Trojan Impersonates More Than 400 Financial and Crypto Exchange Apps The Godfather banking Trojan is causing serious issues in the financial sector due to its ability to mimic the appearance of more than 400 applications, including leading financial and crypto exchange applications. So far, it has targeted institutions in 16 countries. Research from security intelligence firm Group-IB says the Godfather Trojan reappeared in September with...

QBot Backdoor Opens Systems to Loading Cobalt Strike, Ransomware and Other Malware Researchers say the Black Basta group is dropping QBot malware — also called QakBot — in a widespread ransomware campaign targeting mostly U.S.-based companies. QBot malware is a banking Trojan primarily designed to steal banking data, including browser information, keystrokes and credentials. Its previous targets include JPMorgan Chase, Citibank, Bank of...

Cyberweapon-Grade Hacking Tools Pose Danger for Financial Sector Cyberthieves traditionally on the lower rung of hacking abilities now have access to nation-state-class malicious software, warn close observers of the criminal dark web. The appearance on criminal forums of tools capable of infecting a computer’s boot firmware or malware that evades antivirus detection is a consequence of years of state-sponsored development of cyber...

$155 Million in fines and settlements. While physical data breaches have declined substantially in the last 10 years, they still can happen without proper diligence. That lack of diligence and vendor oversight has led to a $35M fine for Morgan Stanley from the SEC and a class-action settlement of $60M over the same breach. This is in addition to a $60M fine from the Comptroller of the Currency in 2020. All for improperly decommissioning server...

AWS Domains Used to Send Phishing Emails and Steal Credentials Cybercriminals are using Amazon Web Services to create phishing pages that bypass security scanners and scam victims into handing over credentials. The scammers send targets what appears to be a standard password expiration email or other emails meant to create a sense of urgency. The emails come from legitimate AWS domains, but a closer look shows the inclusion of false nicknames,...

Cybersecurity, or the lack of it, is something that we all need to be concerned about. In no industry is that more readily apparent than the financial sector. As the threats continue to evolve, it’s important that we don’t forget about older threats that continue to pose serious risks to financial institutions. Ideally, all organizations would rapidly expunge known vulnerabilities from their networks, starting with the most severe bugs that...

Canada’s Desjardins Settles Data Breach Lawsuit for $155M Highlights the risks posed by insider threats and lack of information segmentation. The cost of the settlement adds on to the costs the bank has already carried resolving the breach they discovered in 2019. The breach, which was publicly disclosed in June 2019, involved a “malicious” insider stealing and selling personal details for 4.2 million active customers of the...

Why that might not be a good thing for Nebraska. Based on a study of thousands of cases that it has worked, incident response firm Coveware has found that the number of firms paying a ransom has dropped from 85% in Q1 2019 to 46% in Q1 2022. When victims do pay a ransom, in Q1 2022, they paid an average of $211,529, down 34% from the previous quarter, Coveware found. It attributes this to fewer victims paying, attackers overall infecting...

Declining Loss Ratios May Allow Insurance Premium Increases to Moderate in Late 2022 An improvement in loss ratios for cyber insurance providers in 2021 means the rapid rise in premiums might, at last, subside later this year. The loss ratio, simply insurer payouts versus premiums earned, declined for the first time since 2018 despite the frequency and severity of claims filed for cyberattacks increasing yet again in 2021. The improvement was...

Ransomware has been on a dramatic upswing over the last couple of years. The proliferation of Ransomware As A Service (RAAS), the subsequent lowering of barriers for both criminal groups and state actors, as well as the payment of ransoms have helped drive this dramatic increase. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), most ransomware attacks start through phishing, exploitation of remote desktop...