Banks around the world have been the target of malware attacks for quite some time now. Criminals continue to step up their game in this department, as fileless malware is starting to become a lot more mainstream as of late. A very troublesome development, to say the least, as it seems impossible to defend against these types of attacks.


When one thinks of malware, one often assumes the payload is distributed through a malicious file. In most cases, criminals spread malware through infected email attachments, which has proven to be quite a successful method of attack so far. Despite these initial successes, it remains important for online criminals to come up with new methods to wreak havoc using malware.

Two years ago, researchers came across a peculiar type of malware infection that raised a lot of questions. Kaspersky Lab had their network infected with an unknown type of malware. It was unclear how this infection was even possible, considering there were no malicious files found anywhere on the system. As it turns out, Kaspersky Lab was hit by a fileless malware, as all of its components resided in the memory of the compromised computers. This allowed the infection to remain undetected for quite some time.


Fast forward to today and it appears fileless malware attacks are becoming far more common than anticipated. New research published by Kaspersky Lab shows at least 140 banks and other enterprises across 40 different countries have been affected by fileless malware during recent distribution campaigns. Every single attack against these institutions relies on malware hiding in the physical memory of infected systems, making it near impossible to get rid of the infection in the first place. Dealing with invisible malicious software is a very troublesome development for security researchers.

To make matters even worse, this fileless malware is injected into the computer’s memory through widely used administrative tools. PowerShell and Metasploit are the two primary distribution methods, for the time being. Unfortunately, banks are not adequately prepared for this method of attack, which is exactly why criminals are going after financial institutions in the first place. The bigger question is what can be done to nip this attack in the bud, albeit that remains somewhat unclear at this stage.

hidden malware

One silver lining in all of this is how the Kaspersky Labs researchers obtained an intact sample of the fileless malware while it was residing in an infected computer’s physical memory. After analyzing this sample, it became clear this fileless malware was used to harvest passwords of system administrators and those engineers who have remote administration access to network-connected machines.

For the time being, security researchers remain uncertain as to how the malware takes hold in the first place. Remote injection attacks or exploits targeting popular online content management applications is one potential attack vector. More information regarding fileless malware will be provided in the coming months, as it will take quite some time to analyze this new threat.

Author : JP Buntinx

Source : https://themerkle.com/invisible-malware-infects-140-banks-across-40-different-countries/

Categorized in Internet Privacy

This press release was orginally distributed by SBWire

Singapore -- (SBWIRE) -- 12/11/2016 -- The evolution of the Jobs Bank was announced on the tenth of October, 2016, by the government's minister for Manpower, Lim Swee Say.

According to Say, the Job Bank will be transformed and will become a one-stop, non-stop marketplace which is available via the Web. Users will be able to check out career options and look for listed positions via the site's internal search engine. This is easier than waiting for upcoming job fairs. Since it will be more convenient and loaded with appealing and practical features, this Jobs Bank opens up a whole new world of possibilities for Singaporeans.

You'll find that it will provide access to plum jobs, as well as rank-and-file jobs. It will be easy to register for and it will provide a range of services which help you to find a job or market and refine your skill set.

Singapore is definitely an island city-state which believes in progress. The government is always trying to improve quality of life for its citizens and this new initiative is just one example of how it is working to make things better. The Job Bank is designed to target those from an array of age groups. It's perfect for those who've just received University degrees, or for those who are older and want to stay active via employment, whether it's full or part-time.

 Workers will be able to hone their career skill sets by utilizing the Skills Framework found at the Jobs Bank. As well, employers who use the Jobs Bank will need to post jobs for Singaporeans before they allow foreigners to apply.

The Minister didn't set a firm date for the marketplace's launch. However, its primary iteration is already in place. During a recent career fair, five hundred job vacancies from fifty-one employers, who offer information technology and communications technology, populated the first iteration with their job positions. Companies from bio medical, professional and aerospace niches are also posting on the website.

The success of this initiative is virtually guaranteed. In fact, success is already measurable. Job placements which are successful have gone up by twenty percent and workers are making more money in Singapore, even in lower-tier positions.

How to Learn More

The Jobs Bank is a government initiative, so keeping tabs on official Singapore government websites and media releases will be a great way to stay in the loop. As the Jobs Bank is perfected and moves closer to launch, you'll likely be hearing a lot about it via Singapore-based websites and newspapers.

This Jobs Bank is for everyone. It will be loaded with positions and help features which make it possible for Singaporeans from all walks of life to access the career support and opportunities that they need. For this reason, this new initiative is something to get excited about.

Author:  Morris Edwards

Source:  http://www.digitaljournal.com/pr/3171600


Categorized in Others

Berlin-based startup N26 got its own banking license a few months ago. As N26 is building a mobile-first bank without any physical branch, the startup can expand to new countries much more easily. N26 co-founder and CEO Valentin Stalf is announcing on stage at TechCrunch Disrupt that the startup is now active in 17 countries across Europe.

As a European banking license works across the Eurozone, you’ll now be able to open an account in many countries in the Eurozone. While you could already open an account in Germany and Austria, signups had been on hold in France, Spain, Italy, Greece, Ireland and Slovakia for a while. You can now sign up again in these countries.

And starting today, if you live in Belgium, Estonia, Finland, Latvia, Lithuania, Luxembourg, Netherlands, Portugal and Slovenia, you can also open an N26 account.

While N26 doesn’t have any branch, providing good customer support is key when you’re trying to build a bank. While many people speak English, it’s much easier to become mainstream if you can provide support in everyone’s native language.

The startup is taking tiny steps in this direction with a support team that can speak English, German, French, Spanish and Italian.

The company is still saying that it has 200,000 customers, but this new expansion could bring a ton of new customers. The transition from Wirecard to N26’s own back end is still in progress, and based on my own experience, it looks like it’s taking a few more weeks than expected.

But N26 is also adding new features. In addition to providing a modern checking account, the startup is building a fintech hub so that you get all the features you expect from a bank.

For instance, N26 lets you transfer money using TransferWise in the mobile app. There’s an investment feature for German customers and the company recently announced a premium Black card with a few insurance features.

Stalf showed logos of various fintech startups on stage at Disrupt, talking about some of the potential partnerships with other startups. For instance, you could image N26 working with Robinhood, FinanceFox, Vaamo, Raisin, Nutmeg, Auxmoney, Clark, LendingClub and Amazon.


The app alone makes N26 worth it. I’ve had some terrible experiences with other banking apps. Most of them aren’t even native apps, they use web technologies and are slow. N26 is a well-designed native app — it’s like drinking a glass of ice water in hell.

Source : https://techcrunch.com

Auhtor : 

Categorized in Others

When hackers tried to steal nearly $1 billion from Bangladesh’s central bank, the Federal Reserve Bank of New York failed to spot warning signs and nearly let all the money go. Here's a guide of how the heist worked.

Banks are tightening the security of their SWIFT messaging networks – used by the industry to shift trillions of dollars each day – following revelations that hackers are increasingly able to get into this system to steal money.

Bankers at SWIFT’s annual SIBOS conference in Geneva said they were adopting new security tools, reviewing procedures and pressing their counterparties to do the same. Some banks are also looking at alternative technologies for transferring money, such as blockchain-type systems.

They are stepping up their efforts after the theft of $81 million from theBangladesh central bank in February and revelations of other infiltration of banks’ SWIFT terminals. These hacks have undermined confidence in SWIFT messages, which were previously accepted at face value.

“The attacks will continue and get more sophisticated,” SWIFT Chief Executive Gottfried Leibbrandt warned delegates at the conference organized by SWIFT, which is a global member-owned cooperative.

Benoit Desserre, Global Head of Global Transaction Banking at France’s Societe Generale, said his bank had already undertaken all of SWIFT’s recommended security measures but that the hacks had encouraged it to go one step further.

The bank is introducing a new layer of security whereby the staff who are approved to send SWIFT payment instructions must now sign on with a fingerprint scanner. This is in addition to passwords and a physical computer key.

“It was easier for us to make that investment knowing what has happened,” he told Reuters in an interview. “It suddenly became more important to get something like that.”

In time, SocGen may press its counterparties to use a similar system, only agreeing to fulfill payment instructions which carry a digital fingerprint, Desserre said. But he said cost could slow a broader roll-out of the technology.


Facebook Friends

In the wake of the hacks, the French bank also went through its SWIFT system to weed out redundant communications channels. SWIFT operates like Facebook in that members can only send messages to confirmed counterparties. But sometimes these links remain open even after business relationships end.

SWIFT’s Chairman Yawar Shah told delegates at the conference that such open channels were a security risk and that all banks should weed out unused channels.

Desserre said Societe Generale had removed thousands.

Cheri McGuire, Chief Information Security Officer at Standard Chartered said her bank was also conducting an internal review around its SWIFT systems.

But banks are not just looking at their own systems.

The Bangladesh Bank heist involved diverting money held at accounts at the Federal Reserve Bank of New York into accounts in the Philippines.

Bankers said to avoid this happening in the future bigger banks needed to ensure the smaller banks they work with have appropriate security procedures.

Sergio Dalla Riva, Head of Product Development, Global Transaction Banking at Intesa Sanpaolo S.p.A. said understanding the security capabilities of your clients was becoming part of customer due diligence.

Lev Khasis, Chief Operating Officer at Sberbank, Russia’s biggest bank by assets, said he expected regulators to tighten oversight of security practices but that peer pressure would also play a role.

“Some big banks will be pushing their smaller counterparties to move in that direction,” he said. Sberbank was already pushing its clients in this way, he said.

New Technology

The SWIFT hacks are also spurring interest in new technologies.

Lars Sjogren, Global Head of Transaction Banking at Danske Bank said his bank was working with technology companies to develop tools that would spot unusual and potentially fraudulent payment instructions sent via SWIFT.

“Payments of a certain size by a customer to people they normally pay should be green-lighted. But others could be yellow or red-lighted. There is a huge demand from our customers for that kind of service,” he said.

Others are looking at technologies which might one day replace the current SWIFT “FIN” message which banks send to tell another bank to move money around.

Blockchains are the most commonly touted alternative. These involve a publicly accessible ledger, which works as an electronic record-keeping and transaction-processing system and requires no third-party verification. The ledger can be checked at any time, helping to highlight fraudulent transfers.

On Wednesday, Sberbank joined the Hyperledger Project, which was formed by the Linux Foundation, a not for profit technology consortium, to develop new blockchain technologies for businesses. Khasis said such a system might be more secure than sending FIN messages.

SWIFT is also developing blockchain initiatives and its involvement could help to speed up the technology’s adoption, David Treat, Blockchain Lead at consultants Accenture, said. Nonetheless, he said that governance and privacy challenges remained.


Mark Buitenhek, Global Head of Transaction Services at ING, said he was doubtful blockchain or other technologies were a silver bullet.

“Fraud is a constant and fraud will remain there if we move to the next digital generation or not,” he said.

Source : http://globalnews.ca


Categorized in Internet Privacy


Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.

Follow Us on Social Media