Brian Krebs is reporting that a security breach has disrupted operations at London-based fintech firm Finastra, which provides services to most of the world’s top 50 banks. Finastra has over 9,000 customers across 130 countries; sources at two different U.S. financial institutions forwarded a notice they received from Finastra saying the outage was expected to disrupt certain services, particularly for clients in North America.
A ransomware attack, in and of itself, does not necessarily expose personal data. Typically, it means the victimized company can’t access its own data. However, it can also mean the company’s data is in the hands of the hackers and could be publicly dumped if the attacked company does not comply with the hacker’s demands. Because Finastra has not released the results of its investigation, we can’t know at this point if bank or customer data has been exposed, or even if this truly was a ransomware attack as some security analysts have suggested. We are anxiously awaiting those results so we can provide appropriate analysis, which will hopefully include a Breach Clarity Score to give consumers an idea of the severity of the breach, as well as breach-specific steps they can take to mitigate the most-likely risks they’ll face as a result. All too often, consumers learn of a breach and operate with a very inaccurate understanding of what to do next. On a regular basis, consumers and industry security leaders are inundated with irrelevant, confusing, or conflicting advice on how to protect themselves following a confirmed breach. Our team works to provide precise, unbiased, and action-oriented advice on the most likely risks that follow any publicly reported data breach (currently affecting US consumers only). At the end of the day, all honest people win when facts and reason are used to respond to data breaches.
Organized crime rings, malignant state actors and opportunistic fraudsters adore crises, and this one offers them perfect cover.
We\’ve seen a massive surge in cyber attacks in March. Disrupted work patterns and distracted staff create ideal conditions for ransomware and BEC/CEO fraud attacks, as well as targeted, socially-engineered attacks.
Golden Key Holders — those people who have access to a lot of information and “hold the keys” to files, systems, records, bank accounts, etc. are especially vulnerable right now. Many are working at home without their normal support systems, and are vulnerable to indirect attack through spoofed emails delivered to work colleagues and associates. If a hacker gets control of their email and system passwords, they can do a lot of damage. Socially engineered attacks might start with a LinkedIn search to find such people, then a Facebook search, then make contact and drop a file in a spear-phishing attack.
Outsourcing and the use of contractors multiplies the risk: we have global disruption, and many fintech companies have outsourced their operations to third parties who themselves are challenged by staff dislocation.