Security News

Cybersecurity researchers have taken the wraps of an organized financial-theft operation undertaken by a discreet actor to target transaction processing systems and siphon funds from entities primarily located in Latin America for at least four years. The malicious hacking group has been codenamed Elephant Beetle by Israeli incident response firm Sygnia, with the intrusions aimed at banks and retail companies by injecting fraudulent transactions among benign activity to slip under the radar after an extensive study of the targets' financial structures.

The US Attorney's Office of Massachusetts on Monday announced the extradition of Vladislav Klyushin, a Russian business executive with ties to the Kremlin, on charges of hacking US computer networks and committing securities fraud by trading on undisclosed financial data. M-13, according to the US government's complaint, provided IT and media monitoring services, cyber security consulting, and penetration testing, and claimed prominent Russian government officials and agencies as clients.

The Anubis Android banking malware is now targeting the customers of nearly 400 financial institutions in a new malware campaign. The threat actors target financial institutions, cryptocurrency wallets, and virtual payment platforms by impersonating an Orange S.A. Android app that attempts to steal login credentials.

EB Associates, a London-based financial advisory business, is facing a £140,000 fine from the UK's data watchdog after it instigated 107,000 illegal cold calls to people about their pensions. The practice of pension cold-calling was banned by the government in January 2019 to stop people being scammed of their life savings.

Government, diplomatic entities, military organizations, law firms, and financial institutions primarily located in the Middle East have been targeted as part of a stealthy malware campaign as early as 2019 by making use of malicious Microsoft Excel and Word documents. Russian cybersecurity company Kaspersky attributed the attacks with high confidence to a threat actor named WIRTE, adding the intrusions involved "MS Excel droppers that use hidden spreadsheets and VBA macros to drop their first stage implant," which is a Visual Basic Script with functionality to amass system information and execute arbitrary code sent by the attackers on the infected machine.

New legislation introduced this week by US lawmakers aims to set ransomware attack response "Rules of road" for US financial institutions. If signed into law, the new bill will require US financial institutions impacted by a ransomware attack to notify the Director of the Treasury Department's Financial Crimes Enforcement Network with details on the attack and any associated ransom demands.

Attackers will threaten to release confidential data that could affect a company's stock price to pressure them to pay the ransom, says the FBI. Ransomware operators will stoop to any tactic necessary to try to force their victims to acquiesce to the ransom demands. In a new report published Monday, the FBI warns of attacks in which ransomware groups will leak sensitive information that could impact a company's stock price if the ransom goes unpaid.

Ransomware gangs are zeroing in on publicly held companies with the threat of financial exposure in an effort to encourage ransom payments, the FBI is warning. In an alert issued this week [PDF], the Bureau said that activity over the course of the past year shows a trend toward targeting companies when they're coming up to "Significant, time-sensitive financial events," such as quarterly earnings reports and mandated SEC filings, initial public offerings, M&A activity, and so on.

Whether pursued as a compliance requirement or a business strategy, open banking has ignited financial services firms to focus on APIs and API security. Financial services API security issues 54 of the 55 mobile apps that were reverse engineered contained hardcoded API keys and tokens including usernames and passwords to third-party services.

The FBI warned the US public that threat actors actively use fake and spoofed unemployment benefit websites to harvest sensitive financial and personal information from unsuspecting victims. Sites used in these attacks are designed to closely resemble official government platforms to trick the targets into giving away their info, infecting them with malware, and claiming unemployment benefits on their behalf.