Tech Talk: Bank cryptocurrency, fintech-bank partnerships, ATM threats, and more!
- Tech is financial regulator's top challenge
- A bank's foray into cryptocurrency
- A big bank-big tech partnership
- The ever-evolving Trickbot trojan
- New gamified ATM malware
- Online ATM-style scam
- New ATM security tools
- Fighting ATM fraud
- Small banks powering fintech
- Spam, Scams & Breaches
- Updates, Patches & Alerts
- and on the lighter side...
Tech is financial regulator's top challenge
The Office of the Inspector General (OIG) for the Federal Deposit Insurance Corporation (FDIC) has released a report on the top management and performance challenges facing the financial regulator. Oversight of cybersecurity risks, adapting to fintech innovation, and strengthening the agency's own information security management were the top three challenges outlined by the OIG in its report. Nextgov has the details and a link to the full report.
A bank's foray into cryptocurrency
One of the largest U.S. banks, JPMorgan Chase, stirred up industry buzz last week when they announced the launch of the first cryptocurrency created by a major bank. Unlike cryptocurrencies that run on public networks and are accessible to anyone who wants to join those networks, the bank's JPM Coin will run on Quorum – a blockchain network that requires permission to join and user approval by JPMorgan, reports Forbes.
A big bank-big tech partnership
Tech giant Apple is taking a bite out of the credit card market in a partnership with global investment banking and financial services provider Goldman Sachs. Reports have surfaced that Apple and Goldman Sachs are launching a joint credit card, using Mastercard's payment network, that will pair with new Apple Wallet features and enable cardholders to set spending goals, earn and track rewards, and manage their balances. Finextra has the details.
The ever evolving Trickbot trojan
Hidden in widespread emails carrying malicious URLs and booby-trapped MS Word attachments, the already tricky Trickbot banking trojan continues to evolve and has become one of the most versatile and dangerous malware threats targeting enterprise environments. The latest variant of the data-stealing trojan is capable of harvesting remote desktop application credentials, and fraudsters are using tax-related emails purporting to be from Deloitte to lure its victims. Threatpost has the details.
New gamified ATM malware
Taking its cues from slot machines, a new variant of the WinPot ATM jackpotting malware is helping ATM hackers cash out with a quicker, more fun and efficient way to get their payout. The malware replaces the ATM's standard display with four buttons labeled "SPIN" – one for each cash-dispensing cassette. The thief simply taps SPIN and out comes the cash. With the number of bills and the total values also displayed under the buttons, every "player" is a winner. SC Magazine has the details.
Online ATM-style scam
ATM jacking and jackpotting are familiar terms in the financial industry and popular methods criminals use to pilfer funds and data from ATMs. Enterprising thieves are deploying a more creative tactic known as "Formjacking" – an online version of ATM tampering that gives criminals access to PIN codes and payment details via online retail websites. Security Week has the details.
New ATM security tools
Despite the proliferation of online and digital banking technologies, ATMs remain an integral part of the omnichannel banking experience for consumers. Banks and ATM deployers face unique challenges surrounding the management and security of their ATM networks. To help banks secure and manage ATMs in the U.S., TMD Security has unveiled a new suite of ATM defenses designed to combat card fraud, mitigate logical and physical attacks, and provide more secure access control, reports MarketWatch.
Fighting ATM fraud
While JPMorgan has blockchain technology trending in the news, ATM fraud is another hot industry topic this week. In a win for the good guys, the nation's largest privately-held ATM provider, Payment Alliance International, is helping national and local enforcement agencies thwart man-in-the-middle (MitM) attacks targeting ATMs. Using real-time reporting software to alert officials to potential MitM attacks as they occur, criminals are being caught in the act and apprehended, reports ATM Marketplace.
Small banks powering fintech
A joint venture between major players like Apple and Goldman Sachs hasn't gone unnoticed. Banks and fintech firms may be strange bedfellows, but there are small banks working behind the scenes greasing the wheels that are powering the success of billion-dollar fintech startups. These relationships, however, come with inherent risks. CNBC has the details.
Spams, Scams and Breaches
- Security Week: Malta's largest bank hit by hackers
- CU Times: Fraudsters using Gmail accounts for BEC scams
- ZDNet: Hackers hit POS provider used by hundreds of U.S. retailers
- Krebs on Security: New fuel pump skimmers use SMS and Bluetooth tech
- Sophos: Nearly 100M new stolen data records up for grabs in underground market
- Help Net Security: Thousands of breaches last year exposed 5 billion sensitive records
Updates, Patches and Alerts...
- US-CERT: Current Activity
- Sophos: Microsoft fixes web server DDoS bug
- Bleeping Computer: Drupal fixed "highly critical" vulnerability
- Threatpost: Microsoft to kill updates for legacy OS using SHA-1
- PC Magazine: Still using Windows 7? Microsoft's next update is critical
- Security Week: Adobe releases second patch for data leakage flaw in Reader
See what other current hot cyber and technology topics affecting financial institutions BOL users are discussing in the Technology Forum.
And on the lighter side...
Most consumers today are fairly tech-savvy, or at least know how to use the technology they buy. But for some, misconceptions about technology still exist. Hundreds of Americans were surveyed to see what tech myths still prevail today.
First published on 02/22/2019