Light Dark
December 19, 2016 By Christopher Burgess 3 min read
Banking & Finance
Data Protection
Fraud Protection

The financial services sector remained a sweet spot for cybercriminals in the second half of 2016. As we predicted in June, the industry continued to grapple with threats from individual fraudsters, organized cybergangs and even nation-states. As always, cybercriminals go where the money is.

Many high-profile thefts hit the headlines all over the world in the past six months. These attacks exploited authentication protocols and mobile application vulnerabilities, and even indicated the presence of organized crime.

Brute-Force Break-In

In November, Tesco Bank noted suspicious activity on 40,000 of its 136,000 accounts. The U.K. supermarket bank later confirmed that 2.5 million pounds had been stolen from 9,000 accounts. The thieves used brute-force methodologies to test login and password combinations. After breaking an account, they set up contactless payment accounts with a variety of global retailers.

The bank claimed it wasn’t breached directly, however. Due to a flaw in the online banking methodology Tesco employed, accounts belonging to users who chose weak or reused login credentials were vulnerable. But Tesco should have noticed that the IP addresses had changed and required additional forms of authentication.

The takeaway: It’s important to never reuse login credentials, especially for banking or email services. Additionally, always use multifactor authentication when offered.

What a Rip-Off

A Russian gang known as Buhtrap allegedly committed a series of ATM attacks around the world. The FBI issued an alert explaining that these machines would be a prime target of cybergangs, detailing a July 2016 attack in Taiwan in which attackers stole cash from ATMs controlled by the First Commercial Bank. Similar attacks targeting the Government Savings Bank in Thailand followed in July and August. Buhtrap had been testing ATM attacks against Russian banks earlier in the year.

Cybersecurity firm FireEye conducted a comprehensive review of the Ripper malware and noted that the ATMs themselves are being wiped clean and new software is being installed. The new software waits for the card with an expected Europay, MasterCard and Visa (EMV) chip, then spews currency, 40 bills at a time.

Once the ATMs are disconnected from the bank’s network, it is difficult to monitor the activity taking place on a given device. Had the firmware required appropriate authentication prior to allowing updates, the results may have been different.

Arena Rocked

Retailers and vendors alike struggled to protect their point-of-sale (POS) systems from financial fraudsters during the second half of 2016. In November, The Madison Square Garden Company revealed that its POS system had been compromised. According to an official statement, concession stands within the venue had been exposed to cybercriminals from Nov. 9, 2015, through Oct. 24, 2016. Anyone who paid with a credit card at the concession stands throughout the arena during that time is at risk.

The company noted that the cybersecurity firm it had hired to investigate the incident discovered “external unauthorized access to MSG’s payment processing system and the installation of a program that looked for payment card data as that data was being routed through the system for authorization.”

MSG wasn’t the only one facing cyberattacks. For its part, Oracle Corporation confirmed that its Micros POS system had been breached, allegedly by a Russian organized crime group, in August. The Micros POS system is used in over 180 countries. Oracle simply advised users to change their passwords.

Fast food restaurant chain Wendy’s also suffered a POS breach that enabled cybercriminals to abscond with complete card data. The compromise occurred when a third-party vendor’s credentials were compromised.

These incidents are reminiscent of the POS attacks directed at Target and Home Depot in 2013 and 2014, respectively. Yet here we are several years later, sharing the same stories with different names.

Challenges for Financial Services in 2017

As we head into 2017, financial services organizations should be on the lookout for distributed denial-of-service (DDoS) and ransomware attacks, either of which could produce disastrous results. This looming threat amplifies the need for financial companies to challenge their vendors to demonstrate the security of their systems and implement the necessary telemetry to detect anomalous activity.

Read the white paper: Outsmarting Fraudsters with Cognitive Fraud Detection

 |  |  |  |  | 
Christopher Burgess
CEO at Prevendra

More from Banking & Finance
March 13, 2024

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

March 7, 2024

New Fakext malware targets Latin American banks

6 min read - This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges and unencrypted data exposure to distribute and operate banking…

January 26, 2024

DORA and your quantum-safe cryptography migration

5 min read - Quantum computing is a new paradigm with the potential to tackle problems that classical computers cannot solve today. Unfortunately, this also introduces threats to the digital economy and particularly the financial sector.The Digital Operational Resilience Act (DORA) is a regulatory framework that introduces uniform requirements across the European Union (EU) to achieve a "high level of operational resilience" in the financial services sector. Entities covered by DORA — such as credit institutions, payment institutions, insurance undertakings, information and communication technology…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature