• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover

 | 

Scattered Spider targets VMware ESXi in using social engineering

 | 

China-linked group Fire Ant exploits VMware and F5 flaws since early 2025

 | 

Allianz Life data breach exposed the data of most of its 1.4M customers

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55

 | 

Security Affairs newsletter Round 534 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

 | 

Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

 | 

Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

 | 

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

 | 

Koske, a new AI-Generated Linux malware appears in the threat landscape

 | 

Mitel patches critical MiVoice MX-ONE Auth bypass flaw

 | 

Coyote malware is first-ever malware abusing Windows UI Automation

 | 

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

 | 

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

 | 

Stealth backdoor found in WordPress mu-Plugins folder

 | 

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

 | 

U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog

 | 

Sophos fixed two critical Sophos Firewall vulnerabilities

 | 

French Authorities confirm XSS.is admin arrested in Ukraine

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Cyber Crime
  • Cyber warfare
  • Security
  • Expected new wave of cyber attacks against banking

Expected new wave of cyber attacks against banking

Pierluigi Paganini September 25, 2012

In these days it has been discussed about a possible Iranian cyber offensive against US banks immediately denied by government of Teheran, the event raised the discussion on the real level of security of banking systems.

Financial institutions are considerable privileged targets for a cyber attacks, banking system is a critical asset for a nation and its paralysis could damage economic activities.

Under these premises it’s simple to understand the need to address banking in the cyber strategy of every country, it’s fundamental to protect financial institutions thanks to a strict collaboration between them and governments agencies.

The failure of the this collaboration could exposes to risks to homeland security, that is exactly what is happened in US where financial services institutions don’t haven’t informed law enforcement about having been victimized by cyber attacks.

The news has been provided by a top Department of Justice official after the observed attacks against Bank of America and JPMorgan Chase.

In US all states have adopted laws requiring that companies victims of incident to notify information to their customers in order to proper response to the event. Recently, Senate Republicans have introduced draft legislation known as the “Data Security and Breach Notification Act of 2012 (S.3333)” to propose a national recognized procedure to respond to data breaches.

Governments networks are privileged targets for several type of attackers, foreign state-sponsored hackers, hacktivists and cyber criminals are increasing the frequency of the attacks, mainly with cyber espionage purpose, to expose government information or to steal intellectual properties in critic sectors such as the defense.

Doug Johnson, vice president of risk management policy for the American Bankers Association and a member of FS-ISAC, is convinced that we will assist to an increase of cyber attacks against banking sector, banks of all sizes should prepare now for increasing offensive.

“They could be subject to a threat,” he says.

Lanny Breuer, assistant attorney general for the department’s criminal division, defined cybercrime one of the most serious threats to national security declaring :

“is so hard to get a handle on because a lot of it is perpetrated by those working abroad who are skilled at what they do, and the anti-virus software most of us use only protects us from known vulnerabilities.”

Sophisticated malware and botnets are threatening principal computer networks of all sectors, mainly the banking one, and it is very hard to distinguish state-sponsored attacks from cyber criminal offensives.

The concern for the wave of cyber attacks is high, consider that The Financial Services Information Sharing and Analysis Center, an industry security group has recently raised its threat level for cyber attacks to “high” from “elevated.”

Serious repercussions could also be observed on the user’s perspective, the discovery of continuous vulnerabilities in tools such as web browsers requires great attention by the customers that have to keep updated their systems also thanks to a prompt alerting services of the banks.

The fear of being victims of computer fraud could turn away the user from online services with a major impact on banks, that’s why financial institutions are introducing new technologies to protect user  such as multi purpose authentication tokens and hardened browsers.

To complicate the scenario is the recent and rapid introduction of financial services available on social network platforms and on mobile environment, both suffer leak of security and poor awareness level of their user creating favorable conditions for cyber crimes.

Breuer also highlighted the difficulty to conduct investigations on crimes for the nature itself of the events that occur in limited time and for the impossibility to collect clues respecting privacy rights that delay the collection of evidences after a cyber attack.

Let’s consider for example that Internet Service Providers (ISPs) are not obliged to retain their data for any specific amount of time and if investigation are not conducted immediately after the incident in many cases it is impossible to access to useful data.

How to mitiate risks?

It’s desirable a joint commitment of banking institutes, governments and also the customers.

  • From the institution perspective it must be enhanced a vigilance network to identify ongoing attacks and alert the community to put in place the needed counter measures.
  • Of course banking IT sector and government must be trained to response to the new wave of attacks that is why I suggest also in the staff the presence of cyber security experts and hackers, the war must be fought with same weapons.
  • Education of  employees is another crucial aspect, they must be prevented APT attacks started for example with classic phishing campaign.
  • “Limit employees’ ability to remotely access internal networks and work-related e-mails from personal devices.”
  • Promote awareness campaign for customers that must be conscious of the incoming cyber threats and the effort spent by banks to prevent the attacks. Users must be educated in the proper use of new technologies and must be informed on the evolution of the cyber threats and related risks.

Banking institutes must understand that we are in the cyber war era and they are privileged targets for cybercrime and state-sponsored attacks.

Pierluigi Paganini


facebook linkedin twitter

authentication banking Botnets Cyber attacks cyber espionage Cybercrime Data-breaches hacktivists mobile phishing social network platforms state-sponsored attacks

you might also like

Pierluigi Paganini July 28, 2025
Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover
Read more
Pierluigi Paganini July 28, 2025
Scattered Spider targets VMware ESXi in using social engineering
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover

    Security / July 28, 2025

    Scattered Spider targets VMware ESXi in using social engineering

    Cyber Crime / July 28, 2025

    China-linked group Fire Ant exploits VMware and F5 flaws since early 2025

    Hacking / July 28, 2025

    Allianz Life data breach exposed the data of most of its 1.4M customers

    Data Breach / July 27, 2025

    SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55

    Malware / July 27, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT