Category Archives: News

News

6 Cybersecurity challenges facing digital banking

Read Time:4 Minute, 24 Second

This blog was written by an independent guest blogger.

Cybersecurity is among the most critical issues facing financial institutions today. Cyberthreats have been on the rise over recent years at the same time digital banking has gained popularity among consumers. Banks that want to meet demand without compromising safety must overcome several key security challenges.

1. Remote work

Since the onset of the COVID-19 pandemic in 2020, remote work is no longer the exception but the rule. While many financial institutions had to move to remote work arrangements out of necessity, employees are staying home out of preference. Surveys from late 2021 indicate that 37% of people want to continue working fully remote even after the pandemic. Another 54% said they want a hybrid arrangement, split between remote work and office hours.

Banks need to consider their employees’ needs and best interests, but remote work does require some extra cybersecurity measures. People working from home, coffee shops or elsewhere lack the protection of an office’s physical cybersecurity defenses.

2. Phishing

Phishing attacks have been a favorite tool for cybercriminals recently. Mobile phishing attacks surged by a shocking 161% from 2020 to 2021. They use disguised emails or domains to trick individuals into downloading malware or giving away personal information, which is known as credential phishing.

Employees and customers are at risk of phishing when it comes to digital banking. Cybercriminals may send emails disguised as official bank correspondence to customers, which can prove effective for stealing financial information. Likewise, employees must be on the lookout for phishing that seeks login credentials to access customer information.

3. Malware and ransomware

Malware and ransomware have been among the most dangerous threats across all industries over the last couple of years. In-depth studies by INTERPOL found that the COVID-19 pandemic sparked a 36% increase in malware and ransomware attacks, a surge second only to that of phishing. These attacks are becoming more common and advanced. During the pandemic, the percentage of cyberattacks using previously unseen tactics has increased from 20%-35%.

Organizations have begun using next-gen cybersecurity tactics to defend against these advanced threats. Behavioral analysis, AI and machine learning are becoming increasingly common cybersecurity tools. Digital banking must also evolve, incorporating cutting-edge technologies to stay ahead of cyber criminals’ innovations.

4. Customer behaviors

Customer behavior can put data at risk just as much as employee behavior can, if not more. Poor cybersecurity practices from digital banking customers can compromise their information in seconds. Everything from reusing passwords to opening suspicious emails can quickly result in losing sensitive financial data. In fact, one of the biggest challenges in digital banking today is implementing cybersecurity at scale, covering millions of phones, tablets and computers.

There are a few ways digital banking organizations can prevent breaches due to customer errors. They can use well-designed mobile apps with a streamlined user experience and built-in security functions. A user might utilize the fingerprint scanner on their phone or another multifactor authentication method to access their account. Sending out regular correspondence on the importance of good security practices is another way to encourage customers to be careful with their banking data.

5. Spoofing

Spoofing is similar to phishing but often more complex. There are a few main types of spoofing attacks, all utilizing some form of impersonation. Domain spoofing consists of creating a fraudulent version of an actual domain meant to trick users into giving away login credentials and personal information. This tactic bets on the likelihood that people will not look closely if a website appears to be legitimate.

Similarly, a hacker could “spoof” a financial institution’s phone number to call or text customers. The bank’s correct caller ID will show up on the customer’s phone, making it difficult for customers to tell if it is a legitimate message or not. Even if people do not fall for spoofing attacks, digital banking organizations need to keep an eye out for them since they can decrease customer trust.

6. Fraud and identity theft

Fraud and identity theft has skyrocketed over recent years. The Federal Trade Commission received nearly 1.4 million reports of identity theft in 2020, which was approximately a 213% increase from 2019. These attacks are not new to financial institutions, but they are evolving with cybercrime. Now fraud and identity theft can be conducted through other cyberattack channels, and digital tactics may make it more difficult to detect.

Digital banking organizations must implement cybersecurity strategies that actively search for suspicious account activity to fight these attacks on the virtual front. This is one of the surest ways to catch fraud attempts. For example, a user attempting to buy something from an unusual location could indicate their information has been stolen, and a cybercriminal is utilizing it.

Evolving digital banking security

Cyberattacks are becoming more common and sophisticated every year. More consumers are turning to the internet for everything from shopping to paying their bills, so digital banking organizations must take their security to the next level. Protecting customers is no longer as simple as complex passwords. Financial institutions need to remain at the forefront of cybersecurity innovations in today’s digital banking environment. That way, they can stay ahead of cybercrime and stop breaches before they happen.

Read More

News

Smashing Security podcast #261: North Korea hacked, DEA cosplay, and Horizon Worlds drama

Read Time:19 Second

Who’s wearing the pyjamas while they take down North Korea’s internet? Is it a case of cop or cosplay in Oregon? And what’s to fear about the metaverse?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire’s Dave Bittner.

Read More

News

iPhone counterfeiting case highlights risks of supply/support chain manipulation

Read Time:42 Second

The sentencing of Haiteng Wu on February 2, 2022, for his participation in a three-plus-year conspiracy to defraud Apple out of just over $1.5 million shines the light on criminals who operate in the margins of warranty fulfillment of consumer products, such as the iPhone. All in, the criminals were able to garner 2,500 new iPhones for subsequent resale and had attempted to acquire 600 more but failed due to Apple quality control rejecting the warranty submission.

Wu graduated from the master’s program at Virginia Tech in 2015. He secured a position as an architectural engineer shortly thereafter. He also embarked on creating, evolving and growing a criminal enterprise that netted him $987,000, allowing him to pay cash for two condos (McLean and Arlington, Virginia).

To read this article in full, please click here

Read More

News

Vulnerabilities don’t count

Read Time:49 Second

I had a lovely chat with one of my favorite CISOs the other day, helping them think through the security metrics that they report upwards.  Front and center, as I see in almost every security metrics presentation, was a pair of my least favorite monthly measurements: average age of open vulnerabilities, and total open vulnerabilities.

I don’t hate a lot of things—okay, actually, I might actually hate a lot of things, but very few things top the professional hatred I have for vulnerability metrics reporting.  At best, they are a measurement of activity, not of effectiveness.  They remind me of the old firewall reports (“Look at how many port scans we stopped!”), which I’ll admit I had a special loathing for because security teams would block their web teams from using a content delivery network (CDN) simply because they would lose this report. [Disclosure: I used to be CISO at Akamai.]

To read this article in full, please click here

Read More

News

Russian Govt. Continues Carding Shop Crackdown

Read Time:5 Minute, 9 Second

Russian authorities have arrested six men accused of operating some of the most active online bazaars for selling stolen payment card data. The crackdown — the second closure of major card fraud shops by Russian authorities in as many weeks — comes closely behind Russia’s arrest of 14 alleged affiliates of the REvil ransomware gang, and has many in the cybercrime underground asking who might be next.

Dept. K’s message for Trump’s Dumps users.

On Feb. 7 and 8, the domains for the carding shops Trump’s Dumps, Ferum Shop, Sky-Fraud and UAS were seized by Department K, a division of the Ministry of Internal Affairs of the Russian Federation that focuses on computer crimes. The websites for the carding stores were retrofitted with a message from Dept. K asking, “Which one of you is next?”

According to cyber intelligence analysts at Flashpoint, that same message was included in the website for UniCC, another major and venerated carding shop that was seized by Dept. K in January.

Around the same time Trump’s Dumps and the other three shops began displaying the Dept. K message, the Russian state-owned news outlet TASS moved a story naming six Russian men who were being charged with “the illegal circulation of means of payment.”

TASS reports the six detained include Denis Pachevsky, general director of Saratovfilm Film Company LLC; Alexander Kovalev, an individual entrepreneur; Artem Bystrykh, an employee of Transtekhkom LLC; Artem Zaitsev; an employee of Get-net LLC; and two unemployed workers, Vladislav Gilev and Yaroslav Solovyov.

None of the stories about the arrests tie the men to the four carding sites. But Flashpoint found that all of the domains seized by Dept. K. were registered and hosted through Zaitsev’s company — Get-net LLC.

“All four sites frequently advertised one another, which is generally atypical for two card marketplaces competing in the same space,” Flashpoint analysts wrote.

Stas Alforov is director of research for Gemini Advisory, a New York firm that monitors underground cybercrime markets. Alforov said it is most unusual for the Russians to go after carding sites that aren’t selling data stolen from Russian citizens.

“It’s not in their business to be taking down Russian card shops,” Alforov said. “Unless those shops were somehow selling data on Russian cardholders, which they weren’t.”

A carding shop that sold stolen credit cards and invoked 45’s likeness and name was among those taken down this week by Russian authorities.

Debuting in 2011, Ferum Shop is one of the oldest observed dark web marketplaces selling “card not present” data (customer payment records stolen from hacked online merchants), according to Gemini.

“Every year for the last 5 years, the marketplace has been a top 5 source of card not present records in terms of records posted for sale,” Gemini found. “In this time period, roughly 66% of Ferum Shop’s records have been from United States financial institutions. The remaining 34% have come from over 200 countries.”

In contrast, Trump’s Dumps focuses on selling card data stolen from hacked point-of-sale devices, and it benefited greatly from the January 2021 retirement of Joker’s Stash, which for years dwarfed most other carding shops by volume. Gemini found Trump’s Dumps gained roughly 40 percent market share after Joker’s closure, and that more than 87 percent of the payment card records it sells are from U.S. financial institutions.

“In the past 5 years, Ferum Shop and Trump’s Dumps have cumulatively added over 64 million compromised payment cards,” Alforov wrote. “Based on average demand for CP and CNP records and the median price of $10, the total revenue from these sales is estimated to be over $430 million. Due to the 20 to 30% commission that shops generally receive, the administrators of Ferum Shop and Trump’s Dumps likely generated between $86 and $129 million in profits from these card sales.”

The arrests of the six men comes less than two weeks after Russian law enforcement officials detained four suspected carders — including Andrey Sergeevich Novak, the reputed owner of the extremely popular and long-running UniCC carding shop.

In 2018, the U.S. Justice Department charged Novak and three dozen other defendants thought to be key members of “Infraud,” a long-running cybercrime forum that prosecutors say cost merchants and consumers more than half a billion dollars.

Unicc shop, which sold stolen credit card data as well as Social Security numbers and other consumer information that can be used for identity theft. It was seized by Dept. K in January 2020.

Flashpoint said the recent arrests represent the first major actions against Russia-based cybercriminals since March 2020, when the FSB detained more than thirty members of an illicit carding operation, charging twenty-five of them with “illegal circulation of means of payment.”

Dumps, or card data stolen from compromised point-of-sale devices, have been declining in popularity among fraudsters for years as more financial institutions have issued more secure chip-based cards. In contrast, card-not-present data stolen from online stores continues to be in high demand, because it helps facilitate fraud at online retailers. Gemini says the supply of card-not-present data rose by 50 percent in 2021 versus 2020, fed largely by the success of Magecart e-skimmers that target vulnerabilities in e-commerce sites.

Alforov says while the carding shop closures are curiously timed, he doubts the supply of stolen card data is going to somehow shrink as a result. Rather, he said, some of the lower-tier card shops that were previously just resellers working with Trump’s Dumps and others are now suddenly ramping up inventory with their own new suppliers — very likely thanks to the same crooks who were selling cards to the six men arrested this week in Russia.

“What we’re seeing now is a lot of those reseller shops are coming to the market and saying, ‘We don’t have that order data we were getting from Ferum Shop but now have our own vendors,’” Alforov said. “Some of the lesser tier shops are starting to move up the food chain.”

Read More