Financial Services – Page 4

FIN7 ‘technical guru’ sentenced to 10 years in prison

Posted on April 16, 2021 by Sean Lyngaas

A U.S. federal judge on Friday sentenced Fedir Hladyr to 10 years in prison for his alleged role as an administrator of the multibillion-dollar cybercrime group known as FIN7, which has breached hundreds of U.S. firms. The 10-year sentence includes three years Hladyr has already spent in detention since his arrest, and $2.5 million in restitution to be distributed to victims. FIN7 is one of the most formidable cybercriminal groups of the last decade, allegedly siphoning off millions of credit card numbers from restaurant and hospitality chains in 47 U.S. states. And Hladyr, a Ukrainian in his mid-30s, is allegedly a big reason that FIN7 operated like a well-oiled multinational corporation. Hladyr allegedly controlled an instant messaging service that the crime group used to upload stolen payment card data and screenshots from hacked financial firms. He also allegedly organized FIN7’s work through a project-tracking software that managed thousands of stolen usernames […]

The post FIN7 ‘technical guru’ sentenced to 10 years in prison appeared first on CyberScoop.

Continue reading FIN7 ‘technical guru’ sentenced to 10 years in prison→

Banking organizations dub proposed US cyber notification regulation ‘burdensome’

Posted on April 13, 2021 by Tim Starks

Banking groups have objected to elements of a proposed U.S. cyber incident notification rule, saying that its threshold for mandatory disclosure of such events to regulators is overly broad and would lead to over-reporting of incidents. Under the proposed regulation from the Treasury Department and other regulators, banks would have to notify their regulators within 36 hours of certain kinds of attacks, and bank service providers would have to notify their customers of particularly damaging incidents as well. “While we support the policy goals of the proposed rule, we believe that, as currently drafted, the proposed rule calls for notification of incidents well below the intended threshold of critical cybersecurity incidents,” wrote the American Bankers Association, Bank Policy Institute, Institute of International Bankers, and the Securities Industry and Financial Markets Association. “As a result, the proposed rule would lead to significant and burdensome over-reporting to the Agencies, contrary to its […]

The post Banking organizations dub proposed US cyber notification regulation ‘burdensome’ appeared first on CyberScoop.

Continue reading Banking organizations dub proposed US cyber notification regulation ‘burdensome’→

Banking organizations dub proposed US cyber notification regulation ‘burdensome’

Posted on April 13, 2021 by Tim Starks

The post Banking organizations dub proposed US cyber notification regulation ‘burdensome’ appeared first on CyberScoop.

Continue reading Banking organizations dub proposed US cyber notification regulation ‘burdensome’→

Fed chair deems cyber threat top risk to financial sector

Posted on April 12, 2021 by Shannon Vavra

Federal Reserve Chairman Jerome Powell said he is on alert for cyberattacks against U.S. financial systems and companies, above and beyond any other risks to the economy. “The world evolves. And the risks change as well,” Powell said during an interview aired Sunday on CBS 60 Minutes, noting he is far more concerned about a cyber incident than he is about encountering a collapse akin to the global financial crisis of 2008. “And I would say that the risk that we keep our eyes on the most now is cyber risk.” Other government agencies and major companies — in particular financial companies — are also on alert, Powell said. Particularly of concern to Powell are scenarios in which cyberattacks cripple financial institutions to the point that they can’t track payments or to the point that payment systems don’t function. “There are scenarios in which a large payment utility, for example, breaks […]

The post Fed chair deems cyber threat top risk to financial sector appeared first on CyberScoop.

Continue reading Fed chair deems cyber threat top risk to financial sector→

Financial industry preps for proposal that would require 36-hour breach notification

Posted on April 9, 2021 by Tim Starks

A milestone date for an ambitious federal banking industry cybersecurity regulation that debuted at the tail end of the Trump administration has nearly arrived. Monday, April 12 marks the deadline for comments on an initial proposal that would mandate how a wide range of financial firms would need to report more kinds of cyber incidents to regulators within 36 hours. That’s a more stringent timeline that many comparable regulations; Europe’s General Data Protection Regulation notification window is twice as long, at 72 hours. The relatively quick notification requirement generated most of the attention when the Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, and Treasury’s Office of the Comptroller of the Currency announced the rule in December. It’s expected to receive significant blowback from the financial services industry as an overly aggressive demand. Some analysts, though, cite the types of incident reports that need to be […]

The post Financial industry preps for proposal that would require 36-hour breach notification appeared first on CyberScoop.

Continue reading Financial industry preps for proposal that would require 36-hour breach notification→

Crooks are getting smarter about exploiting SAP software, study finds

Posted on April 6, 2021 by Sean Lyngaas

Security researchers on Tuesday warned of the unrelenting interest that cybercriminals have in exploiting applications made by software giant SAP to defraud or disrupt big businesses that rely on SAP products. A months-long study by Boston-based security firm Onapsis found that malicious hackers are growing more knowledgeable of SAP software and the potential impact that compromises could have on customers. In one case, an unidentified attacker managed to chain together multiple software exploits to target an SAP “credential store,” which stores login details for an organization’s high-value SAP users. Access to the credential store could give a hacker the ability to exploit other applications that interact with those credentials. SAP has 400,000 customers worldwide, including more than half of NATO members. A big swath of the world’ largest public companies use the software to manage their business processes. A critical bug in SAP software could be a ticket for a […]

The post Crooks are getting smarter about exploiting SAP software, study finds appeared first on CyberScoop.

Continue reading Crooks are getting smarter about exploiting SAP software, study finds→

Hacker team-ups pose 2021 threat to financial industry, group cautions

Posted on March 30, 2021 by Tim Starks

An information sharing group for the financial sector warned on Tuesday that banks will encounter growing danger this year from converging nation-state and criminal hackers, as well as supply chain risks and cross-border attacks. The report from the Financial Services Information Sharing and Analysis Center serves as a recap of threats the industry endured last year, as well as a forecast for 2021. Ransomware and other kinds of extortion attacks were among the biggest hazards for the financial services industry last year, FS-ISAC said. The organization said it expects further use of the increasingly common ransomware method of hackers leaking partial data to incentivize higher victim payments, and it said that more than 100 financial companies received distributed denial-of-service extortion threats last year. The organization also suggested that state-sponsored groups would leverage access or other techniques established by financially motivated scammers to boost their own operations. FS-ISAC did not point […]

The post Hacker team-ups pose 2021 threat to financial industry, group cautions appeared first on CyberScoop.

Continue reading Hacker team-ups pose 2021 threat to financial industry, group cautions→

Why Banks Are Still A Top Target For DDoS Attacks

Posted on March 22, 2021 by Grainne McKeever

The financial services sector is still a prime target for cyber criminals and it has been widely reported that in 2020 financial institutions came under attack more than ever before. According to Boston Consulting Group research, financial service firm… Continue reading Why Banks Are Still A Top Target For DDoS Attacks→

Web Application Firewalls Instrumental in Digital-First Banking

Posted on March 18, 2021 by John Oh

Like many industries, the banking and insurance sectors have shifted their resources to be digital-first, all the more so since the start of the global pandemic. For today’s customers, who increasingly begin their banking experiences using digital chan… Continue reading Web Application Firewalls Instrumental in Digital-First Banking→

Genesis raises $45M to expand its fintech-focussed low-code platform to more verticals

Posted on March 15, 2021 by Ingrid Lunden

Low-code and no-code tools have been a huge hit with enterprises keen to give their operations more of a tech boost, but often lack the resources to handle more complex integrations. Today, one of the startups that has been building low-code finance tools is announcing funding to tap into that trend and expand its business. […] Continue reading Genesis raises $45M to expand its fintech-focussed low-code platform to more verticals→