Finance News, Articles and Updates

Shadow Brokers threatens monthly leak of more NSA tools to monthly subscribers

The Shadow Brokers group that has been leaking alleged NSA hacking tools, is now threatening to launch a "Dump of the Month" service that will deliver more stolen tools and data to paying subscribers.

SEC orders Chinese hackers to pay $9M for hacking law firms for trade secrets

Three Chinese hackers were ordered by a Federal Judge in Manhattan to pay a combined total of approximately $9 million in fines.

Trio of downloaders used in recent Blackmoon banking trojan campaign

Two recent cybertheft campaigns targeting South Koreans employed a three-stage downloader framework that installed the Blackmoon banking trojan on geo-targeted machines, according to a report Thursday from Fidelis.

Microsoft bug linked to spy campaigns, bank thefts reportedly took 6 months to fix

A zero-day bug in Microsoft Office and WordPad that hackers exploited to spy on targeted users, implant malware, and steal banking credentials took nine months to fix, according to news reports.

Asian Interpol operation finds nearly 9,000 CnC servers

Investigators from seven Southeast Asian nations collaborated on a joint Interpol operation that identified approximately 8,800 C2 servers in eight countries and nearly 270 compromised websites, including government portals.

Binary Options malvertising scheme delivers Gozi-like banking trojan

A recently discovered malvertising campaign called Binary Options is redirecting Internet users to a fake trading company webpage, before infecting some of these victims with a banking trojan via the RIG exploit kit.

New York men plead guilty to ATM theft scheme using skimmers and hidden cameras

Three New York-area men have separately pleaded guilty in federal court to one count of conspiracy to commit bank fraud, in relation to the theft of at least $428,581 in funds from various New Jersey banking locations.

U.S. Postal Service-themed spam delivers three banking trojans

Malwarebytes researchers spotted an uptick in United States Postal Service (USPS) themed malspam delivering one of three banking trojans.

SWIFT codes targeted in Union Bank of India cyberattack

Hackers launched an attack against Union Bank of India that was very similar to the attack Bangladesh bank heist that resulted in the theft of $81 million.

Clues from Russian banking machine theft leads investigators to ATMitch malware

Kaspersky Lab on Tuesday revealed further details about a memory-only "fileless malware" campaign that a cybercriminal organization has been employing to steal money remotely from ATMs while leaving behind virtually no trace of malicious activity.

Were the robbers behind the Bangladesh Central Bank job North Korean?

Authorities are reportedly closing in on the culprit behind the February 2016 Bangladesh Central Bank heist. Not only does the FBI officially believe the robbers to be state sponsored, but unofficially authorities suspect they are North Korean.

NukeBot banking malware author leaks code to salvage cybercrime forum cred

The author of a powerful banking trojan has reportedly leaked his own source code in order to get back into the good graces of the greater cybercrime community, which shunned him for breaches of rules and etiquette on cybercrime forums.

Switzerland to build AI cognitive security ops centre to protect banks

Switzerland's cognitive security operations centre will be built around IBM Watson for Cyber Security and provide in-country support to the banking sector.

U.S. expected to charge North Korea for role in Bangladesh Bank digital heist

U.S. prosecutors are reportedly building a case against Nort. Korea to examine the nation's potential role in the 2016 Bangladesh Bank digital heist

Cybersecurity spending varies but best practices still save

It's no secret that calculating an individual or company's risk varies between each task as the economics of cybersecurity remain uncertain.

Cybercrime Blotter: Kolypto hacker pleads guilty to his role as Citadel malware co-developer

Russian national Mark Vartanyan pleaded guilty on Monday to one count of computer fraud in related to his role in co-developing and distributing Citadel malware under the hacker alias Kolypto.

FireEye says criminals now as sophisticated as nation states

FireEye's annual M-Trends report finds that financial attacks have reached nation-state level of sophistication.

New Cifas data reveals 173,000 cases recorded in 2016, record high

Nine out of 10 fraudulent applications for bank accounts and other financial products made online.

Symantec finds fake AV being distributed using HSBC phishing emails

Fake HSBC emails are being spread, asking users to install a malicious version of Rapport, a legitimate security program designed to protect online bank accounts from fraud.

New Dridex borrows from AtomBombing code injection technique, UK banks already targeted

Developers behind Dridex have launched a major new version of the banking trojan, one that employs a unique method for injecting malicious code based on a technique called AtomBombing. And UK banks already feel the heat.

RTM cyber gang targets Russian businesses that conduct remote banking

Preying on Russian businesses that rely on Remote Banking Systems, the cybercrime group RTM is using backdoor malware to first silently compromise systems, and then perform reconnaissance, swipe data and steal funds.

Kaspersky: Banking malware attacks up 30.6% in 2016; finance sector phishing also more prevalent

The number of cyberattacks targeting financial institutions and their customers soared to new heights in 2016, according to Kaspersky Lab, which observed nearly 1.09 million banking trojan attacks on users in 2016.

Malware targeting banks contains apparent false flags designed to frame Russians

Malware samples recovered from watering hole attacks recently targeting banks across the globe contain false flags that fraudulently suggest Russian actors are behind the campaign, even though the most likely culprit is the Lazarus Group.

17K affected in W-2 data breach at American Senior Communities

A company payroll worker was likely duped by a W-2 phishing scam resulting in cybercriminals filing false returns using stolen data.