StorMagic’s Post

🔗[Link to Article](https://lnkd.in/gCK3BmJP) ▪️Company Involved: CrowdStrike ▪️Data Compromised: Information related to banks' IT systems and financial data ▪️Impact: Potential disruption in banking services, risks of sensitive data reaching wrong hands ▪️Measures Taken: Banks strengthened their cybersecurity policies, enhanced server capacities & invested in sophisticated cybersecurity tools In this technologically advanced digital era, the security of our virtual spaces is as crucial as that of our physical ones. As highlighted through the recent CrowdStrike outage incident which inflicted a significant blow on banks' IT systems. We must appreciate these events for what they truly are - a stark reminder about the pervasive threat cybercrimes pose to our economy. Crisis often begets unprecedented change. It imparts valuable lessons and engenders improvement strategies. In response to this incident, banks have fortified their cybersecurity measures manifold. However, we cannot remain complacent. This is not an issue confining solely within Industry walls or Corporate Towers but one that has global ramifications affecting each one of us directly or indirectly. Join me in raising awareness on the importance of cyber insurance coverage and robust security safeguards for seamless continuity in our daily lives affected by such disruptive episodes. #CyberSecurity #RiskManagement #BankingSector #CrowdStrike

The blame game doesn't work in the financial sector. Even if a breach is caused by a third-party vendor, the bank remains the consumer-facing entity, and that's where the accountability—and blame—will lie. In his latest piece for BankInfoSecurity, Matt Kunkel outlines key strategies to help financial organizations safeguard their data, protect their reputation, and preserve the invaluable: Consumer Trust. Read Matt’s full insights here: https://lnkd.in/dbyh8mvk Information Security Media Group (ISMG) #GRC #ThirdPartyRisk #DataProtection #Finance #Banking

Being mindful of the ways threat actors execute a spoofing attack will help you avoid falling victim to them. Typosquatting - where the attacker registers multiple domains using the same keyword in different permutations to trick the user, such as a keyword having the same pronounciation but a different spelling, and... Internationalized Domain Name (IDN) Homographs - where similar letters are swapped out to deceive the user, such as an uppercase i to mimic a lowercase L: I and l. Once the user is convinced it's legit through either of these clever methods, they can be directed to the malicious site where further damage is enacted. Check out the article below for further info.

The rise of third-party solutions in the financial sector - while beneficial - also come with increased risks. This is why it’s critical for financial institutions to take their vendors’ cybersecurity as seriously as their own. In my latest piece for BankInfoSecurity, I share why a strong vetting process and a clear incident response plan are non-negotiable for banks. 

The financial services industry experienced the most data breaches of any industry in 2023 — and there have been several notable bank breaches in 2024. You can find some interesting insights in the article below.

Spoofing of financial institutions’ digital properties has become increasingly common and is probably the most exploited cyberattack vector this industry faces in 2024. There are two primary reasons for this: 1. the rise of sophisticated attacks leveraging artificial intelligence and, 2. financial institutions’ growing on digital assets to conduct business. Financial industry leaders should read Rishika Desai’s article,”What is a Spoofing Attack? What Financial Institutions Need to Know” to learn more about this threat to #banking, #financialservices and other financial firms…and their customers. https://lnkd.in/dRNAvGjq #cybersecurity

This is a great 3 min read giving an overview of the various ways financial institution customers are being targeted by cyber criminals While Gen AI is making improvements in lots of areas, I love the reference to the 'evil twins' showing how it can be used for faster and more sophisticated attacks Predictive and automated solutions are needed to quickly identify and disable these attack trends #PreCrime #cybersecurity #predictiveintelligence

While banks are eager to embrace new technology, it doesn't mean we're fully prepared for the associated risks. Many financial institutions and even government agencies rely on the same small group of tech providers for critical services, creating a significant concentration risk. If one of these providers faces a cybersecurity issue, it could have a ripple effect throughout the entire financial system. This vulnerability is not just limited to smaller banks with fewer resources; larger institutions also present attractive targets for bad actors. To address these challenges, the Treasury Department has made cybersecurity a cornerstone of its work on banking, launching Project Fortress—a major public-private partnership offering free cybersecurity tools for banks and a collaborative space for bankers and law enforcement to counter cyber attackers. Additionally, Federal Reserve Vice Chair Michael Barr warns that artificial intelligence, particularly generative AI, is poised to escalate the arms race between defenders and attackers. As AI technology advances, the potential for more sophisticated and rapid malicious attacks increases, underscoring the need for vigilance from both bankers and regulators. #banking #bankingindustry #cybersecurity #artificialintelligence https://lnkd.in/geFSdHCK

Beyond unacceptable 🛡️ Lockbit 3.0 Claims Attack on Federal Reserve: 33 Terabytes of Sensitive Data Allegedly Compromised. On June 23, 2024, at 20:27 UTC, Lockbit 3.0 announced that it had infiltrated the systems of the Federal Reserve, compromising a staggering 33 terabytes of sensitive banking information. The data reportedly includes confidential details of American banking activities, which, if verified, represents one of the most substantial breaches of financial data in history. The potential fallout from this breach is immense. If the claims are accurate, the exposure of such a vast amount of sensitive information could have dire consequences for individual privacy, financial stability, and national security. The Federal Reserve, responsible for overseeing the nation’s monetary policy, regulating banks, and maintaining financial stability, is a critical component of the U.S. financial infrastructure. https://lnkd.in/gKC2fXyD

BREAKING: Evolve Bank & Trust has allegedly been the victim of a ransomware attack and data breach by Russian hacker group LockBit, multiple info security sites are reporting: The group had touted a cache of Federal Reserve data but, when its demands weren't met, released what appears to be as much as 33 terabytes of data from Evolve's systems. As reports began surfacing yesterday, Evolve sent clients of its Open Banking Division an email (screencap below) acknowledging the reports and that, in conjunction with "law enforcement and government agencies," it is investigating the situation. A request for comment on the situation to Evolve's press contact was not immediately returned. Evolve recently received an enforcement action from its primary regulator, the Federal Reserve Board, which, among other areas, cited the bank's IT practices and required it to develop a plan and timetable to correct information technology security deficiencies. While Evolve is perhaps best known as the bank partner of now-bankrupt Synapse, it supports numerous other high-profile fintech partners, including: Mercury, Stripe, Affirm, Airwallex, Alloy, Bond (now part of FIS), Branch, Dave, EarnIn, TabaPay, and numerous others. It has previously worked with Wise and Rho, though both have since migrated to other bank partners. The authenticity of and potential scope of the data breach couldn't immediately be verified by Fintech Business Weekly, but industry sources who have reviewed the data described the situation as "as bad as it gets," with clear text files that containing end user PII, including SSNs, card PANs, wires, and settlement files. This is a developing story - more here and on X as it happens.