Banking and Finance


  • FBI: Cyber Actors Scrape Credit Card Data from US Business’ Online Checkout Page and Maintain Persistence by Injecting Malicious PHP Code

    May 16, 2022

    As of January 2022, unidentified cyber actors unlawfully scraped credit card data from a US business by injecting malicious PHP Hypertext Preprocessor (PHP) code into the business’ online checkout page and sending the scraped data to an actor-controlled server that spoofed a legitimate card processing server. The unidentified cyber actors also established backdoor access to the ...

  • UK Government hackers made hundreds of thousands of stolen credit cards ‘worthless’ to crooks

    May 10, 2022

    A joint operation involving intelligence agency GCHQ and the Ministry of Defence took direct action against computer networks used by cyber criminals, helping to protect people against cyberattacks and also making hundreds of thousands of stolen credit cards worthless to the crooks who stole them. The action by the National Cyber Force – using the combined ...

  • TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies

    April 18, 2022

    The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the U.S. Treasury Department (Treasury) are issuing this joint Cybersecurity Advisory (CSA) to highlight the cyber threat associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored advanced persistent threat (APT) group since at least 2020. This group is commonly ...

  • Android banking malware intercepts calls to customer support

    April 11, 2022

    A banking trojan for Android that researchers call Fakecalls comes with a powerful capability that enables it to take over calls to a bank’s customer support number and connect the victim directly with the cybercriminals operating the malware. Disguised as a mobile app from a popular bank, Fakecalls displays all the marks of the entity it ...

  • New Android banking malware remotely takes control of your device

    April 9, 2022

    A new Android banking malware named Octo has appeared in the wild, featuring remote access capabilities that allow malicious operators to perform on-device fraud. Octo is an evolved Android malware based on ExoCompact, a malware variant based on the Exo trojan that quit the cybercrime space and had its source code leaked in 2018. The new variant ...

  • Bank had no firewall license, intrusion or phishing protection – guess the rest

    April 5, 2022

    An Indian bank that did not have a valid firewall license, had not employed phishing protection, lacked an intrusion detection system and eschewed use of any intrusion prevention system has, shockingly, been compromised by criminals who made off with millions of rupees. The unfortunate institution is called the Andra Pradesh Mahesh Co-Operative Urban Bank. Its 45 ...

  • Lazarus Trojanized DeFi app for delivering malware

    March 31, 2022

    For the Lazarus threat actor, financial gain is one of the prime motivations, with a particular emphasis on the cryptocurrency business. As the price of cryptocurrency surges, and the popularity of non-fungible token (NFT) and decentralized finance (DeFi) businesses continues to swell, the Lazarus group’s targeting of the financial industry keeps evolving. We recently discovered a ...

  • Exotic Lily: Exposing initial access broker with ties to Conti

    March 18, 2022

    In early September 2021, Threat Analysis Group (TAG) observed a financially motivated threat actor we refer to as EXOTIC LILY, exploiting a 0day in Microsoft MSHTML (CVE-2021-40444). Investigating this group’s activity, we determined they are an Initial Access Broker (IAB) who appear to be working with the Russian cyber crime gang known as FIN12 (Mandiant, ...

  • BNP Paribas bars Russia-based staff from computer systems as cyber attack fears grow

    March 10, 2022

    France’s largest bank BNP Paribas has cut off its Russia-based workforce from its internal computer systems as it seeks to bolster its defences against any potential cyber attack, a source with direct knowledge of the matter told Reuters. The French lender, believed to be the first major bank to have jettisoned staff in Moscow from its ...

  • SharkBot malware hides as Android antivirus in Google Play

    March 5, 2022

    SharkBot banking malware has infiltrated the Google Play Store, the official Android app repository, posing as an antivirus with system cleaning capabilities. Although the trojan app was far from popular, its presence in Play Store shows that malware distributors can still bypass Google’s automatic defenses. The app is still present in Google’s store at the moment ...

  • TeaBot Android Banking Trojan continues its global conquest with new upgrades

    March 2, 2022

    The TeaBot Remote Access Trojan (RAT) has been upgraded, leading to a huge increase in both targets and spread worldwide. On March 1, the Cleafy research team said TeaBot now targets over 400 applications, pivoting from an earlier focus on “smishing” to more advanced tactics. Smishing attacks are used to compromise mobile handsets via spam text messages ...

  • Financial cyberthreats in 2021

    February 23, 2022

    The year 2021 was eventful in terms of digital threats for organizations and individuals, and financial institutions were no exception. Throughout the past year, we have seen cybercriminals continue to actively target our users with tools and techniques that emerged due to the pandemic. Imperfections in the transition to remote/hybrid work continue to pose a ...

  • New phishing campaign targets Monzo online-banking customers

    February 20, 2022

    Users of Monzo, one of the UK’s most popular digital-only banking platforms, are being targeted by phishing messages supported by a growing network of malicious websites. Monzo is a 100% online banking platform with over four million customers and among the first to challenge the traditional financial managing system. The mobile-only platform offers a feature-rich app, debit ...

  • Squirrelwaffle, Microsoft Exchange Server vulnerabilities exploited for financial fraud

    February 15, 2022

    The combination of Squirrelwaffle, ProxyLogon, and ProxyShell against Microsoft Exchange Servers is being used to conduct financial fraud through email hijacking. On Tuesday, researchers from Sophos revealed a recent incident in which a Microsoft Exchange Server, which had not been patched to protect it against a set of critical vulnerabilities disclosed last year, was targeted to ...

  • Ukraine: Websites of some banks and ministries are under a cyberattack

    February 15, 2022

    According to local media, hackers are now attacking a number of sites in Ukraine. Several banks and the website of the Ministry of Defense are under DDoS attack. “Ukrainska Pravda” citing sources in the Ukrainian government understands that a powerful DDoS attack affected Privatbank and Oschadbank banks, as well as the Ministry of Defense and the ...

  • Fingers point to Lazarus, Cobalt, FIN7 as key hacking groups attacking finance industry

    January 13, 2022

    The Lazarus, Cobalt, and FIN7 hacking groups have been labeled as the most prevalent threat actors striking financial organizations today. According to “Follow the Money,” a new report published on the financial sector by Outpost24’s Blueliv on Thursday, members of these groups are the major culprits of theft and fraud in the industry today. The financial sector ...

  • Morgan Stanley agrees to $60 million settlement in data breach lawsuit

    January 5, 2022

    Morgan Stanley has agreed to a settlement figure of $60 million to resolve a data breach lawsuit. The US bank and financial services giant was subject to a class-action suit following two data exposure incidents involving approximately 15 million current and former clients. According to the motion (.PDF), legacy equipment was decommissioned in 2016 and 2019 that ...

  • Russian hackers made millions by stealing SEC earning reports

    December 21, 2021

    A Russian national working for a cybersecurity company has been extradited to the U.S. where he is being charged for hacking into computer networks of two U.S.-based filing agents used by multiple companies to file quarterly and annual earnings through the Securities and Exchange Commissions (SEC) system. Along with other conspirators, the individual made millions of ...

  • Log4j vulnerability now used to install Dridex banking malware

    December 20, 2021

    Threat actors now exploit the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices with the notorious Dridex banking trojan or Meterpreter. The Dridex malware is a banking trojan originally developed to steal online banking credentials from victims. However, over time, the malware has evolved to be a loader that downloads various modules that can ...

  • Israel leads 10-country simulation of major cyberattack on world markets

    December 9, 2021

    Israel led a 10-country, 10-day-long simulation of a major cyberattack on the world’s financial system by “sophisticated” players, with the goal of minimizing the damage to banks and financial markets, the Finance Ministry said on Thursday. The Finance Ministry led the scenario with help from the Foreign Ministry, and said the “war game” was the first ...