RESOURCES

Xenomorph, an Android banking trojan, has resurfaced in a more advanced form. Originally discovered in early 2022, this malicious software was initially targeted at European banks using screen overlay phishing techniques and was distributed through Google Play. However, the latest iteration of Xenomorph has expanded its scope to include over 35 financial institutions in the United States and various cryptocurrency applications. 

The financial sector has seen a significant transformation due to digital technology. The industry has been pushed to be more dynamic to meet the demands of customers, regulatory requirements, and security threats, and remain competitive while safeguarding customer data and assets.

If you haven’t already, you will likely begin to see cyber news headlines about a massive data exposure related to Microsoft.  While the exposure is bad and nothing to overlook, the report coming from Microsoft is that “ No customer data was exposed, and no other internal services were put at risk because of this issue. No customer action is required in response to this issue.” This was taken directly from Microsoft’s Security Research and Defense page.   

Business email compromise (BEC) is a type of cyberattack that usually occurs through some type of social engineering campaign where the criminals assume the identity of a trusted person or organization and attempt to influence their victims into providing money through transfers or other digital payments, divulging personal information, making phony purchases, providing credentials to accounts, etc

As peer-to-peer (P2P) digital payment platforms like Venmo and Paypal rapidly grew in popularity for their ability to provide easy, convenient money transfers, several major banks collaborated to create Zelle. The new transfer application promised to be “the next big thing” in banking, yielding near-instantaneous transfers directly between banks. Unfortunately, with new digital technology comes increased risk.

With the recent natural disasters that have occurred, it’s important to be aware that bad actors will attempt to leverage those devasting incidents for gain.  CISA has released a warning urging users to be aware of malicious activity when these types of incidents occur.  Please read the below alert from CISA.

A small business owner recently fell victim to a sophisticated bank scam that drained her life savings, where scammers exploited two-factor authentication to gain access and withdraw money from her account. This cautionary story serves as a warning about the increasing prevalence of fraud and emphasizes the significance of using effective fraud detection systems.

NCUA Cyber Incident Notifications Requirement goes into effect September 1, 2023.  The final rule requires that covered institutions notify the NCUA as soon as possible, and no later than 72 hours, after the credit union reasonably believes it has experienced a reportable cyber incident or received a notification from a third party regarding a reportable cyber incident.

While nothing official has been published by LinkedIn at the time of this post, accounts on the platform appear to be coming under attack in some type of hacking campaign of unknown origin.  Users are reporting on multiple other outlets that their accounts have been taken over, locked out of their accounts, and having difficulty resetting accounts to regain access

In the Redefining Cybersecurity: Bridging the Communication Gap blog, we discussed resources and tools that can help open a dialogue with decision-makers. One of the resources is a Buyer’s Guide which was created by DefenseStorm as a vendor-neutral tool to help financial institutions (FIs) efficiently shop around for new solutions.

Internal communication applications, IE: Slack, MS Teams, etc.  Criminals are establishing domains that appear to be from legitimate technical support entities and then attempting to reach out to individuals to gain access to target users’ devices.  The below article was authored by Microsoft Threat Intelligence and taken from Microsoft directly and provides additional detail and threat actor attribution for these types of attacks.

An effective cyber risk management strategy requires everyone within the FI to work together with a unified goal for budget allocation and solution implementation.

Military, law enforcement, and first responders train constantly to be prepared for anything that they may face during their careers, so when those particular situations arise, they are confident, efficient, and knowledgeable about how to deal with and resolve the incident.  Incident response in cybersecurity is no different.

With a deeper understanding of this shift in ideology from reactive to proactive solutions, the question arises about your financial institution’s (FI’s) level of cyber risk readiness.

In this series, Redefining Cybersecurity, we will walk your FI through the process of evaluating your current state of cyber risk readiness so you can employ more efficient solutions to stay threat ready and compliant.

Since March of 2023 a new mobile malware has been pushing the Android banking trojan “Anatsa” to online banking customers located in the United States, United Kingdom, Austria, Switzerland and Germany. It has since become one of the most prolific banking malware, targeting over 400 financial institutions across the world.

On June 12, 2023, a critical Remote Code Execution (RCE) vulnerability was discovered in Fortinet’s popular FortiGate firewalls, posing a significant security risk for organizations relying on these devices for network protection. The vulnerability, identified as a critical flaw, could potentially allow malicious actors to execute arbitrary code on affected FortiGate firewalls.

Defensestorm is aware of the recent disclosure of the Barracuda Email Security Gateway Application (ESG) Vulnerability and has been actively monitoring for potential Indications of Compromise.