Category: ransomware

What's Changed for Cybersecurity in Banking and Finance: New Study

Cybersecurity in financial services is a complex picture. Not only has a range of new tech hit the industry in the last 5 years, but compliance requirements introduce another layer of difficulty to the lives of infosec teams in this sector. To add to this picture, the overall cybersecurity landscape has rapidly transformed, with ransomware attacks picking up speed and high-profile vulnerabilities hitting the headlines at an alarming pace.

VMware recently released the 5th annual installment of their Modern Bank Heists report, and the results show a changing landscape for cybersecurity in banking and finance. Here's a closer look at what CISOs and security leaders in finance said about the security challenges they're facing — and what they're doing to solve them.

Destructive threats and ransomware attacks on banks are increasing

The stakes for cybersecurity are higher than ever at financial institutions, as threat actors are increasingly using more vicious tactics. Banks have seen an uptick in destructive cyberattacks — those that delete data, damage hard drives, disrupt network connections, or otherwise leave a trail of digital wreckage in their wake.

63% of financial institutions surveyed in the VMware report said they've seen an increase in these destructive attacks targeting their organization — that's 17% more than said the same in last year's version of the report.

At the same time, finance hasn't been spared from the rise in ransomware attacks, which have also become increasingly disruptive. Nearly 3 out of 4 respondents to the survey said they'd been hit by at least one ransomware attack. What's more, 63% of those ended up paying the ransom.

Supply chain security: No fun in the sun

Like ransomware, island hopping is also on the rise — and while that might sound like something to do on a beach vacation, that's likely the last thing the phrase brings to mind for security pros at today's financial institutions.

IT Pro describes island hopping attacks as "the process of undermining a company's cyber defenses by going after its vulnerable partner network, rather than launching a direct attack." The source points to the high-profile data breach that rocked big-box retailer Target in 2017. Hackers found an entry point to the company's data not through its own servers, but those of Fazio Mechanical Services, a third-party vendor.

In the years since the Target breach, supply chain cybersecurity has become an even greater area of focus for security pros across industries, thanks to incidents like the SolarWinds breach and large-scale vulnerabilities like Log4Shell that reveal just how many interdependencies are out there. Now, threats in the software supply chain are becoming more apparent by the day.

VMware's study found that 60% of security leaders in finance have seen an increase in island hopping attacks — 58% more than said the same last year. The uptick in threats originating from partners' systems is clearly keeping security officers up at night: 87% said they're concerned about the security posture of the service providers they rely on.

The proliferation of mobile and web applications associated with the rise of financial technology (fintech) may be exacerbating the problem. VMware notes API attacks are one of the primary methods of island hopping — and they found a whopping 94% of financial-industry security leaders have experienced an API attack through a fintech application, while 58% said they've seen an increase in application security incidents overall.

How financial institutions are improving cybersecurity

With attacks growing more dangerous and more frequent, security leaders in finance are doubling down on their efforts to protect their organizations. The majority of companies surveyed in VMware's study said they planned a 20% to 30% boost to their cybersecurity budget in 2022. But what types of solutions are they investing in with that added cash?

The number 1 security investment for CISOs this year is extended detection and response (XDR), with 24% listing this as their top priority. Closely following were workload security at 22%, mobile security at 21%, threat intelligence at 15%, and managed detection and response (MDR) at 11%. In addition, 51% said they're investing in threat hunting to help them stay ahead of the attackers.

Today's threat landscape has grown difficult to navigate — especially when financial institutions are competing for candidates in a tight cybersecurity talent market. In the meantime, the financial industry has only grown more competitive, and the pace of innovation is at an all-time high. Having powerful, flexible tools that can streamline and automate security processes is essential to keep up with change. For banks and finance organizations to attain the level of visibility they need to innovate while keeping their systems protected, these tools are crucial.

Additional reading:

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.


The government of Costa Rica declared a national emergency on May 8th, 2022, Sunday, as most of its government websites were impacted by ransomware, disrupting servers and back-end operations to the core.

Rodrigo Chaves, the President of Costa Rica, released an official statement on this note and added that the hackers were demanding $10 million to hand over the stolen 672GB data and decrypt the locked-up files.

Conti Ransomware gang has declared that it is behind the incident and said that it is ready to negotiate with the government for a 20% discount.

Concernedly, the Costa Rican Social Security Fund (CCSS), a health care agency, was also targeted in the incident by the Conti gang and about 72GB of its data was leaked onto the dark web a few hours ago.

Second is the news related to the Colonial Pipeline Cyber Attack that took place at the same time last year. The US Department of Transportation’s Pipeline and Hazardous Materials Safety Administration (PHMSA) has issued a notice to the management of Colonial Pipeline and proposed a penalty of $986,400, i.e. nearly $1 million.

On May 8th,2021, Colonial Pipeline declared its servers were targeted by Darkside ransomware spreading gang disrupting the distribution of gasoline, diesel, and jet fuel from Texas to New Jersey. As a result of the digital attack, a kind of fuel shortage arise across 17 states and the white house was ready to declare a state emergency as at one point the fuel shortage was declared to be severe.

A special inquiry team was appointed by the government in June 2021 and it discovered that Colonial Pipeline failed to protect its IT Infrastructure with appropriate cyber security measures and so a penalty of nearly $1m was being levied. However, the fuel supplier will be given adequate time to file a counter-petition against the penalty.

 

The post Costa Rica declares ransomware emergency and Colonial Pipeline Cyber Attack fetches $1 Million penalty appeared first on Cybersecurity Insiders.

The Government of the United States has announced a $15 million reward to those who provide tip-off’s related to Conti Ransomware Group whereabouts and details related to their future attack campaigns.

FBI issued an estimate that the year 2021 witnessed a 60% rise in ransomware attacks launched by Conti Gang and the reward it might have received from its 1k victimized targets is $150 million.

Ned Price, the State Department’s spokesperson, said that the reward announcement shows the Biden led government’s commitment to blocking the future exploitation by cyber criminals through ransomware attacks.

To those interested in knowing more about the reward, here’s a gist. The reward will be set to be split into two- the $10m for offering info related to the gang members and $5m for leading to arrests of those conspiring with Conti.

Second is the news related to a ransomware attack launched on a US manufacturer of agricultural machinery named AGCO.

The ransomware gang that launched the attack is yet to be identified, but reports are in that it could be a notorious gang related to Russian Intelligence and could have launched the attack as AGCO donated a $50,000 fund to Ukraine civilians suffering from Russian war invasion.

The ransomware attack news came in when the FBI announced a week back that the whole of the farming and agriculture sector in America was vulnerable to cyber attacks launched by state funded hacking groups from Kremlin.

 

The post Two Ransomware news headlines trending on Google appeared first on Cybersecurity Insiders.

The United States, being the world’s top cyber superpower, has recently established a Bureau of Cyberspace and Digital Policy (CDP). The mission of this initiative is to “encourage responsible state behavior in cyberspace and advance policies that protect the integrity and security of the infrastructure of the Internet, serve U.S. interests, promote competitiveness, and uphold democratic values”. Its roots lie in efforts by the previous U.S. administrations who have given paramount importance to the cyber domain. In 2011, the Obama administration announced the establishment of the Office of the Coordinator for Cyber Issues, which specifically focused on security issues in cyberspace, and was subsequently succeeded by the Trump administration’s Cyberspace Security and Emerging Technology Bureau, with a similar narrow mandate. 

The establishment of the CDP was meant to create a new body with a broader mandate, covering not just security in cyberspace, but also the economic and humanitarian implications of participation in cyberspace, to be complemented by the work of a new special envoy for critical and emerging technologies. Through its International Cyberspace Security, International Information and Communications Policy, and Digital Freedom policy units, the CDP aims to tackle the development of stability in cyberspace, improvement of the digital economy, promotion of digital freedom, and advancement of global cyber capacities. The CDP’s formation was generally received positively, with discussions revolving around its role in topics such as the increase in ransomware attacks during COVID-19, and the potential role it can play in mitigating online consumer fraud.

The CDP begins its operations amid a critical time for the U.S. presence in cyberspace, with the Department of State’s modernization mandate in place, increases in cyberattacks against the U.S. critical infrastructure, the Russia-Ukraine conflict, and the leadership of the United Nations International Telecommunications Union in play next year. The U.S. aims to utilize this new bureau to shape and coordinate its digital and cyber policies, and strengthen its role in leading global discussions about cybersecurity and digital diplomacy. Through this initiative, the US also aims at preserving its technological competitiveness and comparative advantages in a “technology race” with other nations strategically investing in technologies e.g., AI , 5G, Blockchain, Quantum Computing, IoT, Cloud computing, etc.

More crucially, the formation of the CDP comes as a reminder for the global community to revisit sidelined discussions about cyber norm creation and setting expectations around responsible state behavior in cyberspace. Although great steps have been taken by the international community, with the adoption of a new set of norms by the United Nations Group of Governmental Experts on Advancing Responsible State Behavior in Cyberspace in the Context of International Security (which has concluded its work in 2015), and the United Nations Open-Ended Working Group on Developments in the Field of Information and Telecommunications in the Context of International Security (which submitted its final report in 2021), adherence to the norms has been largely questioned or ignored. No consensus has been reached about what exactly constitutes cyberspace, or what the discussions about responsible state behavior in cyberspace are expected to achieve. Attribution for attacks in cyberspace continues to be a challenging and daunting task. On the other hand, cyber capacity-building is not emphasized and practiced enough in global discussions. Furthermore, distrust and conflicting priorities by different countries have hindered any notable progress cyber policy discussions could have achieved. Consequently, cyber incidents continue to inflict considerable damage to the global community.

Cooperation for trust- and capacity-building in cyberspace is essential, especially in the light of nascent issues plaguing virtually all states in cyberspace, such as increasing ransomware incidents and detrimental attacks against critical infrastructure. The creation of national mechanisms dedicated to the development of cyber policy similar to the U.S. CDP initiative can push nation states to align their cyber policies domestically first. By solidifying their stance on cyber policy issues, states can more effectively foster cyber diplomacy, engage in more fruitful discussions with other states, and strengthen their position in dialogues pertinent to cyber strategy. Moreover, with domestic mechanisms and cyber policies already in place, the work of international bodies, such as the newly-established United Nations Open-Ended Working Group on Security of and in the Use of Information and Communications Technologies (2021-2025), or bilateral and multilateral engagements between countries will be more informed and more practical. Accordingly, efforts by nation states can be better coordinated to advance domestic and cross-border capacity-building, and ultimately create an open, safe, and resilient cyberspace.

The post The US Bureau of Cyberspace and Digital Policy: A Cornerstone for Next Generation Cyber Diplomacy first appeared on Cyber Insights.

The post <strong>The US Bureau of Cyberspace and Digital Policy: A Cornerstone for Next Generation Cyber Diplomacy</strong> appeared first on Cyber Insights.

Onleihe, a German online library that offers e-books, electronic newspapers, magazines, audiobooks, music files, and more has admitted that its IT systems were targeted by a ransomware attack that has locked digital files from access.

EKZ which offers information technology services to the Germany-based library service provider was hit by the Lockbit ransomware group last month. And all of its clients, including Onleihe, have now been affected.

Onleihe offers services in Austria, Switzerland, Italy, Liechtenstein, Denmark, Belgium, and France along with Germany, and is sure that EKZ will restore services by this weekend using their disaster recovery services plan.

What if the Lockbit ransomware spreading criminals leaks the stolen data to the dark web? Well, only time can answer how Onleihe will deal with that situation.

Second is the news related to Magniber Ransomware strain that is being spread through fake Windows software updates.

According to a report released by Bleeping Computer, Magniber is mainly focusing on students and non-technology companies by disguising itself as a word file downloaded in the name of fake windows security updates.

And those using Internet Explorer 11 that have now become extinct on the server radars of Microsoft are mainly being targeted.

Initially, those targeted by Magniber were from India and now they have distributed the malware on systems operating in China, Taiwan, Hong Kong, Singapore, and Malaysia demanding $2,500 or 0.073 Bitcoins as ransom.

Swissport, a company that is in the business of logistics, cargo delivery, and aviation hospitality, was hit by a ransomware group named BlackCat aka ALPHV. Hackers have stolen about 1.3TB of data pertaining to the company’s employee services and are threatening to leak it to the web if the victim denies paying a ransom.

The leaked info includes passport numbers, full names, nationality, religion, email, phone numbers, and job roles. Out of the claimed 1.3 TB, about 25GB of stolen data belongs to those who applied for various job roles in the company in the past few months.

Swissport assured it will respond to the speculations, only after it finishes a detailed probe on the cyber incident.

 

The post Ransomware news trending on Google appeared first on Cybersecurity Insiders.

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of April 25, 2022. I’ve also included some comments on these stories. Homeland Security bug bounty program uncovers 122 holes […]… Read More

The post Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of April 25, 2022 appeared first on The State of Security.

If your company is worried about the financial hit of paying a ransom to cybercriminals after a ransomware attack, wait until they find out the true cost of a ransomware attack. Because the total costs of recovering from the ransomware attack are likely to be much, much higher. That’s the finding of a new study […]… Read More

The post Ransomware costs show prevention is better than the cure appeared first on The State of Security.