By Rudra Srinivas
The Banking and Financial sectors were hit with a constant stream of cyber-attacks when compared to other sectors. According to Intsights Q1 2019 report, around 25.7 percent of all malware attacks last year were targeted on banks and financial organizations.
The banks are increasing their budget allocation to enhance cybersecurity capabilities to protect against threats. Multiple banks and financial institutions reported critical data breaches, malware attacks, and other types of cyber-attacks this year, which include:
Dutch Bangla Bank Limited
Attackers scooped more than US$ 3 million from the Dutch Bangla Bank in Bangladesh by launching an ATM cash-out attack in May 2019. According to research firm Group-IB, a hacker group named “Silence” is likely behind the attack.
Group-IB stated the Silence group was active since 2016 and previously attacked banks in Russia, former Soviet states, and Eastern Europe. It’s said that the hacker group appears to have deployed a malicious code on the bank’s network to run malicious commands on hosts and allegedly used the access to orchestrate fund withdrawals from the bank’s ATMs, according to Group-IB.
First American Financial Corp
First American Financial Corp. suffered a data breach in May 2019, that compromised nearly 885 million files related to mortgage deeds, KrebsOnSecurity revealed. Based in California, First American provides title insurance and settlement services to the real estate and mortgage industries. The exposed information included bank account numbers and statements, mortgage and tax records, social security numbers, transaction receipts, and images of drivers’ licenses.
Westpac Data Breach
Cyber-attack on Westpac Banking Corporation exposed almost 100,000 Australians’ personal data. Westpac confirmed that it detected an unauthorized use of its payment platform PayID, which allowed instant transfer of money between banks using mobile number or email address. The incident exposed users’ phone numbers, email addresses, and transaction history. However, Westpac clarified that no customer bank account numbers were compromised in the incident.
“PayID allowed anyone to punch in a phone number and search for the account registered under it, along with the account holder’s name. Authorities suspect that fraudulent PayID accounts were used to generate a series of random lookups and collect data on almost 100,000 customers,” Westpac said in a statement.
Capital One Data Breach
Capital One Financial Corporation, a bank holding company, disclosed a data breach in July which affected approximately 100 million individuals in the United States and nearly 6 million in Canada. The company stated that the attacker exploited a specific configuration vulnerability in its digital infrastructure and allegedly accessed the data.
The compromised information included names, addresses, phone numbers, and dates of birth, along with 140,000 Social Security numbers, 80,000 bank account numbers, credit scores, and transaction data. However, Capital One clarified that no credit card account numbers or log-in credentials were compromised in the incident.
The FBI charged a suspect, Paige A. Thompson, with computer fraud and abuse. Thompson, who went by the hacker name ‘erratic’, allegedly exploited a misconfigured firewall to access the Capital One cloud repository and exfiltrate the data in March 2019.
Desjardins Group Breach
Canadian Credit Union Corporation, Desjardins Group, disclosed a data breach in July 2019. The incident occurred due to unauthorized use of internal data by an unidentified employee, Desjardins said. The breach exposed sensitive information of 2.7 million members which included home addresses, names, email addresses, and social insurance numbers.
Malware Targeting Indian Banks
Security experts discovered a malware that was intended to exploit ATMs of India Banks and steal customers’ sensitive information. The malware, dubbed ATMDtrack, allowed the attackers to read and store customers’ card data when they are inserted into the infected ATMs.
According to Konstantin Zykov, a researcher at Kaspersky Labs, the attacker who created the ATMDtrack was traced to the cyber-hacking outfit Lazarus Group controlled by North Korea’s primary intelligence bureau. The scandalous Lazarus Group is a prime suspect in a series of cyber-muggings, including the cyber- attack on Sony Pictures Entertainment in 2014, and the WannaCry ransomware attack in 2017.
Rudra Srinivas is part of the editorial team at CISO MAG and writes on cybersecurity trends and news features.