OCCEAC Risk Partners: Banking & Finance

Greetings!

Prepared by the CyberWire (Friday, August 12, 2016) — Cyber criminals continue to evolve fresh versions of banking malware. The Vawtrak Trojan, long familiar as a threat to banking credentials, has evolved into a stealthier form. And a new Trojan, Scylex, is being advertised on criminal-to-criminal networks as the successor to the famous Gameover Zeus, which has largely vanished thanks to aggressive takedowns.

Observers note that "cyber criminals are cooperating for faster innovation," and that such collaboration enables them to stay ahead of defenders. There's a degree of truth to that, but cooperation is more by the invisible hand of the black market. The Scylex Trojan, if in fact it breaks out into the wild in a big way, will provide an interesting case study of how the dark web serves as a crimeware research and development shop.

Samsung Pay, the NFC payment system, is found in principle vulnerable to skimming. It's unclear, yet, whether this proof-of-concept will translate into real theft.

Investigation into the SWIFT-enabled fund-transfer fraud from the Bangladesh Bank continues, with the bank tentatively sharing more information with investigators in the US. Bangladesh Bank, however, is not disclosing all it believes it knows about the attack—it wishes to withhold potentially useful information from "foreign perpetrators." The New York Federal Reserve Bank was a middle point in the fraud, which was eventually detected by alert proofreaders at Deutsche Bank.

Similar fraud has hit Vietnam's banking system, which detected and partially blocked bogus SWIFT transfers earlier this summer. More recently, retail customers of Vietnamese banks have seen their accounts drained via ATMs in Malaysia. How this ATM fraud was accomplished remains under investigation.

India's Finance Ministry is urging state-run banks to improve their information security, and to do so through the mediation of the Reserve Bank of India. Indian banks, notably the Union Bank of India, have experienced attempted compromises of some of their offshore accounts.

In the US, the FDIC moves to upgrade its own cyber security through participation in the Department of Homeland Security's Einstein system.

[331]

Selected Reading

Cyber Attacks, Emerging Threats, and New Vulnerabilities (11)

Security Patches, Mitigations, and Software Updates (3)

Cyber Trends (4)

Technologies, Techniques, and Standards (3)

Legislation, Policy, and Regulation (2)

Litigation, Investigation, and Law Enforcement (5)

Cyber Attacks, Emerging Threats, and New Vulnerabilities

Zeus Panda variant targets Brazilians, wants to steal everything(Help Net Security) A new Zeus Trojan variant dubbed Panda Banker has been specially crafted to target users of 10 major Brazilian banks, but also other locally popular services…

Cyber attack: Brazilian hackers win the gold in credit card crime(South China Morning Post) Forget about Olympic medals. The gold and silver sought this year in Rio de Janeiro are the colours of credit and debit cards…

Major Qualcomm chip security flaws expose 900M Android users(Ars Technica) Range of devices open to exploit by "Quadrooter" collection of vulnerabilities…

Flaw in Samsung Pay lets hackers wirelessly skim credit cards(ZDNet) The tokens that are used to make purchases can be easily stolen and used in other hardware to make fraudulent transactions…

Samsung: Hackers can't pwn our NFC payment kit. No way, nuh-uh, not true (Well, OK, maybe)(Register) Samsung: Hackers can't pwn our NFC payment kit. No way, nuh-uh, not true (Well, OK, maybe)…

Oracle's Data Breach May Explain Spate of Retail Hacks(Fortune) The breach affects the cloud giant’s payment terminal systems…

Oracle MICROS Hackers Breach Five More Cash Register Companies(Forbes) Hackers have breached at least five cash-register providers that supply hundreds of thousands of businesses in the United States, FORBES has been told. After investigative reporter Brian Krebs reported a compromise of Oracle's ORCL -0.35% MICROS unit earlier this week, it now appears the same allegedly Russian cybercrime gang has hit five others in the last month: Cin7, ECRS, Navy Zebra, PAR Technology and Uniwell. Together, they supply as many as, if not more than, 1 million point-of-sale systems globally…

Security Alert: New Scylex Financial Crime Kit Aims to Provide Zeus-grade Capabilities(Heimdal Security) “Do you want to make money, do you want multiply your net-worth?” This probably sounds like a question asked by someone looking to recruit you into a multi-level marketing scheme. But the authors are actually cyber criminals…

Banking Trojan Evolves Into Dangerous Account Hijacker(Credit Union Times) Banking Trojans with account commandeering capabilities are dangerous enough on their own, but two major changes made to one Trojan’s code makeup have increased its persistence and risk to potential victims…

Microsoft Secure Boot key debacle causes security panic(ZDNet) Security failures have created "golden keys" which unlock Windows devices protected by Secure Boot. [Updated]…

Road Warriors: Beware of ‘Video Jacking’(KrebsOnSecurity) A little-known feature of many modern smartphones is their ability to duplicate video on the device’s screen so that it also shows up on a much larger display — like a TV. However, new research shows that this feature may quietly expose users to a simple and cheap new form of digital eavesdropping…

Security Patches, Mitigations, and Software Updates

Microsoft releases five critical updates (CSO) Microsoft continued a trend of fewer updates than we are used to with only 9 bulletins (5 critical and 4 important) released this month. It stands to reason that Microsoft may have kept things simple so as not to over shadow the release of their Windows 10 Anniversary update…

iOS 9.3.4 Patches Critical Code Execution Flaw (Threatpost) Apple last week patched a critical iOS memory corruption vulnerability that could allow attackers to execute code on compromised devices…

A Month Without Adobe Flash Player Patches (Threatpost) Adobe rolled out its monthly patch release today, and the news isn’t necessarily what was patched, but what wasn’t…

Cyber Trends

Financial malware attacks increase as malware creators join forces(Help Net Security) Kaspersky Lab blocked 1,132,031 financial malware attacks on users, a rise of 15.6 percent compared to the previous quarter, according to the results of the company’s IT threat evolution report for Q2. One of the reasons for the rise appears to be the collaboration between the authors of two leading banking Trojans: Gozi Trojan and Nymaim Trojan, pushing both into the top 10 ranking of financial malware…

Organizations Still Give Employees More Access Than They Need(Dark Reading) Ponemon study shows that access to proprietary information remains on the rise…

Black Hat USA Shows Enterprises Fail to Learn Security 101 Lessons(eWeek) Amid the latest technology and research discussed at Black Hat USA, enterprises still aren't implementing common sense cyber-security practices…

Passwords Protect Your Business, but Who’s Protecting Them?(AVG Now) When we asked AVG Business customers in the US and UK how they keep company passwords safe, we were surprised to learn just how many of them … simply don’t…

Technologies, Techniques, and Standards

The Biggest Banks In The US Team Up To Take On Cybercrime(PYMNTS) In something of a Team of Rivals move – the biggest baks in the United States are teaming up to take on the ever-increasing population of cybercriminals trying to hack them…

Spearphishing: It’s Curiosity That Makes Them Click(Dark Reading) Researchers prove that people can be fooled just because they want to know what's on the other end of that email. Here are three steps you can take without spending too much money…

Here's The Business Side Of Thwarting A Cyberattack(Dark Reading) Ponemon Group study data illustrates the balancing act of running a business while trying to stay secure…

Legislation, Policy, and Regulation

FDIC joins DHS' Einstein, hires Booz Allen to raise cyber bar(Fedscoop) The banking agency has a new webpage touting its cybersecurity efforts but isn't releasing details of its contract with Booz Allen…

Finance ministry asks state-run banks to strengthen IT systems against cyber threats(Economic Times) The finance ministry has asked state-run banks to strengthen their information technology systems after security agencies warned they were vulnerable to cyber attacks…

Litigation, Investigation, and Law Enforcement

Bangladesh officials to meet Fed, U.S. investigators over heist: sources(Reuters) A team from Bangladesh will meet officials of the Federal Reserve Bank of New York, the Federal Bureau of Investigation and the U.S. Department of Justice this week in New York in connection with the cyber theft of $81 million from the South Asian country's central bank in February, sources said…

Bangladesh central bank withholding $105m heist probe information from 'foreign perpetrators'(Australian Broadcasting Corporation) Bangladesh's central bank says it is withholding findings of investigations into the cyber theft of $US81 million ($106 million) from its account at the Federal Reserve Bank of New York to avoid tipping off the "foreign perpetrators" of the hack…

Cyber fraud unearths potential loophole at Vietnamese bank's security system(VN Express) $22,400 disappeared from a client's bank account. Investigation is ongoing…

Another Crook from the 2008 RBS WorldPay Hack Indicted in the US(Softpedia) Levitskyy, of Ukraine, extradited to the US to face charges…

Australia sets up specialist cyber unit to trace terrorism payments(Reuters via Yahoo! Tech) Australia has set up a cyber-intelligence unit to identify terrorism financing, money laundering and financial fraud online, the government said on Tuesday, because of "unprecedented" threats to national security…

 
OCCEAC Risk Partners
Compiled and published by the CyberWire editorial staff. Views and assertions in linked articles are those of the authors, not the CyberWire or the OCCEAC Risk Partners.