Banking and Finance


  • TA505 Gang Is Back With Newly Polished FlawedGrace RAT

    October 19, 2021

    The TA505 cybercrime group is whirring its financial rip-off machinery back up, pelting malware at a range of industries in what was initially low-volume waves that researchers saw spiral up late last month. They do bad things, but they’re so tricky that tracking them is a ton of fun, said Sherrod DeGrippo, vice president, Threat Research ...

  • Cyberattack shuts down Ecuador’s largest bank, Banco Pichincha

    October 12, 2021

    Ecuador’s largest private bank Banco Pichincha has suffered a cyberattack that disrupted operations and taken the ATM and online banking portal offline. The cyberattack occurred over the weekend, causing the bank to shut down portions of their network to prevent the attack’s spread to other systems. Read more… Source: Bleeping Computer  

  • Pacific City Bank discloses ransomware attack claimed by AvosLocker

    October 11, 2021

    Pacific City Bank (PCB), one of the largest Korean-American community banking service providers in America, has disclosed a ransomware incident that took place last month. The bank is circulating notices to inform its clients of a security breach it identified on August 30, 2021, which they claim to have addressed promptly. Read more… Source: Bleeping Computer  

  • Hydra malware targets customers of Germany’s second largest bank

    October 1, 2021

    The Hydra banking trojan is back to targeting European e-banking platform users, and more specifically, customers of Commerzbank, Germany’s second-largest financial institution. MalwareHunterTeam has spotted the two-year-old malware in a new distribution campaign that targets German users with a malicious APK named ‘Commerzbank Security’ and using the same icon as the official app. Read more… Source: Bleeping Computer  

  • Apple Pay with Visa Hacked to Make Payments via Locked iPhones

    September 30, 2021

    An attacker who steals a locked iPhone can use a stored Visa card to make contactless payments worth up to thousands of dollars without unlocking the phone, researchers are warning. The problem is due to unpatched vulnerabilities in both the Apple Pay and Visa systems, according to an academic team from the Universities of Birmingham and ...

  • Numando banking Trojan abuses YouTube to manage remote settings

    September 17, 2021

    A banking Trojan has been detected that abuses YouTube, Pastebin, and other public platforms in order to spread and control compromised machines. On Friday, ESET wrapped up a series on banking Trojans present in Latin America — including Janeleiro, a new malware sample similar to Casbaneiro, Grandoreiro, and Mekotio — but this one does not just ...

  • The state of ransomware: national emergencies and million-dollar blackmail

    September 14, 2021

    Banks have been “disproportionately affected” by a surge in ransomware attacks, clocking a 1,318% increase year-on-year in 2021. Ransomware has become one of the most well-known and prevalent threats against the enterprise today. This year alone, we have seen high-profile cases of ransomware infection — including against Colonial Pipeline, Kaseya, and Ireland’s health service — cause ...

  • FIN7 Capitalizes on Windows 11 Release in Latest Gambit

    September 3, 2021

    The FIN7 financial cybercrime gang is back, delivering JavaScript backdoors using Word documents themed around the next version of Windows. That’s according to researchers at Anomali, who observed a recent campaign from the group that leveraged six different docs, all referencing “Windows 11 Alpha” – the “Insider Preview” version of the upcoming Windows 11 operating system ...

  • QakBot technical analysis

    September 2, 2021

    QakBot, also known as QBot, QuackBot and Pinkslipbot, is a banking Trojan that has existed for over a decade. It was found in the wild in 2007 and since then it has been continually maintained and developed. In recent years, QakBot has become one of the leading banking Trojans around the globe. Its main purpose is ...

  • Cloudflare says it stopped the largest DDoS attack ever reported

    August 27, 2021

    Cloudflare said it’s system managed to stop the largest reported DDoS attack in July, explaining in a blog post that the attack was 17.2 million requests-per-second, three times larger than any previous one they recorded. Cloudflare’s Omer Yoachimik explained in a blog post that the company serves over 25 million HTTP requests per second on average ...

  • Pakistan: Neglect caused Federal Board of Revenue cyber-attack

    August 22, 2021

    Despite knowing that its information technology equipment is obsolete and some of its software is outdated, the Federal Board of Revenue (FBR) did not make any serious effort to upgrade them, which resulted into hacking of the data centres. The systems were not improved even though the World Bank approved an $80 million loan two years ...

  • Nearly one million credit cards offered on underground forum

    August 10, 2021

    Researchers with D3Lab have discovered the data of almost one million credit card holders being sold on an underground forum, according to a blog post released this week. In a sample of 980,930 files acquired by D3Lab analysts on Monday, the batch contained names, addresses, credit card numbers, expirations and CVVs. Read more… Source: ZDNet  

  • Cinobi Banking Trojan Targets Cryptocurrency Exchange Users via Malvertising

    August 9, 2021

    In a previous blog entry, we reported on a campaign, which we labeled “Operation Overtrap,” that targeted Japan with a new banking trojan called Cinobi. The campaign, which was perpetrated by a group we named “Water Kappa,” delivered Cinobi via spam. It also delivered the trojan using the Bottle exploit kit, which included newer Internet ...

  • FIN7’s Liquor Lure Compromises Law Firm with Backdoor

    July 23, 2021

    Financial cybercrime gang FIN7 has rebounded after the jailing of some key members, launching a campaign that uses as a lure a legal complaint involving the liquor company that owns Jack Daniels whiskey. The gambit successfully compromised at least one law firm, giving them a shot of the JSSLoader remote-access trojan (RAT), researchers said. According to ...

  • Toddler mobile banking malware surges across Europe

    July 16, 2021

    Researchers have provided a deep dive into Toddler, a new Android banking Trojan that is surging across Europe. In a report shared with ZDNet, the PRODAFT Threat Intelligence (PTI) team said that the malware, also known as TeaBot/Anatsa, is part of a rising trend of mobile banking malware attacking countries, including Spain, Germany, Switzerland, and the ...

  • Cybercriminals took advantage of WFH to target financial services companies, says Financial Stability Board report

    July 14, 2021

    Criminals targeted security gaps at financial services firms as their staff moved to working from home, according to a report issued by the Financial Stability Board (FSB) on Tuesday. Established after the G20 London summit in April 2009, the FSB makes recommendations about the global financial system and coordinates financial rules for the G20 group of ...

  • Morgan Stanley reports data breach after vendor Accellion hack

    July 8, 2021

    Investment banking firm Morgan Stanley has reported a data breach after attackers stole personal information belonging to its customers by hacking into the Accellion FTA server of a third-party vendor. Morgan Stanley is a leading global financial services firm providing investment banking, securities, wealth and investment management services worldwide. Read more… Source: Bleeping Computer  

  • Critical Sage X3 RCE Bug Allows Full System Takeovers

    July 7, 2021

    Four vulnerabilities afflict the popular Sage X3 enterprise resource planning (ERP) platform, researchers found – including one critical bug that rates 10 out of 10 on the CVSS vulnerability-severity scale. Two of the bugs could be chained together to allow complete system takeovers, with potential supply-chain ramifications, they said. Sage X3 is targeted at mid-sized companies ...

  • TrickBot Spruces Up Its Banking Trojan Module

    July 2, 2021

    The TrickBot trojan is adding man-in-the-browser (MitB) capabilities for stealing online banking credentials that resemble Zeus, the early banking trojan, researchers said — potentially signaling a coming onslaught of fraud attacks. TrickBot is a sophisticated (and common) modular threat known for stealing credentials and delivering a range of follow-on ransomware and other malware. But it started ...

  • Russian hackers had months-long access to Denmark’s central bank

    June 29, 2021

    Russian state hackers compromised Denmark’s central bank (Danmarks Nationalbank) and planted malware that gave them access to the network for more than half a year without being detected. The breach was part of the SolarWinds cyber espionage campaign last year that the U.S. attributed to the Russian Foreign Intelligence Service, the SVR, through its hacking division ...