How Standard Chartered approaches cyber security

Speaking at the ConnectGov Leaders Summit 2020, Darren Argyle, Standard Chartered’s group chief information security risk officer, said “seamless security” was being built into new banking platforms and digital banking services in a security-by-design approach.

Besides offering traditional banking services, the bank operates digital-only banks in Africa, and more recently in Hong Kong.

To secure these services, it uses secure application programming interfaces to facilitate dynamic exchange of transactions within financial systems, as well as verification and authentication mechanisms.

“Digital transformation and having the confidence of our customers goes hand in hand,” said Argyle. “We’re continuing to maintain that sustainable trust over the longer term.”

Like other large organisations, Standard Chartered has had its share of cyber attacks, including phishing threats which have grown by 31% since the start of the year. The bank is also concerned about the rising number of ransomware attacks on third-party suppliers across the industry.

Argyle said he hoped third-party suppliers would get a handle on their security posture, “given the difficulties that a lot of companies are having with remote working, which is stretching people quite thinly”.

Banks need stronger cyber security - RBNZ

Reserve Bank deputy governor Geoff Bascand - responsible for financial stability - said improving cyber resilience had become a key priority for regulators around the world.

The central bank's draft guidance on the topic would apply to all the entities it regulated and draws heavily from international and national cybersecurity standards and guidelines.

"As cyber risk continues to rise, there is growing awareness that cyber incidents could present risks to the stability of the entire financial system," Bascand said.

He said the recent spate of cyber attacks across New Zealand was a reminder of the disruption they can cause.

"Last November we announced an evolution in our policy stance towards taking a more proactive interest in improving the cyber resilience of the financial sector in New Zealand."

Consultation on the draft closes 29 January, with the final guidance to be released early next year.

"We are open to feedback on the guidance, but we expect it will be useful for firms as they develop their own frameworks to address the cyber risks they face," he said.

Billions of devices vulnerable to new 'BLESA' Bluetooth security flaw

 Billions of smartphones, tablets, laptops, and IoT devices are using Bluetooth software stacks that are vulnerable to a new security flaw disclosed over the summer.

Named BLESA (Bluetooth Low Energy Spoofing Attack), the vulnerability impacts devices running the Bluetooth Low Energy (BLE) protocol.

BLE is a slimmer version of the original Bluetooth (Classic) standard but designed to conserve battery power while keeping Bluetooth connections alive as long as possible.

Due to its battery-saving features, BLE has been massively adopted over the past decade, becoming a near-ubiquitous technology across almost all battery-powered devices.

As a result of this broad adoption, security researchers and academics have also repeatedly probed BLE for security flaws across the years, often finding major issues.

TrickBot Trojan: A Short Analysis of the Modular Banking Malware

 TrickBot is a well known modular banking trojan that sometimes acts as an info-stealer or malware dropper. Active since 2016, it has been updated several times with new features and modulations. Recently, it was used along with Ryuk ransomware to target several organizations.

Top targets

TrickBot is used in various attack campaigns to provide a gateway inside a targeted network and act as a dropper to deploy additional ransomware (e.g., Conti, Ryuk, and Emotet). However, it is mostly used to steal information from financial institutions located in the U.S.

In August 2020, it was used in Emotet’s spam campaign sending COVID-19 related emails to U.S. businesses.

In the month of July, TrickBot was observed being installed along with Emotet to infect Windows computers.

In April 2020, TrickBot operators were also observed to be taking advantage of the coronavirus pandemic by sending spam emails related to the Department of Labor FMLA theme.

Modus operandi

TrickBot used several techniques of propagation ranging from smishing, COVID-19 lures, and spam emails, to brute-forcing Remote Desktop Protocol (RDP) endpoints and using the mworm module.

TrickBot's Anchor malware platform known as “Anchor_DNS” was ported to infect Linux devices in July.

At the beginning of July, TrickBot started a new technique of evading detection by checking the screen resolutions of victims to identify if they are running virtual machines or not.

In early-June 2020, the TrickBot operators were found to be using the BazarBackdoor to gain access to targeted networks.

Hackers targeted thousands of CRA, government service accounts in ‘credential stuffing’ attacks

 The federal government is warning Canadians not to reuse old passwords after thousands of accounts, including CRA logins, were targeted in a credential stuffing attack.

Hackers obtained and attempted to use the GCKey passwords and usernames of 9,041 people, the Treasury Board of Canada Secretariat said in a statement Saturday.

GCKey is the online authentication system that allows people access to Service Canada, Refugees and Citizenship Canada and more than two dozen other government departments.

For a third of the accounts affected, the hackers were successful in accessing government services online. Those accounts will be “further examined for suspicious activity,” the statement said.

As part of that attack and another recent incident, 5,500 CRA accounts were targeted.

STORY CONTINUES BELOW ADVERTISEMENT

The federal government said all compromised accounts have been disabled and those affected are being contacted. They will receive instructions on how to restore their GCKey or CRA MyAccount access.

Credential stuffing is a form of cyberattack that relies on databases of stolen login information made available through previous data breaches. The hackers use those credentials try to gain access to different online services.

FSCA and cybercrime — making sure the guard dog is guarded

The digital age is characterised by rapid change and the introduction of pioneering solutions that have the power to make a real difference. Unfortunately, with these innovative solutions comes increased exposure to cybercrime — a fact many South Africans are intimately familiar with, given that more than nine attempted attacks take place every second.

The truth is that no individual or business is immune to the possibility of an attack. Addressing this risk and the catastrophic consequences that come from it requires an intensive approach, something we as the Financial Sector Conduct Authority (FSCA) are aware of, take seriously and are investing in. As the authority responsible for regulating the way SA financial firms conduct themselves, we are required to stay ahead of the curve.

Our cybersecurity technology investments need to be targeted, business-driven, and focused on mitigating the threats and vulnerabilities of our current operations. Improving our ability to detect and respond to cyber threats swiftly is core to what we do. This thinking is important for us to avoid incidents of stolen intellectual property, lost customer data, crippling ransomware and other forms of cybercrime. This is why we have adopted a risk-based approach in our cybersecurity strategy, supported by a dedicated team that is charged with ensuring its implementation.

Security with a spin: How Xinja’s creating a secure bank in a digital age

Banking in Australia is changing, and quickly. 

The banking and finance sector has seen a flood of tech-driven neobanks and fintechs hit the market in recent years, and if the levels of interest these players have generated is anything to go by, Australians have a real appetite for change. 

In fact, according to a 2019 Mozo survey, one in four Aussies have switched or are considering switching to a neobank.

However, one of the biggest hurdles these digital players face is convincing consumers that the move to a digital-only platform won’t compromise safety and security. Hardly a surprise when money is on the line. 

So, to delve into the issue and learn more about how one of Australia’s leading neobanks is approaching all things security, we sat down with Jean-Baptiste Bres, chief information security officer at Xinja.

More than just money 

Cost, features, ease of use - these are all factors considered important by Australians when it comes to their banking experience. But as 42% of respondents in our 2019 neobank survey showed, the number one priority is security. 

So why is security important, and just what are banks protecting? 

As Bres explains, for a bank - especially a new bank - proving oneself on the issue of security is vitally important - particularly in building trust with customers. 

COVID heightening bank vulnerability to cyber attack

The “large-scale shift” to digital banking and remote work off the back of the COVID-19 crisis has heightened the banking sector’s exposure to cyber attack, according to Moody’s.

Over the past few months, banks, like most businesses, have leveraged digital technology to facilitate remote work in response to social distancing measures imposed to curb the spread of COVID-19.

However, according to Moody’s Investors Service, the transition has “increased banks’ vulnerability to cyber attacks”.

Cybersecurity: Beware! Coronavirus-themed attacks on the rise

New Delhi was among the top 10 cities in the world that recorded the highest number of cyber attacks during the two-month- long lockdown, with many of them coronavirus-themed attacks according to a report by digital technology provider Subex. India was among the top five most attacked countries in the region throughout the quarter. The country attracted attacks of relatively high quality (as compared to other regions and last year).

HOW FIS IS USING ARTIFICIAL INTELLIGENCE TO MONITOR AND PREVENT CYBER FRAUD

Business continuity amid the COVID-19 lockdown is a big issue for all companies. Firms are not just at risk of facing outages, but also face continuous data security vulnerabilities and cyber threats. As per a study by PwC, the volume of cyberattacks on Indian companies has gone exponential as cybercriminals utilise the new work paradigm brought about by the COVID-19 outbreak to infiltrate corporate networks and steal data. 

With the lockdown around the world, employees are expected to continue working remotely, which is undoubtedly a threat to most companies as the network perimeter has expanded radically. In the new work setting, fraudsters are using fake emails, websites, and VPAs (Virtual Payment Address) for fraud and social engineering.

rowing Threat of Destructive Attacks is One of the Top Cyber Risks Organizations Face

At a time of technological transformation and “cyber everywhere”, the attack surface for organizations is exponentially growing and cyber criminals are going after operational systems and backup capabilities simultaneously in highly sophisticated ways—leading to enterprise-wide destructive cyber attacks.

That’s one of the key findings of a report by consulting firm Deloitte released earlier this year, before the coronavirus pandemic and its related security threats had yet to make a significant impact on the world.

Recent cyber attacks just the tip of the iceberg for Australia

In a year already marred by natural and biological crises, cyber security failures remain a critical threat.

Government agencies and big Australian companies have fallen victim to cyber attacks with unprecedented visibility.

Industry and government need to understand why we are more exposed, what we can learn from recent national security events, and how to build a more cyber-resilient nation.

Cyber Security in Shipping during COVID-19 pandemic

The COVID-19 crisis has been testing the foundations of our lives, societies and economies posing huge challenges for the future. Organisations across industries are rightly focusing on their employees’ well-being, whilst making sure that their operations continue undisrupted and at the same time, adapting to the new ways of operating. Inevitably, secondary aspects of day-to-day operations such as cyber security may fall by the wayside, potentially increasing the risk of cyber security attacks. Cyber criminals are cognisant of the change in priorities, making the pandemic an attractive opportunity for them to make their way into corporate networks to steal data, money or cause disruption.

Cyber security is an important part of the military’s quick response to the COVID-19 coronavirus pandemic

In response to the COVID-19 coronavirus pandemic, the U.S. armed forces have set up hospitals almost overnight, conducted medical supply flights around the world, deployed hospital ships on both coasts, and activated reserve and retired medical personnel to support hard-hit communities.

At the same time, the military has continued critical missions across the globe. One of these missions is working to ensure that military networks have sufficient cyber security capacities, including the ability to protect essential communications systems and data networks that support virus response efforts.

After half-a-century of the Cold War and nearly 20 years of combating violent global extremism, it is little wonder that Americans are most familiar with their military's capabilities to fight. The ability of the Armed Forces to build infrastructure, move supplies, and provide medical support was always there, but in the background.

Cyber Security Today

Don’t fall for this complaint scam, sex in email, and watch out for this sophisticated banking telephone fraud.

Cybersecurity cases rise by 82.5%

MORE people are online now – be it for business, education, entertainment, socialising or working from home due to the movement control order (MCO).

But the higher usage of technology also means bigger risks of running into cyberthreats.

About 352 accounts on the video conferencing app Zoom were compromised on Wednesday, including a healthcare provider in the US and seven educational institutions.

Cyber security amid a global pandemic

To cope with operational issues such as denied physical access, quarantined vessels and travel restrictions, shipowners are now actively opening for remote access and implementing remote digital survey tools towards vessels and encouraging shore staff to work remotely from home.

There is also increased use of mobile devices to access operational systems onboard vessels and core business systems in the company. Unprotected devices could lead to the loss of data, privacy breaches, and systems being held at ransom. Data is an asset and protecting it requires a good balance between confidentiality, integrity and availability.

In an era of cyber everywhere, with more technological transformation, use of cloud, and broader networking capabilities towards vessels, the threat landscape continues to increase. Cyber-criminals will look to attack operational systems and backup capabilities simultaneously in highly sophisticated ways leading to destructive cyber attacks. Cyber security depends not only on how company and shipboard systems and processes are designed but also on how they are used – the human factor.

NITDA is Shutting Down Fake COVID-19 Websites in Nigeria

The COVID-19 pandemic has been cause for alarm across the world in recent months – from disrupting global economies and international trade relations to perpetuating the largest work-from-home migration.

In the wake of this outbreak, fake news has wreaked havoc as people try to decipher what’s real and what’s fiction. Unsurprisingly, a number of fraudsters have used the current climate of confusion to capitalise off of unsuspecting Nigerians.

According to the National Information Technology Development Agency (NITDA), a number of fraudulent websites have been spreading misinformation and using phishing tactics to gain traffic.

How CISOs Should Prepare for Coronavirus Related Cybersecurity Threats

The Coronavirus is hitting hard on the world's economy, creating a high volume of uncertainty within organizations.

Cybersecurity firm Cynet today revealed new data, showing that the Coronavirus now has a significant impact on information security and that the crisis is actively exploited by threat actors.

In light of these insights, Cynet has also shared a few ways to best prepare for the Coronavirus derived threat landscape and provides a solution (learn more here) to protect employees that are working from home with their personal computers because of the Coronavirus.

Ransomware attack hundreds of LaSalle County government computers

LASALLE COUNTY (WEEK) -- The LaSalle County government is seeing a big interruption to its services this week. The LaSalle County government is seeing a big interruption to its services this week.

The county is dealing with a ransomware attack on its computers discovered by the Sheriff's Office last Sunday around 3:30 a.m.

Ransomware is a type of virus which locks up all the files on a computer, as hackers demand a ransom, usually money or Bitcoin, to release them.

How to do your banking online without putting your security at risk

Tech is supposed to make our lives easier, right? Instead of having to stand in line at the bank, we can just whip out our phones and fire up an app to move money around. That’s all well and good, but what happens when a hacker jumps into the mix?

Making financial transactions online can open us up to some potentially nasty side effects. If you don’t take proper safety precautions, an enterprising cyber criminal can take advantage of your weak security and crack your accounts right open.

Qakbot virus removal guide

Qakbot (also known as Qbot) is a banking trojan designed to steal personal information. Cyber criminals proliferate this virus using spam email campaigns. These emails are delivered with malicious attachments (Microsoft Office [typically Word] documents) that are presented as various important documents (bills, invoices, and so on). Criminals attempt to trick users into opening these files, which then leads to infiltration of Qakbot. In most cases, spam emails are sent via the Geodo (Emotet) botnet.

Hackers bank big bucks at live hacking event in France

Hackers descended on the French city of Lille this week to participate in a live bug bounty event, hosted by European platform YesWeHack.

Four organizations participated in the event, which took place on Wednesday and Thursday (January 28-29), as part of the 2020 Forum International de la Cybersécurité (FIC), an annual conference and trade show.

Companies taking part in the hacker competition included The Red Cross, Oui SNCF, secure messaging provider Olvid, and Cybermalveillance.gouv.fr, a cybersecurity division of the French government.

Alleged Bezos hacking raises concerns on smartphone security

Allegations that Amazon boss and Washington Post owner Jeff Bezos had his phone hacked by Saudi Crown Prince Mohammed bin Salman have put a spotlight on the security of smartphones and the secretive tools used to hack them.

Smartphones are effectively pocket-sized computers that run apps on operating systems such as Apple's iOS or Google's Android. Those devices have enabled a new world of connectivity – unlimited free calls over WhatsApp, for example, or an atlas worth of up-to-the-second maps from Google – but also a parade of potential security problems.

What is ethical hacking?

Ethical hacking is an authorized process of attempting to gain unauthorized access over a defined network, computer, or data. It is performed by security experts called “white hats,” aimed to improve the security posture of an organization. An ethical hack can be defined as how perfectly one can copy malicious hacker’s actions and strategies. Ethical hackers identify vulnerabilities and suggest resolving before malicious attackers exploited them. They work proactively while pentesting the systems or networks on approval of the organization.

British banks hit by hacking of foreign exchange firm Travelex

Britain’s largest retail banks have been forced to halt processing foreign currency orders after a cyberattack on exchange provider Travelex.

Computer systems at the travel money firm have been down for more than a week since a malware attack on New Year’s Eve, leaving Lloyds, Barclays, HSBC and the Royal Bank of Scotland, among others, unable to process transactions.

The hackers have reportedly demanded $6 million in return for encrypted customer data. But in a statement late on Wednesday, Travelex said the system had been taken down as a “precautionary measure” following the discovery of the virus, and that its investigation had shown that customer data had not been compromised.

Researcher Spots New Tricks in Web Payment Card Skimmers

E-commerce sites have been under siege from cybercriminals who seek to sneak malicious code into checkout processes. A researcher has found two new methods that payment card number thieves are using to try to stay under the radar.

The attackers are sometimes referred to as Magecart, a name for a slew of groups that steal payment card numbers. These attackers often capitalize on vulnerabilities in e-commerce software or other security mistakes that allow for the injection of malicious Javacript, dubbed sniffers or skimmers.