Banking and Finance


  • Mobile Rotexy Malware Touts Ransomware, Banking Trojan Functions

    November 26, 2018

    A mobile malware has accelerated its activity in 2018, launching more than 70k attacks in August through October. Mobile malware, dubbed Rotexy, has evolved from being spyware to now a dangerous banking trojan packing a host of new clever features. Researchers report 70,000 attacks between August and October with targets primarily based in Russia. In a technical brief released ...

  • Lazarus APT Uses Modular Backdoor to Target Financial Institutions

    November 21, 2018

    The advanced persistent threat group Lazarus with North Korean links has been observed using a modular backdoor during last week to compromise a series of Latin American financial institutions by Trend Micro’s Lenart Bermejo and Joelson Soares. As unearthed by the Trend Micro research team, the APT38 threat group successfully compromised a number of computing systems ...

  • Russian Banks Under Phishing Attack

    November 16, 2018

    Banks in Russia today were the target of a massive phishing campaign that aimed to deliver a tool used by the Silence group of hackers. The group is believed to have a background in legitimate infosec activities and access to documentation specific to the financial sector. The fraudulent emails purported to come from the Central Bank of Russia (CBR) ...

  • Devastating Cyberattack Shakes Up Pakistan’s Financial Sector

    November 14, 2018

    According to PakCERT’s Qazi Misbah, 22 banks in the country were subject to a catastrophic cyber attack on October 27th of this year. 19,864 accounts with client banking data were hit, with some victims saying that funds were stolen. Amongst the many targets was the former Chief Scientist of Khan Research Laboratories, who says that Rs3 ...

  • Emotet Campaign Ramps Up with Mass Email Harvesting Module

    November 12, 2018

    The new variant can exfiltrate emails for a period going back 180 days, en masse. A large-scale spam campaign has launched, spreading the Emotet banking trojan. Worryingly, the offensive has launched about a week after a fresh module for mass email-harvesting was detected for the malware. Emotet is technically a banking trojan, but it’s most often used ...

  • ‘Almost all’ Pakistani banks hacked in security breach, says FIA cybercrime head

    November 6, 2018

    In a shocking revelation, the head of the Federal Investigation Agency’s (FIA) cybercrime wing has said data from “almost all” Pakistani banks was stolen in a recent security breach. “According to a recent report we have received, data from almost all Pakistani banks has been reportedly hacked,” FIA Cybercrimes Director retired Capt Mohammad Shoaib told Geo News on Tuesday. When ...

  • HSBC discloses security incident

    November 6, 2018

    Banking giant HSBC disclosed on Monday a security incident that impacted an undisclosed number of the institution’s customers. “HSBC became aware of online accounts being accessed by unauthorized users between October 4, 2018 and October 14, 2018,” the bank wrote in a data breach notification lettersubmitted to Californian authorities. The bank said it suspended access to online accounts ...

  • Microsoft regularly shared data of India bank customers with US intelligence agencies, claims report

    November 2, 2018

    Technology company Microsoft has routinely shared the financial details of Indian bank customers with intelligence agencies in the United States, DNA reported on Tuesday. According to the newspaper, the Reserve Bank of India flagged its concerns on the matter in a risk assessment report it has placed before banks’ audit committees. The central bank found that the data ...

  • Malware Distributors Adopt DKIM to Bypass Mail Filters

    October 25, 2018

    In July 2018, US-CERT raised an alert regarding the Emotet banking trojan, which is also being used to distribute a secondary malware known as “Trickbot”. This alert provided recommendations on how businesses can mitigate their exposure to the Trojan. Unfortunately, it looks like criminals are also reading the US-CERT’s warnings as they have adopted new techniques ...

  • Bank Servers Hacked to Trick ATMs into Spitting Out Millions in Cash

    October 3, 2018

    The US-CERT has released a joint technical alert from the DHS, the FBI, and Treasury warning about a new ATM scheme being used by the prolific North Korean APT hacking group known as Hidden Cobra. Hidden Cobra, also known as Lazarus Group and Guardians of Peace, is believed to be backed by the North Korean government and ...

  • This is how cyber attackers stole £2.26m from Tesco Bank customers

    October 1, 2018

    The inner workings of a cyber attack against Tesco Bank which saw £2.26m stolen from 9,000 customers — and resulted in the bank being fined over £16.4m for the failings that allowed it to happen — have been revealed. The Financial Conduct Authority (FCA) has hit the bank with a £16.4m fine and said Tesco Bank failed to ...

  • DanaBot Banking Trojan Found Targeting European Countries

    September 27, 2018

    Security researchers recently discovered a banking trojan named DanaBot (detected by Trend Micro as TROJ_BANLOAD.THFOAAH) being distributed to European countries via spam emails. Here’s what you need to know about this threat, how users and businesses can defend against it, and how managed detection and response can help address this threat. What is DanaBot? DanaBot is a banking trojan, written in ...

  • Cobalt threat group serves up SpicyOmelette in fresh bank attacks

    September 27, 2018

    Advanced persistent threat group (APT) the Cobalt Gang, also known as Gold Kingswood, is spreading SpicyOmelette malware in campaigns targeting financial institutions worldwide. In a world where cyberattacks against businesses and consumers alike are spreading and evolving in nature and sophistication, it is often financial institutions which bear the brunt. Banking customers hoodwinked by fraudulent schemes or ...

  • Tesco Bank facing £30m fine from FCA over 2016 cyber attack

    September 24, 2018

    Tesco Bank could be fined as much as £30 million over its 2016 cyber attack that compromised the accounts of at least 40,000 of its seven million customers. The attack in November 2016 is one of the most serious ever on a UK retail bank, with money stolen from 20,000 accounts over one weekend – some customers seeing ...

  • Mirai Botnet Creators Helping FBI Fight Cybercrime to Stay Out of Jail

    September 19, 2018

    Three young hackers who were sentenced late last year for creating and spreading the notorious Mirai botnet are now helping the FBI to investigate other “complex” cybercrime cases in return to avoid their lengthy prison terms. Paras Jha, 21 from New Jersey, Josiah White, 20 from Washington, and Dalton Norman, 21 from Louisiana, plead guilty in December 2017 to multiple ...

  • OilRig APT Continues Its Ongoing Malware Evolution

    September 13, 2018

    The Iran-linked APT appears to be in a state of continuous tool development, analogous to the DevOps efforts seen in the legitimate software world. OilRig, an APT group believed to have ties to Iran, has been spotted in yet another campaign in the Middle East – this time targeting victims within an undisclosed government using an ...

  • Osiris Banking Trojan Displays Modern Malware Innovation

    September 12, 2018

    Osiris’ fundamental makeup positions it in the fore of malware trends, despite being based on old source code that’s been knocking around for years. After staying dormant for few years, the Kronos banking trojan resurfaced in July in a form dubbed Osiris. A wider analysis of how the banking trojan is evolving shows innovative development on ...

  • Bad Actors Sizing Up Systems Via Lightweight Recon Malware

    September 11, 2018

    These stealthy downloaders initially infect systems and then only install additional malware on systems of interest. Well-known financial crime gang Cobalt Group and other threat actors have recently shifted tactics to incorporate lightweight modular downloaders that “vet” target machines for their attractiveness before proceeding with a full-fledged attack. The emergence of the AdvisorsBot and Marap malwares, as ...

  • British Airways breach caused by the same group that hit Ticketmaster

    September 11, 2018

    A cyber-criminal operation known as Magecart is believed to have been behind the recent card breach announced last week by British Airways. The operation has been active since 2015 when RisqIQ and ClearSky researchers spotted the malware for the first time. The group’s regular mode of operation involves hacking into online stores and hiding JavaScript code that steals payment card information entered ...

  • Mirai, Gafgyt IoT botnets stab systems with Apache Struts, SonicWall exploits

    September 10, 2018

    New variations of Mirai and the Gafgyt botnet are harnessing new vulnerabilities to compromise IoT devices, including the security flaw which caused the 2017 Equifax data breach. On Sunday, researchers from the Palo Alto Networks Unit 42 team said in a blog postthat new variants of the botnets have been upgraded with a slew of exploits designed to ...