• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Qantas data breach impacted 5.7 million individuals

 | 

DoNot APT is expanding scope targeting European foreign ministries

 | 

Nippon Steel Solutions suffered a data breach following a zero-day attack

 | 

Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates

 | 

Hackers weaponize Shellter red teaming tool to spread infostealers

 | 

Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

 | 

Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

 | 

U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

 | 

IT Worker arrested for selling access in $100M PIX cyber heist

 | 

New Batavia spyware targets Russian industrial enterprises

 | 

Taiwan flags security risks in popular Chinese apps after official probe

 | 

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

 | 

Hunters International ransomware gang shuts down and offers free decryption keys to all victims

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 52

 | 

Security Affairs newsletter Round 531 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

 | 

Critical Sudo bugs expose major Linux distros to local Root exploits

 | 

Google fined $314M for misusing idle Android users' data

 | 

A flaw in Catwatchful spyware exposed logins of +62,000 users

 | 

China-linked group Houken hit French organizations using zero-days

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Cyber Crime
  • Cyber warfare
  • Security
  • Expected new wave of cyber attacks against banking

Expected new wave of cyber attacks against banking

Pierluigi Paganini September 25, 2012

In these days it has been discussed about a possible Iranian cyber offensive against US banks immediately denied by government of Teheran, the event raised the discussion on the real level of security of banking systems.

Financial institutions are considerable privileged targets for a cyber attacks, banking system is a critical asset for a nation and its paralysis could damage economic activities.

Under these premises it’s simple to understand the need to address banking in the cyber strategy of every country, it’s fundamental to protect financial institutions thanks to a strict collaboration between them and governments agencies.

The failure of the this collaboration could exposes to risks to homeland security, that is exactly what is happened in US where financial services institutions don’t haven’t informed law enforcement about having been victimized by cyber attacks.

The news has been provided by a top Department of Justice official after the observed attacks against Bank of America and JPMorgan Chase.

In US all states have adopted laws requiring that companies victims of incident to notify information to their customers in order to proper response to the event. Recently, Senate Republicans have introduced draft legislation known as the “Data Security and Breach Notification Act of 2012 (S.3333)” to propose a national recognized procedure to respond to data breaches.

Governments networks are privileged targets for several type of attackers, foreign state-sponsored hackers, hacktivists and cyber criminals are increasing the frequency of the attacks, mainly with cyber espionage purpose, to expose government information or to steal intellectual properties in critic sectors such as the defense.

Doug Johnson, vice president of risk management policy for the American Bankers Association and a member of FS-ISAC, is convinced that we will assist to an increase of cyber attacks against banking sector, banks of all sizes should prepare now for increasing offensive.

“They could be subject to a threat,” he says.

Lanny Breuer, assistant attorney general for the department’s criminal division, defined cybercrime one of the most serious threats to national security declaring :

“is so hard to get a handle on because a lot of it is perpetrated by those working abroad who are skilled at what they do, and the anti-virus software most of us use only protects us from known vulnerabilities.”

Sophisticated malware and botnets are threatening principal computer networks of all sectors, mainly the banking one, and it is very hard to distinguish state-sponsored attacks from cyber criminal offensives.

The concern for the wave of cyber attacks is high, consider that The Financial Services Information Sharing and Analysis Center, an industry security group has recently raised its threat level for cyber attacks to “high” from “elevated.”

Serious repercussions could also be observed on the user’s perspective, the discovery of continuous vulnerabilities in tools such as web browsers requires great attention by the customers that have to keep updated their systems also thanks to a prompt alerting services of the banks.

The fear of being victims of computer fraud could turn away the user from online services with a major impact on banks, that’s why financial institutions are introducing new technologies to protect user  such as multi purpose authentication tokens and hardened browsers.

To complicate the scenario is the recent and rapid introduction of financial services available on social network platforms and on mobile environment, both suffer leak of security and poor awareness level of their user creating favorable conditions for cyber crimes.

Breuer also highlighted the difficulty to conduct investigations on crimes for the nature itself of the events that occur in limited time and for the impossibility to collect clues respecting privacy rights that delay the collection of evidences after a cyber attack.

Let’s consider for example that Internet Service Providers (ISPs) are not obliged to retain their data for any specific amount of time and if investigation are not conducted immediately after the incident in many cases it is impossible to access to useful data.

How to mitiate risks?

It’s desirable a joint commitment of banking institutes, governments and also the customers.

  • From the institution perspective it must be enhanced a vigilance network to identify ongoing attacks and alert the community to put in place the needed counter measures.
  • Of course banking IT sector and government must be trained to response to the new wave of attacks that is why I suggest also in the staff the presence of cyber security experts and hackers, the war must be fought with same weapons.
  • Education of  employees is another crucial aspect, they must be prevented APT attacks started for example with classic phishing campaign.
  • “Limit employees’ ability to remotely access internal networks and work-related e-mails from personal devices.”
  • Promote awareness campaign for customers that must be conscious of the incoming cyber threats and the effort spent by banks to prevent the attacks. Users must be educated in the proper use of new technologies and must be informed on the evolution of the cyber threats and related risks.

Banking institutes must understand that we are in the cyber war era and they are privileged targets for cybercrime and state-sponsored attacks.

Pierluigi Paganini


facebook linkedin twitter

authentication banking Botnets Cyber attacks cyber espionage Cybercrime Data-breaches hacktivists mobile phishing social network platforms state-sponsored attacks

you might also like

Pierluigi Paganini July 10, 2025
Qantas data breach impacted 5.7 million individuals
Read more
Pierluigi Paganini July 09, 2025
Nippon Steel Solutions suffered a data breach following a zero-day attack
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Qantas data breach impacted 5.7 million individuals

    Data Breach / July 10, 2025

    DoNot APT is expanding scope targeting European foreign ministries

    APT / July 10, 2025

    Nippon Steel Solutions suffered a data breach following a zero-day attack

    Data Breach / July 09, 2025

    Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates

    Malware / July 09, 2025

    Hackers weaponize Shellter red teaming tool to spread infostealers

    Malware / July 09, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT