Security News

Compared to other industries surveyed, financial institutions are much more concerned about users who have legitimate access to their cloud infrastructure. 44 percent of respondents in this sector say their own IT staff poses the biggest risk to data security in the cloud and 47 percent worry about contractors and partners, compared to 30 percent and 36 percent respectively in other verticals surveyed.

A French-speaking threat actor dubbed OPERA1ER has been linked to a series of more than 30 successful cyber attacks aimed at banks, financial services, and telecom companies across Africa, Asia, and Latin America between 2018 and 2022. According to Singapore-headquartered cybersecurity company Group-IB, the attacks have led to thefts totaling $11 million, with actual damages estimated to be as high as $30 million.

Netwrix announced additional findings for the healthcare sector from its global 2022 Cloud Security Report, revealing that 61% of respondents in the healthcare industry suffered a cyberattack on their cloud infrastructure within the last 12 months, compared to 53% for other verticals. "The healthcare sector is a lucrative target for attackers because the chances of success are higher. The first two years of the pandemic exhausted the industry. With patient health being the main priority for these organizations, IT security resources are often too stretched and are focused on maintaining only the most necessary functions," comments Dirk Schrader, VP of Security Research at Netwrix.

Authorities in the US and the UK are taking a keen interest in the contents of WhatsApp messages among bank employees and their associates in the financial services industry. The UK's Financial Conduct Authority is set to probe sector workers' use of private messaging services as the watchdog increases scrutiny in line with the US. According to Bloomberg, the FCA has requested information from Citigroup, Deutsche Bank, JPMorgan Chase, and Nomura Holdings, among others, inquiring about the frequency and content of staff exchanges through texting and messaging apps.

Modified off-the-shelf drones have been found carrying wireless network-intrusion kit in a very unlikely place. The idea of using consumer-oriented drones for hacking has been explored over the past decade at security conferences like Black Hat 2016, in both the US and in Europe.

In this Help Net Security video, Michael Thelander, Director Product Marketing at Eclypsium, discusses how financial organizations are failing to act despite the majority experiencing a firmware-related breach. 92% of CISOs in finance believe adversaries are better equipped at weaponizing firmware than their teams are at securing it, according to Eclypsium and Vanson Bourne.

Financial services organizations are being squeezed on all sides, as regulators are tightening legislation, from SOX to CCPA, GDPR and global data privacy laws like PIPL. In this firestorm, it's never been more important for financial services organizations to level up their data protection and risk mitigation strategies. According to the report, financial services reported the second-lowest rate of data encryption at 54%, compared to a global average of 65%. Amongst the financial services organizations that were hit, 52% paid the ransom to restore data, which is higher than the global average of 46%, and the survey found that the average remediation cost in financial services was US$1.59M, which is above the global average of US$1.4M. Response rates are too slow.

Major financial and insurance companies located in French-speaking nations in Africa have been targeted over the past two years as part of a persistent malicious campaign codenamed DangerousSavanna. Countries targeted include Ivory Coast, Morocco, Cameroon, Senegal, and Togo, with the spear-phishing attacks heavily focusing on Ivory Coast in recent months, Israeli cybersecurity firm Check Point said in a Tuesday report.

The U.S. Federal Bureau of Investigation on Monday warned of cyber criminals increasingly exploiting flaws in decentralized finance platforms to plunder cryptocurrency. "The FBI has observed cyber criminals exploiting vulnerabilities in the smart contracts governing DeFi platforms to steal investors' cryptocurrency," the agency said in a notification.

Veracode released data revealing that the financial services industry ranks among the best for overall flaw percentage when compared to other industries, but has one of the lowest fix rates for software security flaws. In last year's report, the industry boasted the lowest number of software security flaws across all sectors but has been overtaken by manufacturing in this year's study.