Banking and Finance


  • Banking Malware Source Code Leaked by Author to Gain Credibility Among Hackers

    March 29, 2017

    The source code for a new Trojan called Nuclear Bot has been leaked online, which may spark a rise in attacks against banking services. As it happens almost every time the source code for a malicious program lands online, it is quite likely to see more unskilled cybercriminals launching malware attacks against users. Nuclear Bot first landed ...

  • New Spam Campaign via Necurs Botnet Tries to Manipulate the Stock Market

    March 21, 2017

    The Necurs botnet is known as the largest spam botnet in the world, particularly for distributing Locky ransomware and Dridex. Now, it looks like Necurs is taking on a new role as someone tries to manipulate the stock market. The discovery was made by Cisco’s threat intelligence organization Talos, which notes that after being offline for ...

  • Cybersecurity And Financial Institutions: How New York’s “First-In-The-Nation” Data Security Regulations May Impact You

    March 11, 2017

    March 1, 2017 marked the implementation of New York’s cybersecurity regulations, subjecting covered financial institutions to arguably the most burdensome cybersecurity regime yet. The regulations, promulgated by the New York State Department of Financial Services (“NYDFS”), require banks, insurance companies, and other entities regulated by NYDFS to establish substantive cybersecurity programs and policies and to annually ...

  • Dridex Banking Trojan Gains ‘AtomBombing’ Code Injection Ability to Evade Detection

    March 1, 2017

    Security researchers have discovered a new variant of Dridex – one of the most nefarious banking Trojans actively targeting financial sector – with a new, sophisticated code injection technique and evasive capabilities called “AtomBombing.” On Tuesday, Magal Baz, security researcher at Trusteer IBM disclosed new research, exposing the new Dridex version 4, which is the latest ...

  • Could cybersecurity sink your next M&A?

    February 26, 2017

    Most CFOs don’t expect to see cybersecurity on their due diligence checklist for mergers and acquisitions. Yet cybersecurity – or a lack thereof – has massive implications for any deal: after all, the average data breach now costs organisations in the ballpark of $4 million, not to mention the potential damage to reputation and revenues when ...

  • Malware Attack on Polish Banks Uses Russian as False Flag, Linked to Lazarus

    February 21, 2017

    Hackers involved in the attack on Polish banks seem to have faked some of the code lines, making it seem as if they were Russians. The truth is, however, the lines don’t make sense to native speakers and an online translator may have been used. A recent sophisticated attack campaign targeted financial organizations from many countries, ...

  • 76 iOS Apps, Including Medical and Banking Tools, Are Exposing Data to Hackers

    February 7, 2017

    Seventy-six popular apps in the Apple App Store are vulnerable to silent interception of TLS-protected data due to a poor implementation of the cryptographic protocol. According to researcher Will Strafach, who wrote on Medium, the apps are vulnerable to man-in-the-middle attacks. Data that is normally protected by Transport Layer Security can now be read or manipulated ...

  • Invisible Malware Found in Banking Systems in over 40 Countries

    February 7, 2017

    Banks, telcos, and even governmental agencies in the United States, South America, Europe, and Africa are being targeted by hackers in a series of ongoing attacks that are extremely difficult to detect. According to a new Kaspersky Lab report, at least 140 banks and other enterprises have been infected by malware that’s nearly invisible. Although this ...

  • Polish Banks Hacked using Malware Planted on their own Government Site

    February 6, 2017

    In what considered to be the largest system hack in the country’s history and a massive attack on the financial sector, several banks in Poland have been infected with malware. What’s surprising? The source of the malware infection is their own financial regulator, the Polish Financial Supervision Authority (KNF) — which, ironically, is meant to keep ...

  • Dridex Is Back, Uses New Windows UAC Bypass Method

    January 30, 2017

    Banking malware Dridex is back and it’s worse, targeting British financial institutions with a new technique that has the capability of bypassing Windows User Account Control. Researchers at security firm Flashpoint detected small phishing and spear-phishing campaigns targeting specific recipients. The messages contained macros in document attachments that allowed the download of the Dridex malware. This User ...

  • UK spy agency hires Indian startup for cybersecurity programme

    January 27, 2017

    The next time a hacker tries to break into a British bank, chances are that technology from a small Indian startup will detect the hack. Earlier this month, Britain’s top communications spy agency GCHQ (Government Communications Headquarters), which had cracked Nazi Germany’s legendary Enigma codes during the Second World War, chose Pune-based cyber security startup ...

  • Lloyds Bank Hit with DDoS Attack for Three Days Straight, Reasons Yet Unknown

    January 23, 2017

    Lloyds Bank was hit with a DDoS attack for three days straight as hackers tried to crash the website, managing to cause intermittent outages for customers on the personal banking websites. It seems that it all happened two weeks ago, starting on January 11 and ending on Friday 13, the Financial Times reports. The largest lender in ...

  • Hedge funds to invest more in technology and cyber defence

    January 12, 2017

    Investments by hedge funds into technology advancement is set to increase in the coming five years, as more executives within the industry become concerned about the impact of technology on their competitiveness. A new report finds that they will leverage a broad range of investment strategies to meet needs, from building their own systems to outsourcing. ...