The banking and finance industries deliver more services online now than ever before due to the pandemic. As a result, banking cybersecurity became more important than ever this year. Some of the threats to big data security in recent years included ransomware attacks, the growth of contactless payments, mobile malware attacks and even data breaches of major banking and finance apps.

Take a look at some of the major stories related to finance cybersecurity. How can IT executives and finance professionals enhance cyber defenses in banking, enhance customer security and reduce attacks?

Quick Briefs: Top Banking & Finance Cybersecurity Insights

The Security Risks of Contactless Payments

3-Minute Read 🕒

Contactless payments were on the rise before the pandemic, but their adoption soared during it. According to an article by FintechTimes.com, 51% of people adopted mobile wallets and radio frequency ID payment cards at the beginning of the pandemic, and 58% of people said they were more likely to use contactless payments than they were prior to the pandemic.

Contactless payments present security risks not just to retailers, but to banks and financial institutions that process the payments. Using it, attackers can create cloned cards or launch a variety of scams.

Self-Assessment: How You Can Improve Financial Services Cybersecurity

6-Minute Read 🕒

Finance cybersecurity affects everyone, from chief information officers within an organization to the consumers who use its services. Following the bare minimum of standards and regulations is not enough to ensure customers’ privacy and their funds. That’s even more true when dealing with funds not covered by Federal Deposit Insurance Corp. insurance, such as cryptocurrency.

When it comes to finance cybersecurity, a self-assessment can help you increase your organization’s database security and mitigate risks. Present these questions to your team at least quarterly, with a mindset of willingness to change:

  • Do you understand the finance cybersecurity risks and threats facing you?
  • Are you running security assessments?
  • Do you have a security-minded culture?
  • Are the right human and financial resources in place for success?

Even if you don’t score five out of five, performing the assessment will provide a clear picture of the areas to work on.

What Is Ghimob Malware?

3-Minute Read 🕒

The past two years brought a new threat to banking: an Android malware strain called Ghimob. The Trojan virus mimics third-party mobile apps to steal user data.

Organizations can protect themselves from this threat by:

  • Learning how the virus works
  • Adding multi-factor authentication and anomaly detection into their apps
  • Encouraging users to follow mobile security best practices.

Telegram Messenger Ads for ‘Hacker’ Software Hide Cryptocurrency Theft

2-Minute Read 🕒

The growth of cryptocurrency has led to new avenues for threat actors to make fast money and disrupt systems through malware. One Telegram messenger app ad targeted crypto owners by infecting their systems with malware. The ad was for an app called HackBoss, which attracted users looking to make money themselves through less-than-savory means.

The irony? Many of the crypto wallet addresses attacked by the malware were empty, created to trick users into buying fake software. It was a case of scammers scamming scammers.

Nevertheless, the threat is real. Experts say the threat actors may have stolen as much as $560,000 or more from wallets belonging to actual crypto owners. And it’s not the only malware attack targeting digital wallets.

How can organizations defend against this new and growing threat?

  • Confirm wallet addresses prior to transferring currency
  • Exercise extra caution when dealing in crypto
  • Set up multi-factor authentication.

More on This Topic

The pandemic has affected digital safety in as many varied ways as it has affected the economy. With customers careful about touching more surfaces than they had to during the early years of COVID-19, mobile payments and contactless card use were up, according to the National Retail Foundation.

In other recent news, the BBC profiled the people who have the most to lose from crypto breaches, such as a taxi driver whose £2,100 ($2,286) in stolen crypto was a year’s worth of savings. Plus, PC Risk magazine taught readers how to remove the Ghimob Trojan.

More from Banking & Finance

Cost of a data breach 2023: Financial industry impacts

3 min read - According to the IBM Cost of a Data Breach Report 2023, the global average cost of a data breach in 2023 was $4.45 million, 15% more than in 2020. In response, 51% of organizations plan to increase cybersecurity spending this year. For the financial industry, however, global statistics don’t tell the whole story. Finance firms lose approximately $5.9 million per data breach, 28% higher than the global average. In addition, evolving regulatory concerns play a role in how financial companies…

Gozi strikes again, targeting banks, cryptocurrency and more

3 min read - In the world of cybercrime, malware plays a prominent role. One such malware, Gozi, emerged in 2006 as Gozi CRM, also known as CRM or Papras. Initially offered as a crime-as-a-service (CaaS) platform called 76Service, Gozi quickly gained notoriety for its advanced capabilities. Over time, Gozi underwent a significant transformation and became associated with other malware strains, such as Ursnif (Snifula) and Vawtrak/Neverquest. Now, in a recent campaign, Gozi has set its sights on banks, financial services and cryptocurrency platforms,…

The rise of malicious Chrome extensions targeting Latin America

9 min read - This post was made possible through the research contributions provided by Amir Gendler and Michael  Gal. In its latest research, IBM Security Lab has observed a noticeable increase in campaigns related to malicious Chrome extensions, targeting  Latin America with a focus on financial institutions, booking sites, and instant messaging. This trend is particularly concerning considering Chrome is one of the most widely used web browsers globally, with a market share of over 80% using the Chromium engine. As such, malicious…

BlotchyQuasar: X-Force Hive0129 targeting financial institutions in LATAM with a custom banking trojan

16 min read - In late April through May 2023, IBM Security X-Force found several phishing emails leading to packed executable files delivering malware we have named BlotchyQuasar, likely developed by a group X-Force tracks as Hive0129. BlotchyQuasar is hardcoded to collect credentials from multiple Latin American-based banking applications and websites used within public and private environments. Similar operations conducted in late 2022 have also been noted delivering an earlier variant of this modified QuasarRAT by likely Spanish-speaking actors. BlotchyQuasar, which X-Force describes as…