Week 45 Cyberattack Digest 2018 – HSBC, Google Play, The Bank of England and others

It is no surprise that hackers have always been into the financial sphere. But recently, their engagement into the sector has visibly increased. And this week in our week 45 cyber attack digest, we have collected cyber incidents that touched financial organizations exclusively.

HSBC suffered a data leakage

by The Regiscter – 6 November 2018

DevOps Connect:DevSecOps @ RSAC 2022

HSBC has reported a data leakage. As a result of the attack, details of thousands of the bank’s online-banking customers have been stolen. Now, the bank is drawing a plan of notifying folks of the major data theft. According to the law of California, affected organizations are to notify their customers whenever a cyber incident touches 500 or more people in the state. The bank’s representatives did not reveal the exact number of affected customers, but commented that the malefactors stole the details of “less than 1 per cent” of some 1.2 million US customers. This means that 12,000 Americans might have had their personal information fall into the hands of cyber thieves. “We are reminding our customers to protect access to their banking accounts by regularly changing their passwords, and by using unique passwords they are not using elsewhere, including on any social media accounts,” an HSBC spokesperson revealed.

Spyware discovered on Google Play

by SC Media – 7 November 2018

A spyware program was discovered and removed from Google Play last month. The malicious program was found by Trend Micro researchers available for download on Google Play. The program was fraudulently disguised as a Spanish-language banking app aiming to collect users’ information that was used in smishing schemes. The fake application is said to be associated with multinational Spanish banking group Banco Bilbao Vizcaya Argentaria (BBVA). Google has also removed Movil Secure in addition to three more applications provided by the same developer with the same malicious functionality. The three other apps claimed to be affiliated with Spanish banks Evo, Bankia and Compte de Credit. However, Trend Micro says that this is not connected to any influential financial organization. Movil Secure was downloaded over 100 times and claimed to provide BVVA customers with a mobile banking token service for identity management and transaction authorization purposes. In fact, the malicious program gathered a victim’s SMS messages and phone numbers, along with other ID data.

Supply chain attack with a bitcoin-stealing script

by SC Media – 7 November 2018

In another cyber incident, a cybercriminal has compromised a platform of leading web analytics firm StatCounter in a supply chain attack. This targeted the cryptocurrency exchange with a bitcoin-stealing script. Besides, none of the other two million-plus websites that also use StatCounter’s metrics services appear to have fallen victims of the malicious JavaScript. According to the experts, this can be explained by the fact that the script checks for a special Uniform Resource Identifier, myaccount/withdraw/BTC. This is exclusively associated with a webpage, but no other cryptocurrency exchanges. The code has presumably been designed to interact with users exclusively. The researchers say that the hackers injected their malicious code into the middle of a legitimate StatCounter script. “This is unusual, as attackers generally add malicious code at the beginning, or at the end, of a legitimate file,” commented Matthieu Faou, malware researcher at cybersecurity firm ESET. “Code injected into the middle of an existing script is typically harder to detect via casual observation.”

The Bank of England gets prepared

by The Guardian – 9 November 2018

On the back of the incidents affecting financial organizations, The Bank of England (BoE) is organizing a day-long gaming exercise. This is designed to test the security state of the financial system and their ability to stand against cyber attacks. About 40 financial institutions are taking part in the training, including the BoE, the Treasury, City regulator the Financial Conduct Authority and UK Finance, the industry trade body. Simulated attacks are hosted by the BoE every couple of years attempting to disclose any weaknesses in the response of financial institutions to a major cyber incidents. Another essential issue that is being tested during such events is the ability of organizations to communicate with each other during an attack. “The exercise will help authorities and firms identify improvements to our collective response arrangements, improving the resilience of the sector as a whole,” the representatives of BoE explained.

Financial sector is one of the most fructiferous targets for attackers and the explosion of incidents in this sphere should definitely cause alertness of both financial organizations and banks’ clients. For more information, as always, follow us on Twitter, Facebook, and LinkedIn.

The post Week 45 Cyberattack Digest 2018 – HSBC, Google Play, The Bank of England and others appeared first on ERPScan.