Tag: financial services
Lee Enterprises Investigating Ransomware Claim, Data Leak Threat – March 3rd
Lee Enterprises is investigating a claim from the Qilin ransomware group, which alleges it stole 350GB of data from the newspaper chain’s network in an early February attack. According to SentinelOne researchers, Qilin has threatened to begin leaking data on March 5, though the specific ransom demand remains unknown. A Lee Enterprises spokesperson confirmed awareness of the claims but provided no further details on the investigation.
Financial services see DDoS attacks double
Financial services companies worldwide saw the number of distributed denial-of-service (DDoS) attacks more than double in the second half of 2024. A DDoS attack is a malicious attempt to disrupt a service by overwhelming it with a flood of internet traffic. In the same period, the total number of DDoS attacks globally grew by 17 percent. According to global hosting and cloud services company Gcore, the financial services sector saw the most significant rise of any sector in the third and fourth quarters of 2024, with a rise of 117 percent. This marks a consistent overall increase in DDoS attacks quarter on quarter. While the third and fourth quarters of 2024 showed an increase of 17 percent, this represents a 56 percent rise over the same period in 2023.
Identifying fraudsters on the internet
In an exclusive interview with Cyber Intelligence, Patrick Harding, chief product architect at digital identity security company, Ping Identity, outlines the growing threat of identity theft and fraud, explaining how it evolved and what can be done to counter it. Everybody is forced into digital transactions and relationships and identity management is fundamental to knowing who you are interacting with. The problem goes back to the beginning of the internet in the 1990s and a cartoon of a dog in front of a computer with the caption, “On the internet no-one knows you’re a dog!” That really illustrates the core problem of identifying online users and customers. The extent to which this is carried out largely depends on the sensitivity of the activity concerned. There is a big difference between buying a pair of jeans online and opening a bank account. In both cases, there is a significant series of steps which could include requesting passport ID for financial services.
The rising costs of DORA compliance
The European Digital Operational Resilience Act (DORA), which came into force on Friday, January 17, is already having unforeseen costs for organizations right across the financial sector. Although the act is the brainchild of the European Union (EU), the financial services industry has been global for some years, and firms in the US and the UK are also impacted. As of Friday, the new regulations now also apply to US companies providing financial services within the EU or catering to EU customers. California-based cybersecurity company Rubrik has commissioned research that almost half of UK financial businesses report spending over €1 million each over the last two years in trying to comply with the new EU regulation. DORA mandates key provisions such as contractual safeguards and contingency plans to mitigate risks from partners and third parties. DORA compliance also requires regular testing of digital resilience and attack simulations.
Ukraine takes down Russia’s financial services
Hackers from Ukraine’s Main Intelligence Directorate claim to have effected one of the largest Distributed Denial-of-Service (DDoS) attacks in history, derailing Russia’s financial services. According to the Kyiv Post, the attack compromised the online services of all major Russian banks, including the Central Bank, telecommunications service providers, national payment systems, social networks and messengers, government resources, and dozens of other services. The affected Russian financial institutions are reported to include VTB Bank, Alfa Bank, SberBank, Raiffeisen Bank, RSHB Bank, Ak Bars Bank, Rosbank, Gazprombank, Tinkoff Bank, iBank, Dom.RF Bank, and the Bank of Russia. On the last day of the attack, the resources of the Russian Ministry of Defense, the Ministry of Internal Affairs. The Federal Tax Service was also reported to have been affected.
Mr. Cooper breach exposes 14m victims’ data
US mortgage service provider Mr. Cooper has disclosed a breach to the U.S. Securities and Exchange Commission (SEC) affecting over 14.5 million people. Breached data includes names, addresses, phone numbers, social security numbers, dates of birth, and bank account numbers. The Mr Cooper breach is indicative of several trends likely to shape the cybersecurity industry in 2024. The new obligation to report material cyber breaches within four days that came into effect last week on December 15 is widely expected to reveal a huge iceberg of what might have previously been unreported and, therefore, uncounted cyber breaches. The obligation to detail the loss and those affected also puts a big onus on organizations in all sectors to implement systems capable of identifying and tracking any intrusions into their network.
Law Enforcement takes down RagnarLocker base – October 20th
Law enforcement officials are working around the clock to take down ransomware gangs by targeting their funding sources and online infrastructure. As part of these efforts, they have seized the RagnarLocker base, hoping this will disrupt one of the internet's most malicious ransomware groups. The collective law enforcement effort is made up of authorities from Europe, the US, and Japan.
Lloyd’s warns of a potential $3.5 trillion cyber-strike
According to Lloyds, a single well-orchestrated cyber strike breaching a financial services payments system could lead to losses of $1.1 trillion in the US alone, with global losses amounting to $3.5 trillion over a five-year period. China would face losses of around $470 billion and Japan $200 billion.