Banking and Finance


  • Hackers Breach Virginia Bank, Make Off With Millions

    July 25, 2018

    Hackers have compromised a bank in the United States twice in the past eight months and made off with millions of dollars. But the cyber attacks has resulted in a spat between the bank and its insurer provider which is refusing to fully cover the losses. The incident is a salient reminder of the online threat being ...

  • Emotet Malware Evolves Beyond Banking to Threat Delivery Service

    July 24, 2018

    The Emotet trojan has been popping up in the news for years: From widespread malspam infections of banking German targets in 2014, all the way up to the costly infection of a New Hampshire town’s computer network in July. And while the tricky Emotet malware first emerged targeting banking credentials, lately researchers have spotted the trojan ...

  • Massive Malspam Campaign Finds a New Vector for FlawedAmmyy RAT

    July 20, 2018

    A widespread spam campaign from the well-known financial criminal group TA505 is spreading the FlawedAmmyy RAT using a brand-new vector: Weaponized PDFs containing malicious SettingContent-ms files. The SettingContent-ms file format was introduced in Windows 10; it allows a user to create “shortcuts” to various Windows 10 setting pages. “All this file does is open the Control Panel ...

  • Cybercrooks slurp nearly $1m from Russian bank after pwning router at regional branch

    July 20, 2018

    Hackers stole almost $1m from a Russian bank earlier this month after breaching its network via an outdated router. PIR Bank was looted by the notorious MoneyTaker hacking group, according to Group-IB, the Moscow-based security firm called in by the bank to handle incident response. Funds were stolen on 3 July through the Russian Central Bank’s Automated ...

  • 6-Year-Old Dorkbot Banking Malware Resurfaces as Big Threat

    July 12, 2018

    Old banking malware called Dorkbot has reemerged in 2018 to become a serious threat. The banking malware called Dorkbot is back. Samples of the 6-year-old malware are now ranked the second biggest banking malware headache in 2018 so far, according to new data from Check Point. “Dorkbot, known malware that dates back to 2012, has entered back the ...

  • Ticketmaster breach ‘part of massive card-skimming campaign’

    July 12, 2018

    The Ticketmaster breach was not a one-off, but part of a massive digital credit card-skimming campaign. Threat intel firm RiskIQ reckons the hacking group Magecart hit Ticketmaster only as part of a massive credit card card hacking campaign affecting more than 800 ecommerce sites. Magecart has evolved tactically from hacking sites directly, to targeting widely used third-party ...

  • Mastercard: Biometrics use set to skyrocket

    July 6, 2018

    Biometric technology is set to become an integral part of all online shopping as the need for greater security increases, a new report has claimed. Research from Mastercard claims that one in four online transactions will need a greater level of authentication and security within the next 12 months. New EU regulations governing online fraud are set to come ...

  • Olympic Destroyer Returns to Target Biochemical Labs

    June 19, 2018

    Olympic Destroyer, the threat actor that caused a crippling sabotage attack on the networks supporting this year’s Winter Games in Pyeongchang, South Korea, has resurfaced with a spy campaign – and with a wider target range. The new campaign began last month and is ongoing, employing spear-phishing documents that share much in common with the weaponized ...

  • Banco de Chile Wiper Attack Just a Cover for $10M SWIFT Heist

    June 13, 2018

    A cyberattack against Chile’s largest financial institution last month, which reportedly destroyed 9,000 workstations and 500 servers, was actually cover for a larger plot to compromise endpoints handling transactions on the SWIFT network. When the dust settled on the attacks, investigators said $10 million was stolen from Banco de Chile and funneled off to an account in Hong ...

  • Brazilian Banking Trojan Communicates Via Microsoft SQL Server

    May 29, 2018

    Researchers have discovered a banking trojan making waves in Brazil with an array of tricks up its sleeve, including using an unusual command and control (C&C) server and a full-screen social-engineering overlay form. Researchers at IBM X-Force research on Tuesday revealed that attackers are using the malware – dubbed MnuBot –mainly in Brazil to perform illegal ...

  • Hackers Steal Millions From Mexican Banks Via Fake Transfers

    May 14, 2018

    The incident may have been orchestrated by organised criminals, says Mexico’s central bank Cyber-thieves have made off with hundreds of millions of pesos from Mexican banks using the country’s domestic electronic transfer system. The attack is similar to earlier ones that have used the international SWIFT network, prompting the Belgium-based organisation to bring in new security measures. Read more… Source: ...

  • A new Mirai-style botnet is targeting the financial sector

    April 5, 2018

    A botnet made up of hijacked internet-connected televisions and web cameras has a new target, security researchers have found. Three financial sector institutions have become the latest victims of distributed denial-of-service (DDoS) attacks in recent months. New research by Recorded Future’s Insikt Group published Thursday points to what’s likely to be the IoTroop botnet, used to pummel financial ...

  • Mastermind behind EUR 1 billion cyber bank robbery arrested in Spain

    March 26, 2018

    The leader of the crime gang behind the Carbanak and Cobalt malware attacks targeting over a 100 financial institutions worldwide has been arrested in Alicante, Spain, after a complex investigation conducted by the Spanish National Police, with the support of Europol, the US FBI, the Romanian, Belarussian and Taiwanese authorities and private cyber security companies. Since ...

  • Old banking Trojan TrickBot has been taught new tricks

    March 22, 2018

    The TrickBot Trojan has been upgraded with new modules to make detection, and defense, more difficult. First discovered in 2016, TrickBot is a financial Trojan which targets the customers of major banks. The Trojan is most commonly connected to phishing campaigns which trick users into entering their credentials into phishing and fraudulent banking websites, designed to appear as legitimate ...

  • Expedia’s Orbitz Says 880,000 Payment Cards Compromised in Security Breach

    March 20, 2018

    Chicago-based online travel booking company Orbitz, a subsidiary of Expedia, reveals that one of its old websites has been hacked, exposing nearly 880,000 payment card numbers of the people who made purchases online. The data breach incident, which was detected earlier this month, likely took place somewhere between October 2016 and December 2017, potentially exposing customers’ ...

  • DDoS mystery: Who’s behind this massive wave of attacks targeting Dutch banks?

    February 1, 2018

    There is as yet no indication of who is behind the massive distributed denial of service (DDoS) attacks on Netherlands banks and government websites that ran from last weekend to Tuesday. Initial reports suggesting a Russian connection appear baseless. The attacks began just a couple of days after media reports stated that Dutch intelligence tipped off their ...

  • Ploutus.D Malware Variant Used in U.S.-based ATM Jackpotting Attacks

    January 29, 2018

    The United States Secret Service issued a warning on Friday to financial institutions citing “credible information” about “planned” attacks against U.S. cash machines using malware that can quickly drain ATM machines dry of cash. The warning came a day after ATM maker Diebold Nixdorf also warned its customers of “potential”  ATM Jackpotting attacks moving from Mexico to the U.S. But journalist Brian ...

  • Dridex banking Trojan compromises FTP sites in new campaign

    January 19, 2018

    Researchers have discovered the Dridex banking Trojan has once again evolved and is now using compromised FTP websites in phishing campaigns. The Trojan was first spotted back in 2014 after targeting banks in the United Kingdom. Since then, Dridex has become infamous for striking financial institutions across Europe. The malware spreads through phishing campaigns, duping victims into downloading ...

  • Oman’s stock exchange was easily hackable for months

    January 18, 2018

    One of the largest stock exchanges in the Middle East has quietly fixed a security issue that could’ve let hackers gain unfettered access to the network. A core router for Oman’s stock exchange, the Muscat Securities Market, had both its username and password as “admin” for months, even after several attempts by a security researcher to ...

  • New KillDisk Variant Hits Financial Organizations in Latin America

    January 15, 2018

    We came across a new variant of the disk-wiping KillDisk targeting financial organizations in Latin America. Trend Micro detects it as TROJ_KILLDISK.IUB. Trend Micro™ Deep Discovery™ proactively blocks any intrusions or attacks associated with this threat. Initial analysis (which is still ongoing) reveals that it may be a component of another payload, or part of a bigger ...