Articles about Financial Institutions

Bitcoin

Euro regulator calls for delay to virtual currency exchange anti-money laundering regime

EU law makers should step back from plans to subject virtual currency exchanges and digital wallet providers to anti-money laundering (AML) regulations from the beginning of next year, the European Banking Authority (EBA) has said. The regulator said that more time is needed to implement a legal framework across EU countries …
OUT-LAW.COM, 16 Aug 2016

Quantum leap: A good quarter for disk backup gear, and yeah tape's OK

Quantum’s first fiscal 2017 quarter – the three months to June 30, 2016 – showed revenue growth as the tape market stabilized and big deals came good. Revenues of $116.3m were five per cent higher than last year’s $110.9m. There was a net loss of $3.8m, better than the $10.8m loss recorded a year ago and the unfortunate $52.4m …
Chris Mellor, 29 Jul 2016

DDoS trends: Bigger, badder but not longer

DDoS attacks once again escalated in both size and frequency during the first six months of 2016. Netscout's DDoS mitigation arm Arbor Networks warns that attacks greater than 100Gbps are far from uncommon. The security firm has monitored 274 attacks over 100Gbps in the first half of 2016, versus 223 in all of 2015. The …
John Leyden, 19 Jul 2016
Bank vault

BAE Systems partners with SWIFT to bolster hacker intel

BAE Systems has been recruited to help SWIFT's newly formed Customer Service Intelligence team in a bid to get ahead of cyber-criminals targeting banks connected to the global financial messaging service. The announcement follows the analysis and identification of malware that BAE Systems’ threat intelligence team was able to …
John Leyden, 15 Jul 2016
Man reading newspaper with glasses on his head

Android malware blocks bank calls

Cybercrooks have put together a fake banking application that blocks victims’ outgoing calls to customer service. The Fakebank trojan blocks calls in order to stop victims from cancelling their stolen payment cards. The Android nasty is automatically programmed to cancel calls from being placed. Victims can, of course, use …
John Leyden, 14 Jul 2016
Defeated-looking young man puts his head against table in front of laptop and pile of papers in conference room. Pic via Shutterstock

Software bug costs Citigroup $7m after legit transactions mistaken for test data for 15 years

A programming blunder in its reporting software has led to Citigroup being fined $7m (£5m). According to the US Securities and Exchange Commission (SEC), that error [PDF] resulted in the financial regulator being sent incomplete "blue sheet" information for a remarkable 15 years – from May 1999 to April 2014. The mistake was …
Kieren McCarthy, 13 Jul 2016
Robots2, image via Shutterstock

A journey down the UK's '3D Tongue' into its mini industrial revolution

One of the few "horizon" technologies that is really making a difference right now is 3D printing. While other "big hope" concepts such as genetic engineering, nanotech and quantum physics have yet to make much of an impact, 3D has been making immediate inroads into traditional, sometimes ancient manufacturing techniques. …
Marcus Gibson, 12 Jul 2016
Illustration of a "bitcoin" dissolving into numbers. Photo by SHutterstock

Bitcoin child abuse image pervs will be hunted down by the IWF

Blockchain forensics are being harnessed in an effort to clamp down on the trade in images of child sex abuse on the dark web. The Internet Watch Foundation (IWF) is teaming up with Elliptic, a UK blockchain intelligence start-up, in a bid to track individuals who use Bitcoin to pay for images of child sex abuse. The IWF is …
John Leyden, 06 Jul 2016
London stock exchange, photo via Shutterstock

London Stock Exchange's German mega-merger: It's a go, despite Brexit

The London Stock Exchange takeover by its German competitor Deutsche Boerse (aka the "Merger of Equals") should still be going forward despite Brexit, but a planned vote by their respective shareholders throws another wildcard into how job cuts are shared between London and Frankfurt. The £12bn deal, announced in March, is due …
Dominic Connor, 04 Jul 2016
Mosasaurs illustration. Image credit: Julius T Csotonyi for the University of Yale

Hydra hacker bot spawns internet of things DDoS clones

Lizard Squad may be mostly behind bars, but their LizardStresser botnet has spawned more than 100 clones. According to Arbor Networks' Matthew Bing, the imitators have lit on the Internet of Things, enslaving thousands of dumb devices with code the hacker group published last year. LizardStresser is an illegal booter service …
Darren Pauli, 01 Jul 2016
A bowl of Noodles

While you filled your face at Noodles and Co, malware was slurping your bank cards

American fast-food chain Noodles and Company says malware got into its sales registers, allowing it to slurp customers' payment card numbers. The biz admitted today that hundreds of restaurants in 28 US states were infected with card-stealing software nasties that harvested customer card names, numbers, expiration dates, and …
Shaun Nichols, 29 Jun 2016

Inside the World of the Dark DDoS

Today’s distributed denial of service attacks are different than the kinds that we saw at the dawn of the millennium when the threat emerged. They’re becoming more nuanced, and subtle – and they could result in a lot more than a downed web server. In the early days of DDoS, volumetric attacks were all the rage. Politically or …
Danny Bradbury, 27 Jun 2016
Logs and an axe

Hackathons aren't just for hipsters

Glancing up from our smartphones, we catch sight of a world that has suddenly become almost entirely different. Surface appearances haven’t changed very much - buildings and cars and all that infrastructure - but behind the scenes nearly everything has been transformed. Everything … except for business practices. Those haven’t …
Mark Pesce, 16 Jun 2016
Upset man in suit and drinking liquor. Photo by Shutterstock

Hackers targeting SWIFT banks also targeted US moneymen: Hedge funds at risk

The Lazarus Group of hackers, blamed for a recent run of attacks against mainly Asian banks linked through the SWIFT network, is now suspected of targeting a mid-market US bank. Evidence uncovered by threat detection firm eSentire suggests that the Lazarus crew (which is also the chief suspect in the 2014 Sony Pictures hack) …
John Leyden, 13 Jun 2016
Man reading newspaper with glasses on his head

Anons sock stock exchange

Anonymous has claimed responsibility for a web attack against the London Stock Exchange (LSE) last week. LSE's website was rendered inaccessible for two hours on Thursday. Elements of the Anonymous hacktivist collective said the assault was part of an ongoing operation targeting financial institutions, codenamed Operation …
John Leyden, 06 Jun 2016
Taylor Swift

SWIFT threatens to give insecure banks a slap if they don't shape up

The SWIFT global payments system has announced it plans to suspend banks with weaker cyber defences until they improve their security. The threatened sanction follows a run of attacks on international banks over recent weeks, including the $81m mega-heist at the Bangladeshi Central Bank. These cyber-heists1 relied on hackers …
John Leyden, 03 Jun 2016
Headshot of Trojan horse

Russia launches raids over Sberbank heist

Russia's FSB says it's tagged the gang that used the “Lurk” trojan to raid 1.7 billion roubles – about US$25 million – from financial institutions. Lurk was identified in 2012. At the time, Kaspersky Labs said it was a “fileless” Trojan that ran in RAM. Instead, it “uses its payload to inject an encrypted dll from the web …
Ben Mezrich, Once Upon a Time in Russia: The Rise of the Oligarchs and the Greatest Wealth in History

FOURTH bank hit by SWIFT hackers

A fourth bank, this time in the Philippines, has been attacked by hackers targeting the SWIFT inter-bank transfer system. Security researchers at Symantec reckon the same group blamed for the infamous $81m Bangladesh central bank mega-heist back in February also mounted an earlier assault in the Philippines last year, itself …
John Leyden, 27 May 2016
lg_rolly_keyboard_648

Symphony enters messaging app market

Entering an already crowded market, Symphony has announced it will produce an iOS app for its cloud-based messaging service. The Google-backed company's service is used largely by financial institutions due to its high-level security, but is currently only available through a browser. The iPhone app will be released next week …
Kieren McCarthy, 20 May 2016

Suckfly: The hacking group targeting India but taking weekends off

A professional hacking group called Suckfly is targeting India's infrastructure and economic base by zeroing in on individuals and installing tools to access their work networks. That's according to a blog post by Symantec that has analyzed and dug into the group's activities and methods. Symantec first spotted the group it …
Kieren McCarthy, 18 May 2016
shutterstock_192561857-cat-

Firms that make 'questionable use' of your data will pay... with their reputations

There is a reputational risk to firms if they make "questionable use" of consumer data, the European Banking Authority (EBA) has warned. The regulator highlighted the risk in a new discussion paper on the innovative uses of consumer data by financial institutions (29-page/292KB PDF). "Financial institutions might use data in …
OUT-LAW.COM, 10 May 2016

EMC makes a LEAP forward with Virtustream and more

EMC World The first day of EMC World in Las Vegas caused announcement overload, with the Unity array top of the list, closely followed by a Virtustream storage cloud and more. The Virtustream Storage Cloud (VSC) is for enterprises and service providers to store data in the cloud, mission-critical data, says EMC. The data can come from …
Chris Mellor, 03 May 2016
Hacker with face obscured, wearing a hoodie,  works in front of a bank of monitors. photo by Shutterstock

Finance bods SWIFT to update after Bangladesh hack

Security vendors are pushing for a more comprehensive revamp of the SWIFT international inter-bank financial transaction messaging system beyond a update prompted by an $81m hack against Bangladesh's central bank. The loss of $81m (part of an attempted $950m heist) in February’s Bangladesh cyber-heist – reckoned to be the …
John Leyden, 29 Apr 2016
ISIS fighters

Pro-ISIS hacking groups are still hooking up

Remember when pro-Daesh/ISIL/ISIS hacking groups banded together to form a unified force? They're still, er, hooking up, according to a recent study. However, while they still operate unofficially, say the authors, they remain poorly organised and are likely underfunded, according to threat intel outfit Flashpoint. The study, …
John Leyden, 28 Apr 2016

Why we should learn to stop worrying and love legacy – Fujitsu's UK head

Interview In the UK, IT Godzilla Fujitsu is perhaps best known for its unwieldy public sector contracts, being responsible for running a sizeable chunk of the government's legacy technology. Indeed most of its UK and Ireland revenue has historically come from the public sector, some 70 per cent at the beginning of the last Parliament in …
Kat Hall, 15 Apr 2016
Bank vault

Aussie banks stage secret secret intel sharing meetings

ACSC2016 Carders targeting Australian banks may have a tough time re-using attacks thanks to a regular invite-only gathering of anti-fraud boffins. Adam Cartwright. Image: Darren Pauli, The Register. The information-sharing meetups known as "Interbank" have taken place for about six years. The meetings first included representatives …
Darren Pauli, 14 Apr 2016
Bitcoin is the future of money CC 2.0 by Jonathan Waller https://www.flickr.com/photos/whitez/

Not Bitcoin, but close: Red Hat and Microsoft bite into blockchain tech

Red Hat is offering upstart financial types the opportunity to play with blockchain tech on its OpenShift platform. The news comes a day after Microsoft struck a deal to investigate blockchain tech in partnership with major financial institutions. In a blog post, Redmond exec veep of business development, Peggy Johnson, wrote …
Joe Fay, 05 Apr 2016

New UK cyber security centre to work with Bank of England

The UK's new national cyber centre will collaborate with the Bank of England on new cyber security guidance for financial firms when it opens later this year, the government has said. The Cabinet Office announced that the National Cyber Security Centre (NCSC) will be based in London and start operating in October. It said one …
OUT-LAW.COM, 23 Mar 2016

Buhtrap hacks whack Russian bank chaps; phish bait works great

Russian malware writers have scored at least US$25.7 million (£17.8 million, A$33.6 million) in raids against banks in their home country, intelligence firm Group IB says. The "Buhtrap" group has since 2014 used simple but coordinated attacks to target Russian banks directly and with devastating effectiveness. It is the first …
Darren Pauli, 18 Mar 2016

Attackers packing malware into PowerShell

Microsoft's PowerShell has once again become an attack vector for malware, this time a file-less attack dubbed "Powersniff" by Palo Alto Networks. The attack arrives through e-mails containing Word documents bearing malicious macros, almost as if it isn't more than 15 years since the first macro viruses were let loose on the …
Bank vault

A typo stopped hackers siphoning nearly $1bn out of Bangladesh

Cybercrooks looted more than $80m from Bangladesh’s central bank in one of the largest known bank robberies in history. Fraudsters used stolen credentials to make illegitimate cash transfers from the Bangladesh government’s reserve account at the Federal Reserve Bank of New York. The damage could have been even worse. If …
John Leyden, 11 Mar 2016

What are you doing to spot a breach?

Technology moves quickly, not just in legitimate business, but in the cybercriminal world too. Advanced attack tools are now available on the black market, lowering the barrier to entry for the average online lowlife. They are happy to target large and small organizations alike, and they only have to be lucky once. Security …
Robin Birtstone, 08 Mar 2016
Dollar in pocket, photo via Shutterstock

Watch out, Barclays. Google pilots Hands Free mobile payment

Google is testing a mobile payment system for those loaded down with too much shopping. The ad-flinger is piloting Hands Free, a smartphone payment app that lets you pay for goods and services without removing your phone from your pocket or bag. Hands Free uses a combination of facial-recognition, phone sensors, Wi-Fi and …
Gavin Clarke, 03 Mar 2016
Blackhat

Operation Blockbuster security biz: We'll get you, Sony hackers

A newly created cross-industry initiative aims to pool resources in order to bring down – or, at least, disrupt – the hackers behind the infamous attack against Sony Pictures back in 2014. The Lazarus Group, which may in reality consist of several associated groups of attackers or hacking crews, started around seven years …
John Leyden, 24 Feb 2016

Metel malware pops bank, triggers 15 percent swing in Russian Ruble

Hackers caused the Russian Ruble to swing 15 per cent in minutes by hacking a bank with a newly-discovered and highly capable malware. The "Metel" or "Corkow" malware was used to break into the Kazan-based Energobank and place on its behalf some US$500 million (£344 million, A$702 million) in orders, sufficient to swing …
Darren Pauli, 15 Feb 2016

Sophisticated malware-as-a-racket fraudsters have been scamming businesses for 10 years

Security researchers have lifted the lid on the Poseidon Group, a global cyber-espionage gang in operation since at least 2005. Most top-drawer hacking crews are state-sponsored – such as the cyber-units of China’s Peoples Liberation Army or the NSA’s elite Tailored Access Operations team. Unlike these government-backed spies …
John Leyden, 09 Feb 2016
Blackhat

Russian ATM-popping gang used nation state cybercrook tactics

Cybercrooks are increasingly adopting tactics from more advanced hackers in order to steal millions of dollars from banks and other financial institutions. The first of the two cybercrime groups, dubbed Metel, are mostly active in Russia. The group’s typical modus operandi involves gaining control over machines inside a bank …
John Leyden, 09 Feb 2016

Davos 2016: It's now all about technology, but what actually happened?

Sketch It used to be that the annual meeting of the World Economic Forum (WEF) in the Swiss ski resort of Davos was all about finance and politics. But since it turned out that the bankers were almost exactly as corrupt and incompetent as the small cadre of protesters that stood in the snow every year insisted they were, finance has …
Kieren McCarthy, 23 Jan 2016
China

China to set up its own virtual currency

The People's Bank of China (PBOC), China's central bank, hopes to launch its own virtual currency to cut the cost of handling paper money and to give the government more control of the country's money supply. A research team has been looking into digital currencies since 2014 and has achieved some encouraging initial results. …
OUT-LAW.COM, 22 Jan 2016

Irish government websites hit by widening DDoS attacks

A number of Irish government-related and public sector websites were knocked offline by an apparent DDoS attack on Friday morning. The latest assaults follow apparently similar web attacks on the popular boards.ie discussion boards (bang) and the Irish National Lottery earlier (wallop) this week. At the time of first of the …
John Leyden, 22 Jan 2016
spy_eye_648

IBM buys fraud sniffing biz for real-time protection

IBM has assimilated a German payment fraud prevention business, IRIS Analytics, a provider of a real-time fraud analytics engine using machine learning algorithms, for undisclosed terms. "By integrating IRIS Analytics with IBM's counter fraud technology, we will help organisations more accurately detect fraud at scale and …

What do we do about a problem like Uber? Tom Slee speaks his brains

Interview Veteran software pro Tom Slee was one of the first critics of so-called “Sharing Economy” outfits like Uber and AirBnB. His forthcoming book What’s Yours Is Mine: Why The Sharing Economy Isn’t draws attention to the dark side of their operations – and strongly argues for regulation. But this creates a dilemma. They’re hugely …
Andrew Orlowski, 15 Jan 2016

Half of UK financial institutions vulnerable to well-known crypto flaws

Fifty per cent of UK high street financial institutions utilise weak SSL certificates on their secure authentication portals, according to a new study by Xiphos Research. An assessment of 84 UK- and foreign-owned banking institutions in November by the international information security firm, and published on Monday, found …
John Leyden, 05 Jan 2016
Huawei_Shenzhen_HQ

Huawei: Hey, storage bigshots – we're coming for your top 3 spot

China is coming to shake up our cosy storage world, with Huawei hoping for a top three supplier spot by 2018. Fan Ruiqi, Huawei’s storage products president, told Reuters: “We don't want to just be number one in China ... We want to be at least the top three in the world by 2018” in the storage business. That means acquiring …
Chris Mellor, 08 Dec 2015

Target settles with banks for $40m after data breach

Retail giant Target has agreed to shell out $39.4m to banks and credit unions who had pursued the company following losses suffered after an enormous data breach. Target has now resolved the class-action claims following lenders seeking to hold the company to account for reimbursing defrauded customers. $20.25m will be paid to …

UK joins US financial institutions for industry resilience tests

The UK teamed up with US authorities to run a banking industry resilience exercise, dubbed Operation Resilient Shield, last week. The paper-based transatlantic exercise focused on improving information sharing and planning in the context of a cyber attack rather than fending off Red Team hackers. Leading (but unnamed) global …
John Leyden, 19 Nov 2015

Read the Economist last weekend? You may have fetched more than just articles (yup, malware)

Third bathroom reading material The Economist served malware from its website via the compromised PageFair network. The biz mag today alerted readers that it put their PCs at risk last weekend. "If you visited economist.com at any time between Oct. 31, 23:52 GMT and 01:15 GMT, Nov. 1, using Windows OS and you do not have …
Shaun Nichols, 06 Nov 2015

FBI takes down Dridex botnet, seizes servers, arrests suspect

The FBI has teamed up with security vendors to disrupt the operations of Dridex banking Trojan. Multiple command-and-control (C&C) servers used by the Dridex Trojan have been taken down and seized in a co-ordinated action after the FBI obtained court orders. The take-down operation is geared towards crippling the malware’s …
John Leyden, 14 Oct 2015
ZFS_Appliances

Oracle ZFS appliance sales hit $1 billion

Oracle blogs it’s sold more than a billion dollars’ worth of its ZFS appliance, with almost 15,000 systems installed by more than 5,000 customers. It is “currently one of the fastest growing products within the Oracle Server and Storage Systems business unit.” Sounds impressive, particularly with EMC saying it has sold a …
Chris Mellor, 09 Oct 2015

Russian hacker, nabbed in Spain, cops 4+ years for Citadel botnet

Dimitry Belorossov – a Russian cyber-criminal who used the Citadel banking trojan – has been sentenced to four years and six months in a US prison after pleading guilty to conspiring to commit computer fraud. Belorossov, who was known by criminal associates as Rainerfox, was alleged to have operated a Citadel command and …