Banking and Finance


  • Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices

    May 27, 2021

    Mandiant published detailed results of our investigations into compromised Pulse Secure devices by suspected Chinese espionage operators. This blog post is intended to provide an update on our findings, give additional recommendations to network defenders, and discuss potential implications for U.S.-China strategic relations. Mandiant continues to gather evidence and respond to intrusions involving compromises of Pulse ...

  • American Express Fined for Sending Millions of Spam Messages

    May 24, 2021

    American Express Services Europe has been fined £90,000 ($127,377) by a U.K. regulator, which found the company illegally blasted out 4 million marketing emails to customers who had opted out of receiving them. Critics said the fine, which is nominal for the multi-national financial brand, isn’t likely to do much to deter Amex, or any other ...

  • Air India cyber-attack: Data of millions of customers compromised

    May 22, 2021

    India’s national airline Air India has said a cyber-attack on its data servers affected about 4.5 million customers around the world. The breach was first reported to the company in February. Details including passport and ticket information as well as credit-card data were compromised. But Air India said security details for credit cards – CVV or CVC ...

  • Bizarro banking Trojan expands its attacks to Europe

    May 17, 2021

    Bizarro is yet another banking Trojan family originating from Brazil that is now found in other regions of the world. We have seen users being targeted in Spain, Portugal, France and Italy. Attempts have now been made to steal credentials from customers of 70 banks from different European and South American countries. Following in the ...

  • New Android malware targeting banks in Italy, Spain, Germany, Belgium, and the Netherlands

    May 11, 2021

    A new Android trojan has been identified by security researchers, who said on Monday that once it is successfully installed in the victim’s device, those behind it can obtain a live stream of the device screen and also interact with it via its Accessibility Services. The malware, dubbed “Teabot” by security researchers with Cleafy, has been ...

  • Google teams up with Stop Scams to tackle financial fraud in the UK

    May 8, 2021

    Google has joined Stop Scams and outlined new measures to try and clamp down on financial fraud in the United Kingdom. On Friday, Vice President and MD of Google UK & Ireland, Ronan Harris, said that Google is the first major tech giant to partner with Stop Scams UK, an industry-led group that aims to tackle ...

  • The UNC2529 Triple Double: A Trifecta Phishing Campaign

    May 4, 2021

    In December 2020, Mandiant observed a widespread, global phishing campaign targeting numerous organizations across an array of industries. Mandiant tracks this threat actor as UNC2529. Based on the considerable infrastructure employed, tailored phishing lures and the professionally coded sophistication of the malware, this threat actor appears experienced and well resourced. This blog post will discuss the ...

  • UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat

    April 29, 2021

    Mandiant has observed an aggressive financially motivated group, UNC2447, exploiting one SonicWall VPN zero-day vulnerability prior to a patch being available and deploying sophisticated malware previously reported by other vendors as SOMBRAT. Mandiant has linked the use of SOMBRAT to the deployment of ransomware, which has not been previously reported publicly. UNC2447 monetizes intrusions by extorting ...

  • Chase Bank Phish Swims Past Exchange Email Protections

    April 28, 2021

    Threat actors are impersonating Chase Bank in two phishing attacks that can slip past Microsoft Exchange security protections in an aim to steal credentials from victims — by spoofing real-life customer scenarios. Researchers from Armorblox recently discovered the attacks, one of which claims to contain a credit card statement, while the other informs users that their ...

  • Ransomware gang offers traders inside scoop on attack victims so they can short sell their stocks

    April 23, 2021

    Brazen ransomware groups are continuing to seek out new avenues to rake in profits and ratchet up pressure on victims. In one of the latest such developments, the DarkSide ransomware group is openly coaxing stock traders to reach out and receive the inside scoop on the gang’s latest corporate victims, so they can short sell ...

  • Carbanak and FIN7 Attack Techniques

    April 20, 2021

    Constant monitoring of threat groups is one of the ways that security researchers and law enforcement agencies are able defend systems against cybercrime. Among these cybercriminals are financially motivated threat groups Carbanak and FIN7. Although both names have at times been used to refer to the same group, organizations such as MITRE identifies them as ...

  • Cybercrime rises by almost 40% in Moscow since beginning of 2021

    April 19, 2021

    The number of cyber crimes in Moscow rose by almost 40% since the beginning of the year, “More than 14,600 crimes involving information and communication technologies were recorded in Moscow in the first quarter of the year, up 38% compared to the same period last year,” the statement reads. According to the prosecution authorities, most cyber criminals ...

  • 623M Payment Cards Stolen from Cybercrime Forum

    April 9, 2021

    The Swarmshop cyber-underground “card shop” has been hit by hackers, who lifted the site’s database of stolen payment-card data and leaked it online. That’s according to researchers at Group-IB, who said that the database was posted on a rival underground forum. Card shops, are online cybercriminal forums where stolen payment-card data is bought and sold. Researchers said ...

  • Meet Janeleiro: a new banking Trojan striking company, government targets

    April 6, 2021

    A banking Trojan striking corporate targets across Brazil has been unmasked by researchers. On Tuesday, ESET published an advisory on the malware, which has been in development since 2018. Dubbed Janeleiro, the Trojan appears to be focused on Brazil as a hunting ground and has been used in cyberattacks against corporate players in sectors including healthcare, engineering, ...

  • Financial Cyberthreats in 2020

    March 31, 2021

    2020 was challenging for everyone: companies, regulators, individuals. Due to the limitations imposed by the epidemiological situation, particular categories of users and businesses were increasingly targeted by cybercriminals. While we were adjusting to remote work and the rest of the new conditions, so were scammers. As a result, 2020 was extremely eventful in terms of ...

  • Fleeceware Apps Bank $400M in Revenue

    March 25, 2021

    About 204 different “fleeceware” applications with a combined billion+ downloads have raked in more than $400 million in revenue so far, via the Apple App Store and Google Play, analysis has revealed. Fleeceware apps generally offer users a free trial to “test” the app, before commencing automatic payments that can be exorbitant. In an analysis from ...

  • European Banking Authority discloses Exchange server hack

    March 8, 2021

    The European Banking Authority (EBA) took down all email systems after their Microsoft Exchange Servers were hacked as part of the ongoing attacks targeting organizations worldwide. EBA is part of the European System of Financial Supervision and it oversees the integrity orderly functioning of the EU banking sector. “The Agency has swiftly launched a full investigation, in ...

  • Maza Russian cybercriminal forum suffers data breach

    March 4, 2021

    The Maza cybercriminal forum has reportedly suffered a data breach leading to the leak of user information. On March 3, Flashpoint researchers detected the breach on Maza — once known as Mazafaka — which has been online since at least 2003. Maza is a closed and heavily-restricted forum for Russian-speaking threat actors. The community has been connected ...

  • Ursnif Trojan has targeted over 100 Italian banks

    March 3, 2021

    The Ursnif Trojan has been traced back to attacks against at least 100 banks in Italy. According to Avast, the malware’s operators have a keen interest in Italian targets and attacks against these banking institutions have led to the loss of credentials and financial data. The cybersecurity firm said on Tuesday that at least 100 banks have ...

  • TD Bank suffered systemwide banking outage, services now recovered

    February 25, 2021

    TD Bank has recovered from a major IT systems outage today that prevented account holders from accessing their online bank accounts, use ATM, or check balances over the phone. The outage started at approximately 2 AM EST this morning and prevented TD Bank members from logging into their online accounts. When attempting to do so, their systems ...