Malware

The one thing more valuable to consumers than their bank accounts might be their internet access — and a new version of the ‘Trickbot’ trojan targets both.

The mastermind behind malware attacks that programmed ATMs to spit out cash on demand and caused more than 1 billion euros ($1.2 billion) of losses has been arrested in Spain.

The U.S. charged 36 people in a takedown of an international cybercrime ring that prosecutors say used the slogan “In Fraud We Trust” and stole $530 million with the help of pilfered identities and malware.

While bank-run ATMs don’t appear to be affected so far, older, front-loaded cash machines are vulnerable to the attack, according to an alert from the Secret Service.

To date, the vast majority of security investment has focused firmly on keeping the bad guys out. It only ever works to a certain extent. This is because there is much greater impetus for the hackers to devise new methodologies to gain access and the security industry at large is only ever playing catch up, writes James Barham, chief commercial officer at PCI Pal.

The widespread nature of the threat (most computer chips are vulnerable) and the reality that banks are always juicy targets mean bank officials must take a series of protective actions as soon as possible.

A Russian cybersecurity software company reported last week that a new group of cybercriminals had stolen $10 million from 16 community banks. But there's no hard evidence that actually happened.

In a rare show of public support for a security technology, the banks are leading a $40 million funding round for Menlo Security, provider of browser technology that keeps malware at bay — and they’re using it, too.

As consumers’ personal information is compromised almost daily, hackers are increasingly targeting banks.

A panel of experts at this year's ACUMA conference says credit unions must find ways to collaborate while still remaining innovative.

Cybercriminals know people want to resolve tax payment issues, and they take advantage of it, writes Matthew Gardiner, senior product manager at Mimecast.

An analysis of a test shows runtime application self-protection (RASP) successfully defends mobile banking apps targeted by BankBot against overlay attacks, writes Frederik Mennes, manager of the security competence center at Vasco Data Security.

As an industry, payment system providers and other IoT systems makers in all stripes and colors need to shift the paradigm and build in tamper-proof security based on their original configuration, writes Assaf Harel, CTO of Karamba Security.

At the Michigan Credit Union League’s annual conference, PayPal CEO Dan Schulman offered an overview of cyberthreats while praising the movement – an industry he considers a partner, rather than a competitor.

The ransomware attack caused fear across banks, retailers, health care and governments in May. But worse attacks may be on the horizon.

Kmart has been hit with a malware attack that has resulted in the compromise of payment card credentials for the second time in three years.

Two related and equally humiliating cases of high-level bankers completely falling for fake emails illustrate the dangers of social engineering and the need to better protect executives and other employees from themselves.

One recent study says local and regional FIs face the greatest risk of losses from ransomware, but there are steps CUs can take to mitigate that risk.

Unlike other “suspicious activity report” categories, a new proposal to add a “cyberevent” category would require institutions to detect and report digital mischief whether directed at a customer’s account or the bank itself.

Financial services was the top industry targeted by malware in 2016, so banks need to be strategic in building their defenses against attacks.