Security News

With security as the guiding factor, financial services companies are ahead of all other industries in deploying hybrid clouds, but they lag behind others in their use of multi-public cloud services, according to a newly-released report. SEE: Hybrid cloud: A guide for IT pros The report was focused on cloud deployments and planning trends in the financial services industry.

As advanced as security is in the financial industry, clearly there's still some catching up to do. Another big problem is simply the range of motivations for attacking large financial services companies.

According to data from Akamai, up to 75% of all credential abuse attacks against the financial services industry targeted APIs directly. According to the report's findings, from December 2017 through November 2019, 85,422,079,109 credential abuse attacks were observed.

IDShield, a leading North American provider of identity monitoring, theft protection, and restoration technology and services for individuals and families, announced a service enhancement that will protect its members from unauthorized electronic fund transfers from their employer-sponsored 401K, retirement, and health savings accounts. According to recent reports by Investment Company Institute and Devenir respectively, nearly $6 trillion is sitting in employer-sponsored 401K accounts and almost $75 billion in Healthcare Savings Accounts.

Elevate Security, a platform that measures, influences, and reduces human cybersecurity risk, announced the appointment of Nicholas Telford as chief financial officer. Telford will oversee Elevate Security's long-term financial strategy, providing oversight and a roadmap to the organization's growth plan.

FireEye researchers are tracking a hacker campaign using a new type of backdoor they call "Minebridge" that has primarily been targeting U.S. financial firms this year. The campaign, which appears to have started around Jan. 7, involves planting the Minebridge backdoor into corporate networks to deliver other malware and allow attackers to map the infrastructure, according to a new FireEye report.

Researchers have discovered a recent spate of phishing emails spreading a new variant of Metamorfo, a financial malware known for targeting Brazilian companies. Once executed, the malware kills the auto-suggest data entry fields in browsers, forcing victims to write out their passwords - which it then tracks via a keylogger.

For years, financial technology companies have used screen-scraping to retrieve customers' financial data with their consent. As ZDNet reports, one of the calls for a ban came from Lisa Schutz, founding director of The Regtech Association and CEO of Verifier, who said that her company could use screen-scraping, but it's chosen not to.

As business email compromise schemes continue to evolve, some cybercriminals are focusing on accessing companies' financial documents, which provide useful information to support the theft of money, according to a new report from security firm Agari. This case shows that business email compromise scams are becoming more ambitious, with fraudsters using social engineering techniques to steal as many financial documents as possible, according to the report.