Just days after the FBI issued a private warning to the banking industry (read more here), the botnet network known as Necurs began a spamming campaign that targeted the banking industry. The activity was discovered by the security research firm Cofense. According to Cofense, the Necurs network started a concentrated spear phishing campaign
FBI Issues Private Warning to Banks about Unlimited ATM Cash-outs
On August 10, 2018, the Federal Bureau of Investigation (FBI) issued a private warning to banks that cybercriminals are planning to “conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an ‘unlimited operation.’”
A typical unlimited operation uses…
Opening a Bank Account with a Smartphone—Dodd-Frank Roll-Back Making Online Banking Easier
President Trump recently signed into law the Economic Growth, Regulatory Relief and Consumer Protection Act, which is already making waves in the financial sector for its repeal of certain Dodd-Frank provisions that were passed in the wake of the 2008 financial crisis. Banks and other financial institutions should take note, however, that the Act also…
New York Department of Financial Services Updates Cybersecurity Guidance: Coverage of Cybersecurity Requirements Addressed in 4 New FAQs
On March 1, 2018, the New York Department of Financial Services (NYDFS) “cybersecurity regulations” (23 NYCRR Part 500) took effect, placing a number of cybersecurity requirements on banks, insurance companies, and other financial services institutions and licensees regulated by the NYDFS (“Covered Entities”).
To aid in compliance with the regulation, the NYDFS recently added new…
New York Financial Services Cybersecurity Regulations Deadline Looming This Week
On March 1, 2018, the one year transition period within which banks, insurance companies, and other financial services institutions and licensees regulated by the New York Department of Financial Services (“Covered Entities”) must have implemented a cybersecurity program ends. By March 1, the Covered Entities must be in compliance with the following requirements:
23 NYCRR…
HaoBao Malware Hitting Banks Scans for Bitcoin Activity
Lazarus, the well-known hacking group responsible for the WannaCry ransomware attack from last year, as well as the attack on the Bangladesh Central Bank and Sony, is now targeting global financial firms and Bitcoin adopters with a phishing campaign dubbed “HaoBao.”
The phishing campaign was discovered by McAfee Labs in mid-January. The way it works…
New York’s Landmark Cybersecurity Regulation Compliance Deadlines Looming
On February 15, 2018—that is, today—banks, insurance companies and other financial services institutions and licensees regulated by the New York Department of Financial Services (DFS) are required to file their first certification of compliance with DFS’s far reaching cybersecurity regulation (23 NYCRR Part 500) (the “Regulation”).
The Regulation, which became effective on March 1, 2017,…
Bank Objections Play Key Role in Delay of New York Cybersecurity Regulation
The New York Department of Financial Services announced last week that it will revise and delay the effective date of its proposed cybersecurity regulation. The announcement came two days after New York bankers brought up a number of criticisms of the proposed rules at a hearing before the state’s Standing Committee on Banks.
At the hearing, bankers lamented that the proposed regulation will prove too burdensome to implement, particularly for small community banks.
Continue Reading Bank Objections Play Key Role in Delay of New York Cybersecurity Regulation