Banking and Finance


  • Cobalt threat group serves up SpicyOmelette in fresh bank attacks

    September 27, 2018

    Advanced persistent threat group (APT) the Cobalt Gang, also known as Gold Kingswood, is spreading SpicyOmelette malware in campaigns targeting financial institutions worldwide. In a world where cyberattacks against businesses and consumers alike are spreading and evolving in nature and sophistication, it is often financial institutions which bear the brunt. Banking customers hoodwinked by fraudulent schemes or ...

  • Tesco Bank facing £30m fine from FCA over 2016 cyber attack

    September 24, 2018

    Tesco Bank could be fined as much as £30 million over its 2016 cyber attack that compromised the accounts of at least 40,000 of its seven million customers. The attack in November 2016 is one of the most serious ever on a UK retail bank, with money stolen from 20,000 accounts over one weekend – some customers seeing ...

  • Mirai Botnet Creators Helping FBI Fight Cybercrime to Stay Out of Jail

    September 19, 2018

    Three young hackers who were sentenced late last year for creating and spreading the notorious Mirai botnet are now helping the FBI to investigate other “complex” cybercrime cases in return to avoid their lengthy prison terms. Paras Jha, 21 from New Jersey, Josiah White, 20 from Washington, and Dalton Norman, 21 from Louisiana, plead guilty in December 2017 to multiple ...

  • OilRig APT Continues Its Ongoing Malware Evolution

    September 13, 2018

    The Iran-linked APT appears to be in a state of continuous tool development, analogous to the DevOps efforts seen in the legitimate software world. OilRig, an APT group believed to have ties to Iran, has been spotted in yet another campaign in the Middle East – this time targeting victims within an undisclosed government using an ...

  • Osiris Banking Trojan Displays Modern Malware Innovation

    September 12, 2018

    Osiris’ fundamental makeup positions it in the fore of malware trends, despite being based on old source code that’s been knocking around for years. After staying dormant for few years, the Kronos banking trojan resurfaced in July in a form dubbed Osiris. A wider analysis of how the banking trojan is evolving shows innovative development on ...

  • Bad Actors Sizing Up Systems Via Lightweight Recon Malware

    September 11, 2018

    These stealthy downloaders initially infect systems and then only install additional malware on systems of interest. Well-known financial crime gang Cobalt Group and other threat actors have recently shifted tactics to incorporate lightweight modular downloaders that “vet” target machines for their attractiveness before proceeding with a full-fledged attack. The emergence of the AdvisorsBot and Marap malwares, as ...

  • British Airways breach caused by the same group that hit Ticketmaster

    September 11, 2018

    A cyber-criminal operation known as Magecart is believed to have been behind the recent card breach announced last week by British Airways. The operation has been active since 2015 when RisqIQ and ClearSky researchers spotted the malware for the first time. The group’s regular mode of operation involves hacking into online stores and hiding JavaScript code that steals payment card information entered ...

  • Mirai, Gafgyt IoT botnets stab systems with Apache Struts, SonicWall exploits

    September 10, 2018

    New variations of Mirai and the Gafgyt botnet are harnessing new vulnerabilities to compromise IoT devices, including the security flaw which caused the 2017 Equifax data breach. On Sunday, researchers from the Palo Alto Networks Unit 42 team said in a blog postthat new variants of the botnets have been upgraded with a slew of exploits designed to ...

  • FIN6 returns to attack retailer point of sale systems in US, Europe

    September 5, 2018

    A new malware campaign has been detected which is targeting point-of-sale (PoS) systems across the United States and Europe. On Wednesday, researchers from IBM X-Force IRIS said the attacks have been attributed to the FIN6 cybercriminal group. This is only the second time that a campaign has been documented which appears to be the handiwork of FIN6. According to FireEye (.PDF), ...

  • New Silence hacking group suspected of having ties to cyber-security industry

    September 5, 2018

    At least one member of a newly uncovered cybercrime hacking group appears to be a former or current employee of a cyber-security company, according to a new report released today. The report, published by Moscow-based cyber-security firm Group-IB, breaks down the activity of a previously unreported cyber-criminal group named Silence. According to Group-IB, the group has spent the ...

  • ‘CamuBot’ Banking Malware Ups the Trojan Game with Biometric Bypass

    September 4, 2018

    CamuBot is a unique malware targeting Brazilian bank customers that attempts to bypass biometric account protections. Brazilian bank customers are being warned of malware dubbed CamuBot that hides in plain sight and presents itself as a required end-user security module provided by a bank. The malware goes so far as to include bank logos that look and ...

  • Cyber threat against Danish banks ‘very high’: agency

    September 1, 2018

    The cyber threat against Denmark’s financial sector is considered to be very high, according to a report by the Centre for Cyber Security (Center for Cybersikkerhed). The centre, which is a department of military security agency FET (Forsvarets Efterretningstjeneste), assesses cyber threats against Denmark and Danish businesses. “The threat posed to the Danish financial sector by cyber ...

  • Cobalt Group Targets Banks in Eastern Europe with Double-Threat Tactic

    August 30, 2018

    The campaign uses double infection points and two command-and-control servers. The infamous financial cybercrime gang known as Cobalt Group has been spotted actively pushing a fresh campaign that uses a peculiar tactic: Double infection points and two command-and-control (C2) servers. The Cobalt Group, a known financial cybercrime ring since 2016, has been suspected in attacks in dozens ...

  • How hackers managed to steal $13.5 million in Cosmos bank heist

    August 27, 2018

    Earlier this month, reports surfaced which suggested that Cosmos Bank, India’s oldest at 112 years old, had become the victim of a cyberattack which left the institution millions out of pocket. The attack reportedly took place in two stages been August 10 – 13. According to the Hindustan Times, malware was used on the bank’s ATM server ...

  • Dark Tequila Banking Malware Uncovered After 5 Years of Activity

    August 21, 2018

    Security researchers at Kaspersky Labs have uncovered a new, complex malware campaign that has been targeting customers of several Mexican banking institutions since at least 2013. Dubbed Dark Tequila, the campaign delivers an advanced keylogger malware that managed to stay under the radar for five years due to its highly targeted nature and a few evasion techniques. Dark ...

  • FBI Warns Of ATM Hacking Campaign

    August 16, 2018

    The FBI has warned banks that cybercriminals are preparing to carry out a “highly choreographed, global fraud scheme known as an ‘ATM cash-out’.” The threat, reported by Krebs On Security cybersecurity blog, will apparently see criminals hacking a bank or payment card processor, and using cloned cards at ATMs around the world to fraudulently withdraw “millions of ...

  • Highly Flexible Marap Malware Enters the Financial Scene

    August 16, 2018

    A new downloader, which has been spotted in an array of recent email campaigns, uses anti-analysis techniques and calls in a system fingerprinting module. A newly discovered downloader malware has been discovered as part of a new campaign primarily targeting financial institutions. Researchers at Proofpoint said today that the downloader – dubbed “Marap” after its command-and-control phone-home ...

  • India’s Cosmos Bank loses $13.5 mln in cyber attack

    August 14, 2018

    Cyber criminals hacked the systems of India’s Cosmos Bank and siphoned off nearly 944 million rupees ($13.5 million) through simultaneous withdrawals across 28 countries over the weekend, the bank has told police. The co-operative bank said unidentified hackers stole customer information through a malware attack on its automated teller machine (ATM) server, withdrawing 805 million rupees ...

  • U.S. Payment Processing Services Targeted by BGP Hijacking Attacks

    August 6, 2018

    According to a new report, three United States payment processing companies were targeted by BGP hijacking attacks on their DNS servers. These Internet routing attacks were designed to redirect traffic directed at the payment processors to servers controlled by malicious actors who would then attempt to steal the data. On three separate dates in July, Oracle ...

  • DOJ Nab Three FIN7 Cybercrime Suspects in Europe

    August 1, 2018

    Three people believed to be member of the FIN7 (or Carbanak) hacking group have been arrested in Europe, according to the US DOJ. Three suspected members of the FIN7 cybercrime group have been arrested in Europe and accused of hacking more than 120 U.S.-based companies with the intent of stealing bank cards. In total, U.S. Department of ...