police Agency, the Policía Nacional, said last week it dismantled an unnamed cybercriminal organization and arrested eight individuals in connection with a series of SIM swapping attacks that were carried out with the goal of financial fraud. The suspects of the crime ring masqueraded as trustworthy representatives of banks and other organizations and used traditional phishing and smishing techniques to obtain personal information and bank data of victims before draining money from their accounts.

Spanish National Police has arrested eight suspects allegedly part of a crime ring who drained bank accounts in a series of SIM swapping attacks. The first case of fraud attributed to this particular SIM swapping gang is from March 2021, when the police received two complaints about fraudulent transfers not performed by the account holders.

A research released by Computer Services suggests growing concerns among bank executives around recruiting and retaining talent as well as fighting cybercrime threats. In the survey, which collected responses from 279 executives from financial institutions across the nation, bankers ranked cybersecurity threats and recruiting/retaining employees as their top issues in 2022.

Bank Indonesia, the central bank of the Republic of Indonesia, has confirmed today that a ransomware attack hit its networks last month. During the incident, the attackers stole "Non-critical data" belonging to Bank Indonesia employees before deploying ransomware payloads on over a dozen systems on the bank's network, as CNN Indonesia reported.

A widespread phishing operation targeting Southeast Asia's second-largest bank - Oversea-Chinese Banking Corporation - has prompted the Monetary Authority of Singapore to introduce regulations for internet banking that include use of an SMS Sender ID registry. Singapore banks have two weeks to remove clickable links in text messages or e-mails sent to retail customers.

The Monetary Authority of Singapore says it is considering supervisory action against Southeast Asia's second largest bank, Oversea-Chinese Banking Corporation, which was criticised for its incident response to a widespread phishing scheme across the island nation. "Monetary Authority Singapore takes a serious view of the recent phishing scams involving OCBC Bank. They have significantly impacted several customers. OCBC has acknowledged that its incident response and customer service should have been better. MAS has been following up with the bank on these and broader issues relating to the incident," said MAS deputy managing director Ms Ho Hern Shin in a statement to The Register.

Using real data is a good way to ensure that development code is working as expected before live deployment, but when you are dealing with sensitive information such as bank account details, great care must be taken not to fall foul of data protection regulations. In a later data breach notification, the firm disclosed more details on the security incident, including the number of people and the type of personal data affected by the data breach.