finance Archives - IT Security Guru

Nine In 10 £5m+ Businesses Hit By Cyber Attacks

The Gurus — Mon, 13 Mar 2023 14:28:45 +0000

Almost nine in 10 UK businesses turning over more than £5 million annually have experienced a cyberattack, according to new research from Forbes Advisor.

The study questioned senior decision makers across a range of UK small and medium-sized enterprises (SMEs), finding that more than half (57%) had suffered an online attack.

However, firms with an annual turnover in excess of £5 million were far more likely to experience cyber-crimes against their company (88%).

These attacks have led to serious consequences in many cases, with more than a fifth of cyber security breaches leading to businesses being forced to pay a ransom (22%).

Personal details are also under threat as these attacks compromised client and staff information in 26% and 23% of cases respectively.

Top examples of misusing company IT
Rank	Outcome
1	Use the company printer for personal use
2	Use up space on a company device to store personal files
3	Apply for other jobs using a company device
4	Access inappropriate websites via a work device
5	Gaming on a company device
Source: Forbes Advisor

Of those admitting to using company devices to spend time on inappropriate sites, common destinations include the dark web and sites containing pornographic material (both 17%).

Kevin Pratt, financial expert at Forbes Advisor, says: “The nature of the modern workplace means more online devices are being used than ever. This inevitably means that there are more ways that a business could suffer a digital attack. Our research shows that cyber security issues are incredibly common in this country, particularly among firms with a turnover of £5 million or more.

“We’ve also found that a significant proportion of British businesses are without any form of protection against online assaults, and it’s important to address this shortfall by highlighting the consequences of a cyber attack, such as financial losses and breaches of sensitive information.

“Companies can take a number of measures to protect against cyber-attacks, including anti-virus software, firewalls and VPNs. Prevention really is better than cure”

The post Nine In 10 £5m+ Businesses Hit By Cyber Attacks appeared first on IT Security Guru.

Outpost24 acquired by Vitruvian Partners

The Gurus — Wed, 13 Jul 2022 13:36:30 +0000

Outpost24 has announced it has been acquired by Vitruvian Partners to take the company into the next phase of growth. The new ownership structure will enable Outpost24 to invest in its people, processes, and industry-leading technology to further strengthen its leadership position in a large and growing market. Vitruvian has acquired a majority ownership position in the Company, with management and key employees remaining significant minority shareholders.

With over 2,500 customers in more than [65] countries, Outpost24’s full stack cyber risk management SaaS platform empowers businesses to address the rapidly rising need to improve their cybersecurity posture. Outpost24’s comprehensive set of solutions scan both internal assets and external data sources to discover, assess and prioritise vulnerabilities and threats across potential attack surfaces. It offers industry leading, best-of-breed, cyber risk management solutions in vulnerability management, application security, threat intelligence and access management – in a single platform that is easy-to-use and deploy.

Underpinned by the growing awareness of the mission criticality of cybersecurity, Outpost24 has demonstrated strong long-term organic growth and profitability – quickly developing into one of the most well renowned cyber risk management platforms worldwide. Outpost24 today has a global presence with offices across Europe and the US, with further plans to continue to invest in international expansion during the coming years.

Vitruvian has previously invested in several successful cybersecurity companies including most recently Bitdefender, CFC, and Darktrace as well as numerous Nordic champions that have become international success stories, including Benify, CRF Health, EasyPark, Just Eat, Scrive and Unifaun. Vitruvian is an international investment firm with more than 100 professionals across eight countries and three continents with a focus on market-leading high-growth companies.

“Our vision has always been to make businesses resilient to cybersecurity risk,” said Karl Thedéen, CEO at Outpost24. “Through our partnership with Vitruvian we will have increased opportunities to empower security and business leaders to identify cyber threats and secure their organizations with speed and confidence. The new investment will bolster our ambition to become a global cybersecurity champion by accelerating our product roadmap and increasing our sales and marketing efforts.”

Jussi Wuoristo, Partner at Vitruvian Partners, added: “As the frequency and cost of cyber attacks is quickly increasing, Outpost24 has developed an unrivalled full stack cyber risk management platform that creates tremendous value for businesses around the world. Vitruvian has backed several exceptional global leaders in cybersecurity and we are excited to partner with the team at Outpost24 to help accelerate the company’s international expansion and product innovation.”

Martin Henricson at Monterro, added: “Seeing what we’ve achieved together to help multinational businesses reduce security exposure and prevent cyberattacks has been rewarding. We are extremely proud of the market position and product innovations Outpost24 has accomplished under our ownership and we look forward to seeing continued success for the company as part of Vitruvian.”

The post Outpost24 acquired by Vitruvian Partners appeared first on IT Security Guru.

Lazarus Group, Cobalt Gang and FIN7 the Worst Threat Actors Targeting the Financial Services Sector

The Gurus — Thu, 13 Jan 2022 14:02:59 +0000

A new industry report by Blueliv, an Outpost24 company, has deep dived into the evolving threat landscape that is surrounding the financial services sector. Using advanced threat intelligence gathered by Blueliv’s Threat Compass; the ‘Follow the Money’ report reveals the main cyber threats and the culprits behind these malicious attacks to forewarn these vital institutions.

Threat intelligence gathered by Blueliv from the dark web and deep web showed that the main cyberthreats targeting the industry included: Phishing, Credential Theft, Ransomware, Business Email Compromise (BEC), Malware infection, Banking Trojans, Webinjects and Mobile App Malware.

Each of these attack vectors must be a focus of attention as they enable cybercriminals to commit fraud, successfully breach enterprises, cause reputational damage, manipulate the stock markets and lead to non-compliance penalties.

“While the financial services sector is largely aware of the threats that face them and is concerned about the impact cyberattacks can have, there is an acknowledgement that more needs to be done to secure their systems, networks, data and customers,” said Lidia Lopez, Threat Intelligence Analyst at Blueliv.

The main threat actors targeting the banking and financial services sector, as revealed by the Blueliv Threat Context, are:

Lazarus Group

Lazarus Group has been linked to some of the most notorious cyberattacks in recent history, and some researchers have suggested that it may be backed by the North Korean government.

The Cobalt Gang

The Colbalt Gang has targeted FSIs around the world, including dozens of targets primarily located in Western Europe, Eastern Europe, and Central Asia.

FIN7

The FIN7 group distributes point-of-sale (PoS) malware, often combined with remarkably bold social engineering techniques, such as calling up victims to ensure they open malicious files.

Lopez continues, saying: “To tackle the increasing threat faced by financial institutions, actionable and automated threat intelligence must be used at the core of any defence strategy to provide security teams, and their tools, the necessary insight on where they need to prioritise their detection and response efforts to minimize the risk of potential attack and fraud attempts.”

Click here to read the full ‘Follow the Money’ report.

The post Lazarus Group, Cobalt Gang and FIN7 the Worst Threat Actors Targeting the Financial Services Sector appeared first on IT Security Guru.

Online Banking Customers to be warned by Instant Pop-up Messages

The Gurus — Thu, 26 Oct 2017 10:34:37 +0000

Online banking customers are to be warned of fraudulent activity via pop up messages, in new measures.
Read Full Story
ORIGINAL SOURCE: Telegraph

The post Online Banking Customers to be warned by Instant Pop-up Messages appeared first on IT Security Guru.

Financial services firms prepare for influx of new cybersecurity regulations, according to survey from Duff & Phelps

The Gurus — Thu, 06 Apr 2017 08:41:54 +0000

86% of financial services firms intend to increase the time and resources they spend on cybersecurity in the next year, according to new research from Duff & Phelps, the premier valuation and corporate finance advisor. The survey of nearly 200 senior financial services professionals shows that firms are preparing to implement more stringent cybersecurity measures in response to increasing regulatory scrutiny and growing pressure to protect investor information.
Duff & Phelps found that two thirds (66%) of financial services firms expect cybersecurity to be a priority for regulators this year, and 31% believe it will be the most important priority for regulators. Nearly four out of 10 firms (39%) also believe regulators intend to increase scrutiny on financial crime and KYC compliance departments, an area which is increasingly converging with cybersecurity as regulators expect firms to take a holistic view of cyber threats.
In the same survey last year, only 19% of respondents expected the regulator to increase its focus on cyber security and less than 60% said they planned to spend more resources and time on cyber strategy.
In addition, 62% of financial services professionals believe that the Securities and Exchange Commission’s proposed rules to enhance information reported by investment advisers will impact their firm. In response to high profile cyberattacks in recent years, some firms are now required to adopt written policies to protect their clients’ private information and must implement processes to protect against future cyberattacks.
With the British Government introducing a new cybersecurity strategy in November 2016 and the White House currently reviewing U.S. cybersecurity strategy, it is clear that cybersecurity will be a top priority for regulators, governments and financial institutions alike in 2017.
Jason Elmer, Managing Director, Compliance and Regulatory Consulting at Duff & Phelps, comments:
“Cybersecurity is at the top of the agenda for financial services firms today. In the wake of high profile cyberattacks, many are anticipating clearer and more punitive cybersecurity regulation to be implemented. Firms are proactively looking to strengthen cyber defences as a result, and this is an opportunity for regulators to collaborate with financial institutions to form new rules. What’s also clear is that commercial pressures from investors concerned about the security of their sensitive data will accelerate any attempt to improve cybersecurity measures. For all these reasons, 2017 is set to be a watershed year for cybersecurity regulation.”

The post Financial services firms prepare for influx of new cybersecurity regulations, according to survey from Duff & Phelps appeared first on IT Security Guru.

Apple says banks can't touch iPhone NFC without harming security

The Gurus — Wed, 10 Aug 2016 11:55:40 +0000

Apple has argued that allowing banks to use iPhone NFC chips independently of Apple Pay would compromise the phones’ security. The argument has been aired in Apple’s response to the four Australia Banks who have requested permission to negotiate with Apple as a bloc rather than join Apple Pay. The banks want their own apps to be able to use iPhones’ wireless payment parts and to get a slice of the cut Apple takes on each Apple Pay transaction, and asked regulator the Australian Competition and Consumer Commission (ACCC) if they could negotiate as a bloc.

Original Source: The Register
View the full story here.

The post Apple says banks can't touch iPhone NFC without harming security appeared first on IT Security Guru.

Researcher pops locks on keylogger, finds admin's email inbox

The Gurus — Tue, 05 Jul 2016 09:34:52 +0000

Trustwave researcher Rodel Mendrez has gained access to the inbox of the criminal behind a commercial keylogger used to attack industries including finance, cloud services, logistics, foreign trade, and government.
Mendrez’s reverse engineering effort found credentials buried within the Hawkeye keylogger that lead through redirection to the author’s inbox.
Attackers behind Hawkeye were siphoning from compromised machines browser, email, and FTP credentials, and system data including installed firewalls, operating system information, and IP address data.
Original Source: The Register
View the full story here.

The post Researcher pops locks on keylogger, finds admin's email inbox appeared first on IT Security Guru.

Vietnamese bank foils $1m cyber heist

The Gurus — Mon, 16 May 2016 09:53:05 +0000

A Vietnamese bank has foiled an attempted cyber heist that involved the use of fraudulent messages, the same technique at the heart of February’s theft from theBangladesh central bank.
Hanoi-based Tien Phong Bank said on Sunday that in the fourth quarter of last year it identified suspicious requests through fraudulent messages on the global interbank messaging system Swift to transfer more than $1m.
TPBank said it caught the attempt quickly enough to halt movement of funds to criminals by immediately contacting involved parties.
The attack “did not cause any losses. It had no impact on the Swift system in particular and the transaction system between the bank and customers in general,” the bank’s statement said.

Original Source: The Guardian
View the full story here

The post Vietnamese bank foils $1m cyber heist appeared first on IT Security Guru.

Anonymous Target Bank of Greece Website with Massive DDoS Attack

The Gurus — Tue, 03 May 2016 10:27:00 +0000

The online hacktivist Anonymous recently relaunched operation OpIcarus directed towards banking sector in Europe and the United States — The first bank coming under the fire is the Bank of Greece who had their website under a series of distributed denial-of-service attacks (DDoS) forcing the servers to remain offline for more than 6 hours.
Anonymous’ Operation OpIcarus was launched in January 2016 and restarted in March 2016. The hacktivists behind the operation believe banks and financial giants are involved in corruption and to register their protest they had to take the war to a next level.
The hacktivists also released a YouTube video revealing the reason and a list of banking websites that will be targeted. The list includes banking and financial institutions in Brazil, Bangladesh, China, USA, UK, Pakistan, Iran and several other countries.
Original Source: HackRead
View the full story here

The post Anonymous Target Bank of Greece Website with Massive DDoS Attack appeared first on IT Security Guru.

Billionaires, Former Billionaires Outed For Offshore Wealth By The Panama Papers

The Gurus — Mon, 04 Apr 2016 10:54:15 +0000

One of the world’s largest data leaks, called the Panama Papers, is shedding light on the world of offshore financing, used frequently by many of the richest and most powerful around the globe. An anonymous source reportedly tipped off Suddeutsche Zeitung, an investigative newspaper in Germany, which then shared the information with the International Consortium of Investigative Journalists.

Original Source: Forbes
View the full story here

The post Billionaires, Former Billionaires Outed For Offshore Wealth By The Panama Papers appeared first on IT Security Guru.