Financial

Who:

• Threat Actor: Operators of the Grandoreiro banking malware, a Brazilian banking trojan.

• Target: Banking customers, particularly in Mexico, Latin America (LATAM), and Europe.

What:

• Malware Evolution: New variants of Grandoreiro have adopted advanced tactics like domain generation algorithms (DGA), encryption, mouse tracking, and CAPTCHA barriers to evade detection.

• Attack Methods: Delivered primarily through phishing emails and malicious ads, Grandoreiro uses large files disguised as legitimate software to bypass security measures, gathering credentials and monitoring user activity.

Impact:

• Global Financial Threat: Capable of stealing credentials from over 1,700 financial institutions across 45 countries, the malware poses a significant risk to banking systems.

• Evasion Tactics: The malware’s continuous evolution helps it avoid modern security systems, making it a persistent threat despite law enforcement crackdowns.

  
  

Read the full article HERE

Who:

• Affected users: 77,099 Fidelity customers.

• Company: Fidelity Investments, a global asset management firm.

• Perpetrator: An unnamed third party.

What:

• Incident: A data breach between August 17 and August 19, 2024, allowed unauthorized access to personal information, including Social Security numbers and driver's licenses. The breach was conducted via two newly established customer accounts that submitted fraudulent document requests.

Impact:

• Compromised Data: Social Security numbers, driver’s licenses, and related personal information.

• Customer Accounts: No direct access to customer accounts or funds was involved.

• Action Taken: Fidelity terminated access on August 19, notified affected individuals, and is conducting an internal investigation.

  
  

Customers are encouraged to monitor their personal information for potential misuse.

Read the full article HERE

Who:

• Prudential Financial, a global financial services company.

• Over 2.5 million individuals whose personal information was compromised.

What:

• Prudential Financial experienced a data breach on February 4, 2024, detected the following day.

• The breach compromised administrative/user data and employee/contractor accounts.

• Initially reported as affecting over 36,000 people, the impact has now been updated to 2,556,210 individuals.

Impact:

• Personal Information Exposed: Names, driver's license numbers, and non-driver identification card numbers were stolen.

• Scope and Scale: The breach affected a significantly larger number of people than initially reported.

• Security Measures: Prudential has worked with cybersecurity experts to confirm that the unauthorized third party no longer has access to their systems.

• Ransomware Gang Involvement: The ALPHV/BlackCat ransomware gang claimed responsibility for the attack.

• Financial and Reputational Damage: As the second-largest life insurance company in the U.S. with reported revenues of over $50 billion in 2023, the breach could have significant financial and reputational consequences.

Broader Context:

• Previous Breaches: In May 2023, 320,000 Prudential customers' information was exposed due to a hack on a third-party vendor, highlighting ongoing cybersecurity challenges for the company.

• Cybercrime Trends: The ALPHV/BlackCat gang has been linked to over 60 breaches worldwide and has raked in at least $300 million from over 1,000 victims, underscoring the widespread impact and profitability of such cybercrime operations.

  
  

Read the full article HERE

Who:

• Patelco Credit Union, a Bay Area financial institution with $9 billion in assets and 450,000 members nationwide.

What:

• On June 29, Patelco Credit Union was hit by a ransomware attack that forced it to shut down several key banking systems.

• The attack has left tens of thousands of customers without access to their accounts and core electronic transactions such as direct deposits, transfers, balance inquiries, and payments.

• The attack also impacted the credit union's online banking systems, mobile app services, and call center.

Impact:

• Customer Disruption: Customers are experiencing significant inconvenience, unable to access their accounts or perform essential transactions.

• Service Outages: Patelco's ATMs may experience intermittent outages, though access to shared ATMs for cash withdrawals and deposits remains available.

• Recovery Efforts: CEO Erin Mendez stated that Patelco is working with third-party cybersecurity experts to restore systems, but no estimated time for resolution has been provided.

• Ransomware Trends: The situation reflects a common pattern in major ransomware incidents, where recovery can take weeks and involves extensive efforts to rebuild systems and address security vulnerabilities.

• Potential Data Theft: There is no confirmation yet if data was stolen, but modern ransomware attacks often involve data theft and extortion.

Broader Context:

• Increased Ransomware Incidents: Ransomware attacks are on the rise, with smaller organizations being more frequently targeted.

• Extortion Threats: Many ransomware actors now steal data and threaten to leak it if ransoms are not paid, adding to the complexity and severity of these attacks.

• Examples of Impact: Similar incidents, such as the attack on Memphis-based Evolve Bank & Trust by the LockBit ransomware group, demonstrate the potential risks of data theft and leakage.

Read the full article HERE

First American Financial Corporation, the second-largest title insurance company in the U.S., with over 21,000 employees and annual revenue of $6 billion.

What: A cyberattack in December impacted 44,000 individuals by accessing sensitive personal information. The breach follows a settlement with New York State for a 2019 data exposure incident.

Impact: The attack led to unauthorized access to personal data of 44,000 people, prompting First American to offer credit monitoring and identity protection services to those affected. This incident underscores ongoing cybersecurity challenges in the financial services sector, particularly for firms handling large volumes of sensitive information.

read the full article HERE