SlideShare a Scribd company logo

08 notable-security-incidents-in-the-finance-sector

C
Christos Laganas

Notable security incidents in the finance sector

Economy & Finance
1 of 17
Download to read offline
1H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY INNOV-ACTS, Limited H2020 FINSEC Project The FINSEC project is co-funded from the European Union’s Horizon 2020 programme under grant Agreement No 786727 Notable Recent Cybersecurity Incidents in the Finance Sector 15/04/2020
2H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Bangladesh Bank cyber heist (source: Wikipedia) Among the biggest cyber heist in history Fraudsters intruded SWIFT network Initial transfer was US $1 billion to Federal reserve bank of New York out of which $850 million were blocked Five of the thirty-five fraudulent instructions were successful in transferring $101 million, with $20 million traced to Sri Lanka and $81 million to Philippines. SWIFT Alliance Access software manipulation Happened sometime between February 4–5 when Bangladesh Bank's offices were closed. 4/15/2020
3H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Dridex take down operation and revival Dridex is a banking malware that has been seen most active between late 2015 and early 2016 At Oct 2015 UK’s National Crime Agency (NCA) in cooperation with Federal Bureau of Investigation (FBI) and Europol coordinated a take-down activity by ‘sinkholing’ infected computers’ traffic Before this operation there was an £20m of estimated losses in the UK alone (source: Europol) The cybercriminals were believed to be based in Eastern Europe and target end users via documents delivered by e-mail addresses that seem legitimate Despite its declined activity, Dridex malware continue to evolve and remains a serious threat to end-users of financial services 4/15/2020
4H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY The Volusion case Volusion is a company that provides e-commerce software and marketing and web design services to SME’s At October 9, 2019, Check Point security researcher Marcel Afrahim discovered that a malicious JavaScript file was injected in the checkout page of e-commerce sites to extract credit card information The attackers used Typosquatting and code injection (source: Zdnet) March 19, 2020 “Fraudsters have currently generated $1.6 million USD in revenue from these stolen payment cards, with the breach potentially exposing up to 20 million records.” Experts believe that cybercriminals operating under the moniker “Magecart” are behind this attack
5H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Bank of Valletta February 2019 various news outlets reported the hack of Bank of Valletta (BOV), one of Malta's biggest banks The hack took place on February 13, 2019. Using malware planted on the bank's internal servers, hackers transfered €13 million ($14.7 million) from the bank's internal systems to accounts in the UK, the US, the Czech Republic, and Hong Kong Security analysts believe that EmpireMonkey cybercrime group is believed to be behind this attack A number of accounts were used to receive those funds, one of them was in the UK and was held in Belfast. Around £800,000 was transferred. Attackers used macros to copy wscript.exe to another file 4/15/2020
6H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY ECB bring down reporting dictionary ECB discovered that Banks’ Integrated Reporting Dictionary (BIRD) website 15 August 2019 was breached (source: ECB - https://www.ecb.europa.eu/press/pr/date/2019/html/ecb.pr190815~b1662300c5.en.html) The breach was discovered after routine maintenance As a result, it was possible that the contact data (but not the passwords) of 481 subscribers to the BIRD newsletter may have been captured. The affected information consists of the email addresses, names and position titles of the subscribers. Attacker can use this data for further activities (conduct spear phishing attacks to high rank officials, management staff) 4/15/2020
7H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Binance Security Breach (Source: Company’s own website) Binance is a cryptocurrency exchange headquartered in Malta with significant presence in Asia The company disclosed the security breach on May 7, 2019 The hackers were able to withdraw 7000 BTC, worth worth nearly $41 million at the time of the incident Binance said hackers used various techniques --such as "phishing, viruses and other attacks"-- to gain access to user accounts, including "API keys, 2FA codes, and potentially other info." As a result, the cryptocurrency exchange had to suspend operations The company said it will compensate affected customers through its Secure Asset Fund for Users (SAFU) 4/15/2020
8H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Edenred Payment Solutions malware incident Edenred Payment Solutions is a French company specialized in prepaid corporate services (known for its Ticket Restaurant offering) The company disclosed that it detected malware in its IT infrastructure on 21 November 2019 (source: Edenred) Edenred was able to put back its systems into service on 23 November 2019 The company notified the authorities There is no indication of theft of personal data which would have a significant impact given that the company operates in 46 countries and managed 2.5 billion transactions in 2018 4/15/2020
9H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Sberbank Data Leak Sberbank is the largest bank in Russia operating in Russia, Europe and at many post-Soviet countries. The bank reported a possible data breach in 2 October 2019. The event was reported by popular news outlets as well Personal information of up to 60 million credit card holders were leaked in an incident that is probably the largest data leak in Russian banking. The data went on sale in online black market. Reportedly snippets of 200 customers were offered to potential “customers” for testing The database was offered being offered per line for 5 Russian Ruble (US$0.076) or in total 300 million rubles ($4.6 million) The bank believes that the leak can be attributed to an insider 4/15/2020
10H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY €24 MILLION CRYPTOCURRENCY THEFT On 25 June 2019, Europol announced the arrest of 6 individuals for cryptocurrency theft (source: Europol) Arrests were made after a joint operation of UK’s South West Regional Cyber Crime Unit (SW RCCU) with the Dutch police (Politie), Europol, Eurojust and the UK’s National Crime Agency (NCA) This was the result of a 14-month long investigation The theft, which targeted users’ Bitcoin tokens, is believed to have affected at least 4 000 victims in 12 countries Cybercriminals used typosquatting to spoof a well-known online cryptocurrency exchange to gain access to victims’ Bitcoin wallets 4/15/2020
11H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY GozNym Gang Arrested On May 16, 2019, Europol, the U.S. Department of Justice (DoJ), and six other countries, dismantled a group of international cyber criminals that is associated with GozNym malware The gang used GozNym malware to steal an estimated $100 million from 41000 victims and their financial institutions GozNym is a hybrid banking malware designed to capture victims’ online banking login credentials. It has been used since 2016 to target Polish, German and U.S. online banking The international operation included searches in Bulgaria, Georgia, Moldova and Ukraine. This led to criminal prosecutions in Georgia, Moldova, Ukraine and the United States. 4/15/2020
12H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Retefe: a 5 year long banking malware Retefe is a special banking malware that has been seen active between 2014 and 2019 It is a special piece of banking malware that is primarily targeting German, Swiss and Austrian individuals It has been initially discovered in 2014 by Trend Micro The malware operators used advanced methods to redirect users to spoofed internet banking sites in order to steal banking credentials Over the course of time, the malware has evolved from using proxies to Tor network and stunnel (secure tunneling) to redirect users in spoofed sites to achieve its illicit perposes 4/15/2020
13H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Metro bank (UK) hit by cyber attack On January 31, 2019 news outlets reported a cyber attack against Metro bank PLC in UK Sophisticated hackers exploited a flaw in SS7, a signaling protocol for telecom operators. They were able to intercept sms text that was used in 2-factor authentication (2FA) in e-banking This exploitation gave them the ability to perform banking transactions protected by 2FA The bank officials said that a small number of customers were affected As a result the bank’s risky assets raised by $900 million 4/15/2020
14H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY The Evercore security breach Various news outlets reported the security breach on Evercore (source: The Times) Evercore investment bank, headquartered in New York with a global presence was reportedly hacked in November 2018 The hack was the outcome of a successful phishing attack to one of the bank’s junior administrator in London The hackers got access to the administrator’s inbox and reportedly extracked 160.000 data objects like sensitive documents, invitations and emails Sources close to Evercore said there is no evidence of data misuse out of this hack 4/15/2020
15H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Cobalt group activity Cobalt is a cybergang targeting financial institutions (e-payment systems, ATMs, SWIFT) since at least 2013 The group mainly targets banks in Eastern Europe, Central Asia, and Southeast Asia Cobalt is likely associated with Carbanak remote backdoor Banks in more than 40 countries have been allegedly attacked by Cobalt group and the overall losses are estimated to be above EUR 1 billion (Source: Europol) The leader of the cybergang was arrested in March 2018 following an international operation between Europol, US FBI, the Romanian, Moldovan, Belarussian, Taiwanese and Spanish authorities 4/15/2020
16H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY DarkVishnya: Eight banks hacked in Eastern Europe According to Kaspersky, at least 8 banks were hacked from the inside between 2017 and 2018 The attacks, nicknamed DarkVishnya were executed with the use of inexpensive netbooks, Raspberry Pi and Bash Bunny Attackers didn’t use any of the traditional delivery methods like phishing emails. Instead a visitor pretending to be a courier or a job seeker connected the device to the banks’ network The device offers remote access to the attackers via e.g. a 3G/LTE modem This type of attacks are difficult to detect because there is no infection in the banks IT equipment 4/15/2020
17H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Lessons learned The increased use of e-transactions in today’s finance leads to more opportunities for cybercriminals Organized cybercrime gangs are difficult to dismantle as often the developed malware will be re-used by new cybergangs Law enforcement operations need international cooperation as often cybergangs are setup worldwide and rely on remote hacked infrastructure for their activities Cybercriminals utilize different techniques to evade detection They evolve their modus operanti in accordance to current IT trends 4/15/2020

Recommended

08 notable-security-incidents-in-the-finance-sector
08 notable-security-incidents-in-the-finance-sector08 notable-security-incidents-in-the-finance-sector
08 notable-security-incidents-in-the-finance-sectorinnov-acts-ltd
 
Insecure mag-33
Insecure mag-33Insecure mag-33
Insecure mag-33cheinyeanlim
 
The Current State of Cybercrime 2014
The Current State of Cybercrime 2014The Current State of Cybercrime 2014
The Current State of Cybercrime 2014EMC
 
Viet bankhacked ft
Viet bankhacked ftViet bankhacked ft
Viet bankhacked ftsonninhpt
 
Business Fraud and Cybersecurity Best Practices in the Office or While Worki...
Business Fraud and Cybersecurity Best Practices in the Office or While Worki... Business Fraud and Cybersecurity Best Practices in the Office or While Worki...
Business Fraud and Cybersecurity Best Practices in the Office or While Worki...ArielMcCurdy
 
Cyberfort syllabus & career
Cyberfort syllabus & careerCyberfort syllabus & career
Cyberfort syllabus & careerAmit Kumar
 
Anatomy of a spear phishing attack
Anatomy of a spear phishing attackAnatomy of a spear phishing attack
Anatomy of a spear phishing attackMark Mair
 
Rise of cyber security v0.1
Rise of cyber security v0.1Rise of cyber security v0.1
Rise of cyber security v0.1Sohail Gohir
 

Recommended

08 notable-security-incidents-in-the-finance-sector
08 notable-security-incidents-in-the-finance-sector08 notable-security-incidents-in-the-finance-sector
08 notable-security-incidents-in-the-finance-sectorinnov-acts-ltd
 
Insecure mag-33
Insecure mag-33Insecure mag-33
Insecure mag-33cheinyeanlim
 
The Current State of Cybercrime 2014
The Current State of Cybercrime 2014The Current State of Cybercrime 2014
The Current State of Cybercrime 2014EMC
 
Viet bankhacked ft
Viet bankhacked ftViet bankhacked ft
Viet bankhacked ftsonninhpt
 
Business Fraud and Cybersecurity Best Practices in the Office or While Worki...
Business Fraud and Cybersecurity Best Practices in the Office or While Worki... Business Fraud and Cybersecurity Best Practices in the Office or While Worki...
Business Fraud and Cybersecurity Best Practices in the Office or While Worki...ArielMcCurdy
 
Cyberfort syllabus & career
Cyberfort syllabus & careerCyberfort syllabus & career
Cyberfort syllabus & careerAmit Kumar
 
Anatomy of a spear phishing attack
Anatomy of a spear phishing attackAnatomy of a spear phishing attack
Anatomy of a spear phishing attackMark Mair
 
Rise of cyber security v0.1
Rise of cyber security v0.1Rise of cyber security v0.1
Rise of cyber security v0.1Sohail Gohir
 
Ce hv8 module 19 cryptography
Ce hv8 module 19 cryptographyCe hv8 module 19 cryptography
Ce hv8 module 19 cryptographyMehrdad Jingoism
 
Protecting Data Privacy
Protecting Data PrivacyProtecting Data Privacy
Protecting Data PrivacyDirectorate of Information Security | Ditjen Aptika
 
IC3 2019 Internet Crime Report
IC3 2019 Internet Crime ReportIC3 2019 Internet Crime Report
IC3 2019 Internet Crime Report- Mark - Fullbright
 
MMV Webinar 2. GDPR Insights. January 2018
MMV Webinar 2. GDPR Insights. January 2018MMV Webinar 2. GDPR Insights. January 2018
MMV Webinar 2. GDPR Insights. January 2018Match-Maker Ventures
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsUlf Mattsson
 
Emerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business ReadyEmerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business ReadyChukwunonso Okoro, CFE, CAMS, CRISC
 
Ssp fraud risk vulnerablity in ebanking
Ssp fraud risk vulnerablity in ebanking Ssp fraud risk vulnerablity in ebanking
Ssp fraud risk vulnerablity in ebanking sathyananda prabhu
 
Cybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industryCybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industryAmmar WK
 
What Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersWhat Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersJaime Manteiga
 
Hi-Tech Crime Trends 2015
Hi-Tech Crime Trends 2015Hi-Tech Crime Trends 2015
Hi-Tech Crime Trends 2015Group-IB
 
Overcome Security Threats Affecting Mobile Financial Solutions 2020
Overcome Security Threats Affecting Mobile Financial Solutions 2020Overcome Security Threats Affecting Mobile Financial Solutions 2020
Overcome Security Threats Affecting Mobile Financial Solutions 2020Fusion Informatics
 
An overview study on cyber crimes in internet
An overview study on cyber crimes in internetAn overview study on cyber crimes in internet
An overview study on cyber crimes in internetAlexander Decker
 
EUROPOL: THE INTERNET ORGANISED CRIME THREAT ASSESSMENT (IOCTA) 2015
EUROPOL: THE INTERNET ORGANISED CRIME THREAT ASSESSMENT (IOCTA) 2015EUROPOL: THE INTERNET ORGANISED CRIME THREAT ASSESSMENT (IOCTA) 2015
EUROPOL: THE INTERNET ORGANISED CRIME THREAT ASSESSMENT (IOCTA) 2015ADISPO Asociación de directores de seguridad
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shiftsmalvvv
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shiftsmalvvv
 
Symantec Website Security Threat Report
Symantec Website Security Threat ReportSymantec Website Security Threat Report
Symantec Website Security Threat Reportcheinyeanlim
 
Application security meetup data privacy_27052021
Application security meetup data privacy_27052021Application security meetup data privacy_27052021
Application security meetup data privacy_27052021lior mazor
 
Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Roen Branham
 
220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?Spire Research and Consulting
 
Risks of not complying with sox and pci compliance
Risks of not complying with sox and pci complianceRisks of not complying with sox and pci compliance
Risks of not complying with sox and pci complianceSysCloud
 
Cyber security and current trends
Cyber security and current trendsCyber security and current trends
Cyber security and current trendsShreedeep Rayamajhi
 
State of Cyber Crime Safety and Security in Banking
State of Cyber Crime Safety and Security in BankingState of Cyber Crime Safety and Security in Banking
State of Cyber Crime Safety and Security in BankingIJSRED
 

More Related Content

What's hot

Ce hv8 module 19 cryptography
Ce hv8 module 19 cryptographyCe hv8 module 19 cryptography
Ce hv8 module 19 cryptographyMehrdad Jingoism
 
MMV Webinar 2. GDPR Insights. January 2018
MMV Webinar 2. GDPR Insights. January 2018MMV Webinar 2. GDPR Insights. January 2018
MMV Webinar 2. GDPR Insights. January 2018Match-Maker Ventures
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsUlf Mattsson
 
Ssp fraud risk vulnerablity in ebanking
Ssp fraud risk vulnerablity in ebanking Ssp fraud risk vulnerablity in ebanking
Ssp fraud risk vulnerablity in ebanking sathyananda prabhu
 
Cybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industryCybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industryAmmar WK
 
What Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersWhat Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersJaime Manteiga
 
Hi-Tech Crime Trends 2015
Hi-Tech Crime Trends 2015Hi-Tech Crime Trends 2015
Hi-Tech Crime Trends 2015Group-IB
 
Overcome Security Threats Affecting Mobile Financial Solutions 2020
Overcome Security Threats Affecting Mobile Financial Solutions 2020Overcome Security Threats Affecting Mobile Financial Solutions 2020
Overcome Security Threats Affecting Mobile Financial Solutions 2020Fusion Informatics
 
An overview study on cyber crimes in internet
An overview study on cyber crimes in internetAn overview study on cyber crimes in internet
An overview study on cyber crimes in internetAlexander Decker
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shiftsmalvvv
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shiftsmalvvv
 
Symantec Website Security Threat Report
Symantec Website Security Threat ReportSymantec Website Security Threat Report
Symantec Website Security Threat Reportcheinyeanlim
 
Application security meetup data privacy_27052021
Application security meetup data privacy_27052021Application security meetup data privacy_27052021
Application security meetup data privacy_27052021lior mazor
 
Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Roen Branham
 
Risks of not complying with sox and pci compliance
Risks of not complying with sox and pci complianceRisks of not complying with sox and pci compliance
Risks of not complying with sox and pci complianceSysCloud
 

What's hot (20)

Ce hv8 module 19 cryptography
Ce hv8 module 19 cryptographyCe hv8 module 19 cryptography
Ce hv8 module 19 cryptography
 
Protecting Data Privacy
Protecting Data PrivacyProtecting Data Privacy
Protecting Data Privacy
 
IC3 2019 Internet Crime Report
IC3 2019 Internet Crime ReportIC3 2019 Internet Crime Report
IC3 2019 Internet Crime Report
 
MMV Webinar 2. GDPR Insights. January 2018
MMV Webinar 2. GDPR Insights. January 2018MMV Webinar 2. GDPR Insights. January 2018
MMV Webinar 2. GDPR Insights. January 2018
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private clouds
 
Emerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business ReadyEmerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business Ready
 
Ssp fraud risk vulnerablity in ebanking
Ssp fraud risk vulnerablity in ebanking Ssp fraud risk vulnerablity in ebanking
Ssp fraud risk vulnerablity in ebanking
 
Cybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industryCybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industry
 
What Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersWhat Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For Hackers
 
Hi-Tech Crime Trends 2015
Hi-Tech Crime Trends 2015Hi-Tech Crime Trends 2015
Hi-Tech Crime Trends 2015
 
Overcome Security Threats Affecting Mobile Financial Solutions 2020
Overcome Security Threats Affecting Mobile Financial Solutions 2020Overcome Security Threats Affecting Mobile Financial Solutions 2020
Overcome Security Threats Affecting Mobile Financial Solutions 2020
 
An overview study on cyber crimes in internet
An overview study on cyber crimes in internetAn overview study on cyber crimes in internet
An overview study on cyber crimes in internet
 
EUROPOL: THE INTERNET ORGANISED CRIME THREAT ASSESSMENT (IOCTA) 2015
EUROPOL: THE INTERNET ORGANISED CRIME THREAT ASSESSMENT (IOCTA) 2015EUROPOL: THE INTERNET ORGANISED CRIME THREAT ASSESSMENT (IOCTA) 2015
EUROPOL: THE INTERNET ORGANISED CRIME THREAT ASSESSMENT (IOCTA) 2015
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shifts
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shifts
 
Symantec Website Security Threat Report
Symantec Website Security Threat ReportSymantec Website Security Threat Report
Symantec Website Security Threat Report
 
Application security meetup data privacy_27052021
Application security meetup data privacy_27052021Application security meetup data privacy_27052021
Application security meetup data privacy_27052021
 
Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021
 
220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?
 
Risks of not complying with sox and pci compliance
Risks of not complying with sox and pci complianceRisks of not complying with sox and pci compliance
Risks of not complying with sox and pci compliance
 

Similar to 08 notable-security-incidents-in-the-finance-sector

Cyber security and current trends
Cyber security and current trendsCyber security and current trends
Cyber security and current trendsShreedeep Rayamajhi
 
State of Cyber Crime Safety and Security in Banking
State of Cyber Crime Safety and Security in BankingState of Cyber Crime Safety and Security in Banking
State of Cyber Crime Safety and Security in BankingIJSRED
 
INSECURE Magazine - 33
INSECURE Magazine - 33INSECURE Magazine - 33
INSECURE Magazine - 33Felipe Prado
 
Survival Guide for Million- Dollar Cyberattacks
Survival Guide for Million- Dollar Cyberattacks Survival Guide for Million- Dollar Cyberattacks
Survival Guide for Million- Dollar CyberattacksPanda Security
 
Driving Payment Innovation - Know Your Enemy
Driving Payment Innovation - Know Your EnemyDriving Payment Innovation - Know Your Enemy
Driving Payment Innovation - Know Your EnemyFirst Atlantic Commerce
 
2014 Cybercrime Roundup: The Year of the POS Breach
2014 Cybercrime Roundup: The Year of the POS Breach2014 Cybercrime Roundup: The Year of the POS Breach
2014 Cybercrime Roundup: The Year of the POS BreachEMC
 
2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)
2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)
2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)Kate Dalakova
 
Mitigating Cyber-Threat in the Financial Industry of Bangladesh using Biometr...
Mitigating Cyber-Threat in the Financial Industry of Bangladesh using Biometr...Mitigating Cyber-Threat in the Financial Industry of Bangladesh using Biometr...
Mitigating Cyber-Threat in the Financial Industry of Bangladesh using Biometr...Dr. Amarjeet Singh
 
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...Tech and Law Center
 
The financial sector under siege from vicious banking malware @ReveeliumBlog
The financial sector under siege from vicious banking malware @ReveeliumBlogThe financial sector under siege from vicious banking malware @ReveeliumBlog
The financial sector under siege from vicious banking malware @ReveeliumBlogITrust - Cybersecurity as a Service
 
ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019- Mark - Fullbright
 
RSA Monthly Online Fraud Report - June 2013
RSA Monthly Online Fraud Report - June 2013RSA Monthly Online Fraud Report - June 2013
RSA Monthly Online Fraud Report - June 2013EMC
 
Case in PointInaction Caused Costly Hacking At Large Retailer.docx
Case in PointInaction Caused Costly Hacking At Large Retailer.docxCase in PointInaction Caused Costly Hacking At Large Retailer.docx
Case in PointInaction Caused Costly Hacking At Large Retailer.docxcowinhelen
 
Issues and ethics in finance (fin 657) - How hackers steal $81 million in Ban...
Issues and ethics in finance (fin 657) - How hackers steal $81 million in Ban...Issues and ethics in finance (fin 657) - How hackers steal $81 million in Ban...
Issues and ethics in finance (fin 657) - How hackers steal $81 million in Ban...Hafizah Jupri
 
Detecting phishing websites using associative classification (2)
Detecting phishing websites using associative classification (2)Detecting phishing websites using associative classification (2)
Detecting phishing websites using associative classification (2)Alexander Decker
 
Cyber Security Incident Response Planning
Cyber Security Incident Response PlanningCyber Security Incident Response Planning
Cyber Security Incident Response PlanningPECB
 
CIR Magazine - Cyber Readiness, key to survival
CIR Magazine - Cyber Readiness, key to survivalCIR Magazine - Cyber Readiness, key to survival
CIR Magazine - Cyber Readiness, key to survivalMorgan Jones
 

Similar to 08 notable-security-incidents-in-the-finance-sector (20)

Cyber security and current trends
Cyber security and current trendsCyber security and current trends
Cyber security and current trends
 
State of Cyber Crime Safety and Security in Banking
State of Cyber Crime Safety and Security in BankingState of Cyber Crime Safety and Security in Banking
State of Cyber Crime Safety and Security in Banking
 
INSECURE Magazine - 33
INSECURE Magazine - 33INSECURE Magazine - 33
INSECURE Magazine - 33
 
Survival Guide for Million- Dollar Cyberattacks
Survival Guide for Million- Dollar Cyberattacks Survival Guide for Million- Dollar Cyberattacks
Survival Guide for Million- Dollar Cyberattacks
 
Top 5 cyber crimes of 2014
Top 5 cyber crimes of 2014Top 5 cyber crimes of 2014
Top 5 cyber crimes of 2014
 
Driving Payment Innovation - Know Your Enemy
Driving Payment Innovation - Know Your EnemyDriving Payment Innovation - Know Your Enemy
Driving Payment Innovation - Know Your Enemy
 
2014 Cybercrime Roundup: The Year of the POS Breach
2014 Cybercrime Roundup: The Year of the POS Breach2014 Cybercrime Roundup: The Year of the POS Breach
2014 Cybercrime Roundup: The Year of the POS Breach
 
2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)
2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)
2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)
 
Cyber crime in Pakistan
Cyber crime in PakistanCyber crime in Pakistan
Cyber crime in Pakistan
 
Mitigating Cyber-Threat in the Financial Industry of Bangladesh using Biometr...
Mitigating Cyber-Threat in the Financial Industry of Bangladesh using Biometr...Mitigating Cyber-Threat in the Financial Industry of Bangladesh using Biometr...
Mitigating Cyber-Threat in the Financial Industry of Bangladesh using Biometr...
 
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
 
The financial sector under siege from vicious banking malware @ReveeliumBlog
The financial sector under siege from vicious banking malware @ReveeliumBlogThe financial sector under siege from vicious banking malware @ReveeliumBlog
The financial sector under siege from vicious banking malware @ReveeliumBlog
 
ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019
 
RSA Monthly Online Fraud Report - June 2013
RSA Monthly Online Fraud Report - June 2013RSA Monthly Online Fraud Report - June 2013
RSA Monthly Online Fraud Report - June 2013
 
Case in PointInaction Caused Costly Hacking At Large Retailer.docx
Case in PointInaction Caused Costly Hacking At Large Retailer.docxCase in PointInaction Caused Costly Hacking At Large Retailer.docx
Case in PointInaction Caused Costly Hacking At Large Retailer.docx
 
Issues and ethics in finance (fin 657) - How hackers steal $81 million in Ban...
Issues and ethics in finance (fin 657) - How hackers steal $81 million in Ban...Issues and ethics in finance (fin 657) - How hackers steal $81 million in Ban...
Issues and ethics in finance (fin 657) - How hackers steal $81 million in Ban...
 
Detecting phishing websites using associative classification (2)
Detecting phishing websites using associative classification (2)Detecting phishing websites using associative classification (2)
Detecting phishing websites using associative classification (2)
 
Cyber Security Incident Response Planning
Cyber Security Incident Response PlanningCyber Security Incident Response Planning
Cyber Security Incident Response Planning
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
CIR Magazine - Cyber Readiness, key to survival
CIR Magazine - Cyber Readiness, key to survivalCIR Magazine - Cyber Readiness, key to survival
CIR Magazine - Cyber Readiness, key to survival
 

Recently uploaded

VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...Call Girls in Nagpur High Profile
 
Monthly Market Risk Update: April 2024 [SlideShare]
Monthly Market Risk Update: April 2024 [SlideShare]Monthly Market Risk Update: April 2024 [SlideShare]
Monthly Market Risk Update: April 2024 [SlideShare]Commonwealth
 
VIP Call Girls in Saharanpur Aarohi 8250192130 Independent Escort Service Sah...
VIP Call Girls in Saharanpur Aarohi 8250192130 Independent Escort Service Sah...VIP Call Girls in Saharanpur Aarohi 8250192130 Independent Escort Service Sah...
VIP Call Girls in Saharanpur Aarohi 8250192130 Independent Escort Service Sah...Suhani Kapoor
 
High Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
High Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsHigh Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
High Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
Instant Issue Debit Cards - High School Spirit
Instant Issue Debit Cards - High School SpiritInstant Issue Debit Cards - High School Spirit
Instant Issue Debit Cards - High School Spiritegoetzinger
 
Vip B Aizawl Call Girls #9907093804 Contact Number Escorts Service Aizawl
Vip B Aizawl Call Girls #9907093804 Contact Number Escorts Service AizawlVip B Aizawl Call Girls #9907093804 Contact Number Escorts Service Aizawl
Vip B Aizawl Call Girls #9907093804 Contact Number Escorts Service Aizawlmakika9823
 
VIP High Class Call Girls Saharanpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Saharanpur Anushka 8250192130 Independent Escort Se...VIP High Class Call Girls Saharanpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Saharanpur Anushka 8250192130 Independent Escort Se...Suhani Kapoor
 
Andheri Call Girls In 9825968104 Mumbai Hot Models
Andheri Call Girls In 9825968104 Mumbai Hot ModelsAndheri Call Girls In 9825968104 Mumbai Hot Models
Andheri Call Girls In 9825968104 Mumbai Hot Modelshematsharma006
 
Instant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School DesignsInstant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School Designsegoetzinger
 
Call US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure service
Call US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure serviceCall US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure service
Call US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure servicePooja Nehwal
 
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...Pooja Nehwal
 
Russian Call Girls In Gtb Nagar (Delhi) 9711199012 💋✔💕😘 Naughty Call Girls Se...
Russian Call Girls In Gtb Nagar (Delhi) 9711199012 💋✔💕😘 Naughty Call Girls Se...Russian Call Girls In Gtb Nagar (Delhi) 9711199012 💋✔💕😘 Naughty Call Girls Se...
Russian Call Girls In Gtb Nagar (Delhi) 9711199012 💋✔💕😘 Naughty Call Girls Se...shivangimorya083
 
Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...
Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...
Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...makika9823
 
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptx
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptxOAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptx
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptxhiddenlevers
 
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service NashikHigh Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
Shrambal_Distributors_Newsletter_Apr-2024 (1).pdf
Shrambal_Distributors_Newsletter_Apr-2024 (1).pdfShrambal_Distributors_Newsletter_Apr-2024 (1).pdf
Shrambal_Distributors_Newsletter_Apr-2024 (1).pdfvikashdidwania1
 
Bladex Earnings Call Presentation 1Q2024
Bladex Earnings Call Presentation 1Q2024Bladex Earnings Call Presentation 1Q2024
Bladex Earnings Call Presentation 1Q2024Bladex
 
call girls in Nand Nagri (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Nand Nagri (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Nand Nagri (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Nand Nagri (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 

Recently uploaded (20)

VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
 
Monthly Market Risk Update: April 2024 [SlideShare]
Monthly Market Risk Update: April 2024 [SlideShare]Monthly Market Risk Update: April 2024 [SlideShare]
Monthly Market Risk Update: April 2024 [SlideShare]
 
VIP Call Girls in Saharanpur Aarohi 8250192130 Independent Escort Service Sah...
VIP Call Girls in Saharanpur Aarohi 8250192130 Independent Escort Service Sah...VIP Call Girls in Saharanpur Aarohi 8250192130 Independent Escort Service Sah...
VIP Call Girls in Saharanpur Aarohi 8250192130 Independent Escort Service Sah...
 
Monthly Economic Monitoring of Ukraine No 231, April 2024
Monthly Economic Monitoring of Ukraine No 231, April 2024Monthly Economic Monitoring of Ukraine No 231, April 2024
Monthly Economic Monitoring of Ukraine No 231, April 2024
 
High Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
High Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsHigh Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
High Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
 
Instant Issue Debit Cards - High School Spirit
Instant Issue Debit Cards - High School SpiritInstant Issue Debit Cards - High School Spirit
Instant Issue Debit Cards - High School Spirit
 
Vip B Aizawl Call Girls #9907093804 Contact Number Escorts Service Aizawl
Vip B Aizawl Call Girls #9907093804 Contact Number Escorts Service AizawlVip B Aizawl Call Girls #9907093804 Contact Number Escorts Service Aizawl
Vip B Aizawl Call Girls #9907093804 Contact Number Escorts Service Aizawl
 
VIP High Class Call Girls Saharanpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Saharanpur Anushka 8250192130 Independent Escort Se...VIP High Class Call Girls Saharanpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Saharanpur Anushka 8250192130 Independent Escort Se...
 
Andheri Call Girls In 9825968104 Mumbai Hot Models
Andheri Call Girls In 9825968104 Mumbai Hot ModelsAndheri Call Girls In 9825968104 Mumbai Hot Models
Andheri Call Girls In 9825968104 Mumbai Hot Models
 
Instant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School DesignsInstant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School Designs
 
Call US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure service
Call US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure serviceCall US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure service
Call US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure service
 
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
 
Russian Call Girls In Gtb Nagar (Delhi) 9711199012 💋✔💕😘 Naughty Call Girls Se...
Russian Call Girls In Gtb Nagar (Delhi) 9711199012 💋✔💕😘 Naughty Call Girls Se...Russian Call Girls In Gtb Nagar (Delhi) 9711199012 💋✔💕😘 Naughty Call Girls Se...
Russian Call Girls In Gtb Nagar (Delhi) 9711199012 💋✔💕😘 Naughty Call Girls Se...
 
Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...
Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...
Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...
 
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptx
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptxOAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptx
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptx
 
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service NashikHigh Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
 
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
 
Shrambal_Distributors_Newsletter_Apr-2024 (1).pdf
Shrambal_Distributors_Newsletter_Apr-2024 (1).pdfShrambal_Distributors_Newsletter_Apr-2024 (1).pdf
Shrambal_Distributors_Newsletter_Apr-2024 (1).pdf
 
Bladex Earnings Call Presentation 1Q2024
Bladex Earnings Call Presentation 1Q2024Bladex Earnings Call Presentation 1Q2024
Bladex Earnings Call Presentation 1Q2024
 
call girls in Nand Nagri (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Nand Nagri (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Nand Nagri (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Nand Nagri (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 

08 notable-security-incidents-in-the-finance-sector

  • 1. 1H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY INNOV-ACTS, Limited H2020 FINSEC Project The FINSEC project is co-funded from the European Union’s Horizon 2020 programme under grant Agreement No 786727 Notable Recent Cybersecurity Incidents in the Finance Sector 15/04/2020
  • 2. 2H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Bangladesh Bank cyber heist (source: Wikipedia) Among the biggest cyber heist in history Fraudsters intruded SWIFT network Initial transfer was US $1 billion to Federal reserve bank of New York out of which $850 million were blocked Five of the thirty-five fraudulent instructions were successful in transferring $101 million, with $20 million traced to Sri Lanka and $81 million to Philippines. SWIFT Alliance Access software manipulation Happened sometime between February 4–5 when Bangladesh Bank's offices were closed. 4/15/2020
  • 3. 3H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Dridex take down operation and revival Dridex is a banking malware that has been seen most active between late 2015 and early 2016 At Oct 2015 UK’s National Crime Agency (NCA) in cooperation with Federal Bureau of Investigation (FBI) and Europol coordinated a take-down activity by ‘sinkholing’ infected computers’ traffic Before this operation there was an £20m of estimated losses in the UK alone (source: Europol) The cybercriminals were believed to be based in Eastern Europe and target end users via documents delivered by e-mail addresses that seem legitimate Despite its declined activity, Dridex malware continue to evolve and remains a serious threat to end-users of financial services 4/15/2020
  • 4. 4H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY The Volusion case Volusion is a company that provides e-commerce software and marketing and web design services to SME’s At October 9, 2019, Check Point security researcher Marcel Afrahim discovered that a malicious JavaScript file was injected in the checkout page of e-commerce sites to extract credit card information The attackers used Typosquatting and code injection (source: Zdnet) March 19, 2020 “Fraudsters have currently generated $1.6 million USD in revenue from these stolen payment cards, with the breach potentially exposing up to 20 million records.” Experts believe that cybercriminals operating under the moniker “Magecart” are behind this attack
  • 5. 5H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Bank of Valletta February 2019 various news outlets reported the hack of Bank of Valletta (BOV), one of Malta's biggest banks The hack took place on February 13, 2019. Using malware planted on the bank's internal servers, hackers transfered €13 million ($14.7 million) from the bank's internal systems to accounts in the UK, the US, the Czech Republic, and Hong Kong Security analysts believe that EmpireMonkey cybercrime group is believed to be behind this attack A number of accounts were used to receive those funds, one of them was in the UK and was held in Belfast. Around £800,000 was transferred. Attackers used macros to copy wscript.exe to another file 4/15/2020
  • 6. 6H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY ECB bring down reporting dictionary ECB discovered that Banks’ Integrated Reporting Dictionary (BIRD) website 15 August 2019 was breached (source: ECB - https://www.ecb.europa.eu/press/pr/date/2019/html/ecb.pr190815~b1662300c5.en.html) The breach was discovered after routine maintenance As a result, it was possible that the contact data (but not the passwords) of 481 subscribers to the BIRD newsletter may have been captured. The affected information consists of the email addresses, names and position titles of the subscribers. Attacker can use this data for further activities (conduct spear phishing attacks to high rank officials, management staff) 4/15/2020
  • 7. 7H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Binance Security Breach (Source: Company’s own website) Binance is a cryptocurrency exchange headquartered in Malta with significant presence in Asia The company disclosed the security breach on May 7, 2019 The hackers were able to withdraw 7000 BTC, worth worth nearly $41 million at the time of the incident Binance said hackers used various techniques --such as "phishing, viruses and other attacks"-- to gain access to user accounts, including "API keys, 2FA codes, and potentially other info." As a result, the cryptocurrency exchange had to suspend operations The company said it will compensate affected customers through its Secure Asset Fund for Users (SAFU) 4/15/2020
  • 8. 8H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Edenred Payment Solutions malware incident Edenred Payment Solutions is a French company specialized in prepaid corporate services (known for its Ticket Restaurant offering) The company disclosed that it detected malware in its IT infrastructure on 21 November 2019 (source: Edenred) Edenred was able to put back its systems into service on 23 November 2019 The company notified the authorities There is no indication of theft of personal data which would have a significant impact given that the company operates in 46 countries and managed 2.5 billion transactions in 2018 4/15/2020
  • 9. 9H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Sberbank Data Leak Sberbank is the largest bank in Russia operating in Russia, Europe and at many post-Soviet countries. The bank reported a possible data breach in 2 October 2019. The event was reported by popular news outlets as well Personal information of up to 60 million credit card holders were leaked in an incident that is probably the largest data leak in Russian banking. The data went on sale in online black market. Reportedly snippets of 200 customers were offered to potential “customers” for testing The database was offered being offered per line for 5 Russian Ruble (US$0.076) or in total 300 million rubles ($4.6 million) The bank believes that the leak can be attributed to an insider 4/15/2020
  • 10. 10H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY €24 MILLION CRYPTOCURRENCY THEFT On 25 June 2019, Europol announced the arrest of 6 individuals for cryptocurrency theft (source: Europol) Arrests were made after a joint operation of UK’s South West Regional Cyber Crime Unit (SW RCCU) with the Dutch police (Politie), Europol, Eurojust and the UK’s National Crime Agency (NCA) This was the result of a 14-month long investigation The theft, which targeted users’ Bitcoin tokens, is believed to have affected at least 4 000 victims in 12 countries Cybercriminals used typosquatting to spoof a well-known online cryptocurrency exchange to gain access to victims’ Bitcoin wallets 4/15/2020
  • 11. 11H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY GozNym Gang Arrested On May 16, 2019, Europol, the U.S. Department of Justice (DoJ), and six other countries, dismantled a group of international cyber criminals that is associated with GozNym malware The gang used GozNym malware to steal an estimated $100 million from 41000 victims and their financial institutions GozNym is a hybrid banking malware designed to capture victims’ online banking login credentials. It has been used since 2016 to target Polish, German and U.S. online banking The international operation included searches in Bulgaria, Georgia, Moldova and Ukraine. This led to criminal prosecutions in Georgia, Moldova, Ukraine and the United States. 4/15/2020
  • 12. 12H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Retefe: a 5 year long banking malware Retefe is a special banking malware that has been seen active between 2014 and 2019 It is a special piece of banking malware that is primarily targeting German, Swiss and Austrian individuals It has been initially discovered in 2014 by Trend Micro The malware operators used advanced methods to redirect users to spoofed internet banking sites in order to steal banking credentials Over the course of time, the malware has evolved from using proxies to Tor network and stunnel (secure tunneling) to redirect users in spoofed sites to achieve its illicit perposes 4/15/2020
  • 13. 13H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Metro bank (UK) hit by cyber attack On January 31, 2019 news outlets reported a cyber attack against Metro bank PLC in UK Sophisticated hackers exploited a flaw in SS7, a signaling protocol for telecom operators. They were able to intercept sms text that was used in 2-factor authentication (2FA) in e-banking This exploitation gave them the ability to perform banking transactions protected by 2FA The bank officials said that a small number of customers were affected As a result the bank’s risky assets raised by $900 million 4/15/2020
  • 14. 14H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY The Evercore security breach Various news outlets reported the security breach on Evercore (source: The Times) Evercore investment bank, headquartered in New York with a global presence was reportedly hacked in November 2018 The hack was the outcome of a successful phishing attack to one of the bank’s junior administrator in London The hackers got access to the administrator’s inbox and reportedly extracked 160.000 data objects like sensitive documents, invitations and emails Sources close to Evercore said there is no evidence of data misuse out of this hack 4/15/2020
  • 15. 15H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Cobalt group activity Cobalt is a cybergang targeting financial institutions (e-payment systems, ATMs, SWIFT) since at least 2013 The group mainly targets banks in Eastern Europe, Central Asia, and Southeast Asia Cobalt is likely associated with Carbanak remote backdoor Banks in more than 40 countries have been allegedly attacked by Cobalt group and the overall losses are estimated to be above EUR 1 billion (Source: Europol) The leader of the cybergang was arrested in March 2018 following an international operation between Europol, US FBI, the Romanian, Moldovan, Belarussian, Taiwanese and Spanish authorities 4/15/2020
  • 16. 16H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY DarkVishnya: Eight banks hacked in Eastern Europe According to Kaspersky, at least 8 banks were hacked from the inside between 2017 and 2018 The attacks, nicknamed DarkVishnya were executed with the use of inexpensive netbooks, Raspberry Pi and Bash Bunny Attackers didn’t use any of the traditional delivery methods like phishing emails. Instead a visitor pretending to be a courier or a job seeker connected the device to the banks’ network The device offers remote access to the attackers via e.g. a 3G/LTE modem This type of attacks are difficult to detect because there is no infection in the banks IT equipment 4/15/2020
  • 17. 17H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Lessons learned The increased use of e-transactions in today’s finance leads to more opportunities for cybercriminals Organized cybercrime gangs are difficult to dismantle as often the developed malware will be re-used by new cybergangs Law enforcement operations need international cooperation as often cybergangs are setup worldwide and rely on remote hacked infrastructure for their activities Cybercriminals utilize different techniques to evade detection They evolve their modus operanti in accordance to current IT trends 4/15/2020