Tuesday, December 12, 2017
Home Tags Barclays

Tag: Barclays

It's 2017: Is the splinternet nearer than ever? Analysis  Barclays has stopped offering free Kaspersky Lab products to new users in a move that shows, like Best Buy, commercial firms can be swayed by governmental stances on dealing with the Russian sof...
As NCSC warns on Russian antivirus, Barclays Bank ends offer of free Kaspersky Lab security software for customers.
The alleged mastermind behind attacks on Lloyds and Barclays has been extradited back to the UK.
What's the future of cash? Analysis  Today marks the 50th anniversary of the Automated Teller Machine (ATM), the first of which was installed outside Barclays Bank, Enfield Town in north London.…
Fintech company is serving 100m customers of the world’s largest banks including Barclays, BBVA and Deutsche BankBarcelona - 4th May 2017- Strands, a leading provider of personal financial management (PFM) and machine learning solutions for banks, today announced that 500 banks and 100 million banking customers worldwide are using digital banking services powered by the company’s award-winning technology.The company is now active in 87 countries, and serves 500 of the world’s largest banks including; Barclays,... Source: RealWire
Warwickshire, 21 March 2017. Rant & Rave, the customer engagement specialists who work with half of the FTSE including Barclays, Sky and easyJet, has developed a customer feedback integration for Amazon Alexa, Amazon’s cloud-based voice service. For brands using Amazon Alexa, this will transform the way customer feedback is captured, enabling consumers to tell brands what they think of a product or service in real-time. Rant & Rave with Amazon Alexa will sit within a... Source: RealWire
While intercepting traffic from a number of infected machines that showed signs of Remote Admin Tool malware known as HawkEye, we stumbled upon an interesting domain.
It was registered to a command and control server (C2) which held stolen keylog data from HawkEye RAT victims, but was also being used as a one-stop-shop for purchasing hacking goods. WhiteHats on the prowl? Before diving into an analysis of the server, it is worth pointing out some interesting behavior spotted in several of the victims’ stolen accounts.

A group of WhiteHat hackers who call themselves Group Demóstenes were found to be working around the clock, trawling the internet and looking to exfiltrate stolen data from C2 servers. When such a server was found, the group looked for a backdoor that would give them control over the filesystem.

They would then monitor the incoming, stolen data.

Either manually or automatically, they would collect the stolen credentials and send emails to the victims’ accounts.

These emails contained an attachment with proof that the user’s machine has been compromised.
In addition, they advise the user to change passwords immediately and offer to help. Hi *********** Our SERVERS detected information from a server on the US, we don’t even know goverment or another sourse …. we send a file with all your logins and passwords of all your accounts from hxxp://www.p******op[.]biz/*******WE HAVE TESTING IN YOUR PAYPAL ACCOUNT. LOG IN TO YOUR ACCOUNT AND YOU WILL SEE TWO CANCELED BILLING (OUR JOB IS WHITE HAT NO HACK ….
Steal)Seme you verify this information. it’s better thing we hurt all change password on the other computer Because Called Computer Name PC USER-PCLocal Time: 03.10.2016. 18:45:02Installed Language: en-Net Version: 2.0.50727.5485Operating System Platform: Win32NTOperating System Version: 6.1.7601.65536Operating System: Microsoft Windows 7 Home PremiumInternal IP Address: 192.168.0.101External IP Address:Installed Anti virus: Avast AntivirusInstalled Firewall: have a keylogger harm report All That You write, messages, passwords or more. ¿Why we do it?We have a Cause Called Group Demóstenes looking for Ciber attacks and false info.Please Donate by PayPal at h**cg**an@gmail[.]com 5 USD or more, Because this is only our ingress. PLEASE WRITE ME AT THIS MAIL FOR KNOW IF YOU KNOW ABOUT THIS The email above appears in two languages, English and Spanish.

The name of the group appears to be of Portuguese origin, though it is not certain. The shopfront: the command and control servers Scanning for network services which are running on the C2, we discovered that it contains not only a back-end for storing stolen credentials but also a front-end for selling some of them, alongside many other “goods”. Browsing the domain that communicated with the HawkEye RAT samples disclosed a login page.

Given the fact that the server was newly operational, it allowed users to register an account and login to purchase the goods on offer. After registering on the C2 web application, there was no sign of the stolen data transferred from compromised machines.

A forum-like web page opens up once a successful login is being processed. The C2 was meant to securely store the stolen data; however, it contained a crucial vulnerability which allowed researchers to download the stolen data. The C2 owners seem to have added six new Shell scripts on 22 November, just a week before the research started – a further indication of how new the operation is. Another item for sale is scam pages, and some are multilingual.

The attackers also reveal the scope of their victims, noting those who are registered to Amazon, Apple, Netflix and even National Bank of Australia and Barclays.

The listing of the year next to the banking information probably refers to how up-to-date the scam pages are in terms of the bank’s website updates. The attackers have spared no details and have added additional information regarding how one should act when using their services, and who to contact in the Support tab. To purchase goods in the private shop you must deposit money into your account on the website.

The attackers accept Bitcoins, PerfectMoney and WebMoney. Back to the stolen data As we described, HawkEye is a robust keylogger that can hijack keystrokes from any application being opened on the victim’s PC.
It can also identify login events and record the destination, username and password.
It is, however, limited to two-factor authentication and single sign-on. Stolen credentials on the server were found to be holding sensitive access passwords to government, healthcare, banking and payment web applications.

Among them is the following web server which belongs to the Pakistani government. As mentioned, hundreds of machines were found to be compromised by just one C2.

The following is a partial list of what was downloaded from the malicious server. Usually, careless threat actors forget to remove test files which might contain sensitive data.
In this case, we were able to obtain the attackers credentials from one very small file that was captured when searching related strings. Target geography The research is still ongoing and is currently affecting users located in APAC, such as Japan, Thailand and India, as well as parts of Eastern Europe such as Russia and Ukraine.
These breaches ain't bad for business... Bradford-based cyber security consultancy ECSC Group is planning to float on AIM next week (14 December). ECSC is bullish about its prospects, stating that the "recent proliferation of high-profile cyber security breaches affecting some of the world's most largest companies" has made cyber security a strategic issue for company boards. The firm wants to list on AIM in order to pull in investment that will allow it to accelerate its growth. More specially it plans to quadruple its headcount from 50 to 200 by the end of 2018 as well as open an Australian Security Operations Centre to facilitate round-the-clock global manned operations. Since its foundation 16 years ago, ECSC has attracted a raft of blue-chip clients including Barclays. ECSC is proposing to raise approximately £5m through a placing of just under 3 million new shares at a price of 167 pence per share.
If successful, this will give ECSC a market capitalisation of £15m.

The firm claims it is already profitable with annual revenue growth of 16.9 per cent between 2013–2016. Its board of directors on admission to AIM includes Nigel Payne, previously chief exec of Sportingbet plc, as non-executive chairman. ® Sponsored: Customer Identity and Access Management
Press Release Oracle Platinum Partner Certus Solutions [www.certus-solutions.com] has appointed Richard Summerfield as a Non-Executive Director. Richard is currently the Group HR Director at global telecoms provider JT [Jersey Telecom], an Oracle HCM customer of Certus-Solutions since 2015. JT is also currently using Certus-Solutions’ 'engage® Business Support Services’. Richard has over 20 years of corporate HR leadership experience, the last six as a member of JT's management board. Previously, he has worked at Ogier, Standard Bank, Zurich and Barclays. He was also a guest speaker at Oracle Openworld 2015 where he gave a customer view of the implementation of cloud HR products through Certus-Solutions. Richard Summerfield In his Non-Executive capacity, he will be ensuring that the company’s strategic business plans are robust, giving independent advice on senior recruitment and remuneration, and providing the personal ‘insight’ of an HR Cloud implementation customer. Commenting on his appointment, Tim Warner, Chairman (designate) and Chief Operating Officer of Certus Solutions says, “Richard brings with him both huge professional experience along with the unique insight of an Oracle HCM Cloud user. We like to think that the relationship we have built with him and his HR team over the last 18 months, and the quality of the Oracle HCM implementation, were key factors in him taking this new role. Adding Richard to the Board is a key step in defining the next chapter of our growth plans, where having stronger governance, independent advice and healthy challenge to the senior managers is crucial to our future success.” Building on Tim's words, Richard commented, “Certus-Solutions has grown rapidly through its ability to deliver leading edge Cloud solutions to major public and private sector clients alike, myself included.

To protect and nurture future growth, there is a requirement for greater investment in governance, best practice, and independent oversight.
I am delighted to join the Board at such an exciting time to help Certus realise its big ambitions to be a disruptor in the Oracle Cloud technology sector on a global basis”. About Certus SolutionsCertus Solutions is an Oracle® Platinum Partner and Oracle Education Partner.

A leading provider of implementation and business support services for Oracle Cloud based software for ERP, HCM and Payroll.

For more information regarding this press release and Certus Central Government activities please contact Mark Sweeny, Chief Executive Officer at Certus Solutions at mark.sweeny@certus-solutions.com +44 (0) 1483 610 220.
It's only a test Barclays is trialling smartphone cash withdrawals. The UK's first contactless mobile cash service will allow the bank's customers to withdraw up to £100 in-branch, with just a tap of their Android smartphone or contactless debit card.

The technology offers an alternative to traditional cash withdrawals from specially outfitted ATM machines. The service is initially being piloted in the North before rolling out to over 180 Barclays branches in the New Year.
It will be available on more than 600 in-branch machines.

Barclays customers with an Android smartphone or contactless debit card would need to tap their phone/card against the contactless reader before entering their PIN on the machine and withdrawing their cash as normal. The Contactless Cash functionality will only be available on NFC-enabled Android devices that have downloaded the latest version of Barclays Mobile Banking.

The facility is limited to Android smartphones, with iPhone fans left out in the cold.

Apple restricts the use of iPhones' NFC chips to its own Apple Pay facility and there's no hook-in that for third-party apps from banks or anyone else. Barclays claims Contactless Cash offers increased security because it removes the risk of magnetic card skimming and distraction fraud, since a smartphone never needs to leave a customer's hand. In a statement, Ashok Vaswani, chief exec of Barclays UK, said: "Our customers now expect to be able to use their smartphone to make their everyday purchases. We want taking out cash to be just as easy. With Contactless Cash customers can quickly and securely take out money with just a tap of their smartphone – a first for the UK." Cindy Proven, chief strategy and marketing officer at Thales e-Security, cautioned that the security of the system is reliant on making sure customer's smartphones are free of malware. "It's encouraging to see the payments industry continue its commitment to embracing digitalisation to improve efficiency of payments and further reduce the possibility of fraud with ATM withdrawals," Proven said. "However, with risks to mobile payments – such as malware already present on an end-user's device – it is critical that security remains front of mind when developing such innovations." ® Sponsored: Customer Identity and Access Management
It's not like the public will think any worse of you Top techies at British banks are being encouraged to share information about cyberattacks following revelations that the financial sector is under-reporting breaches to regulators. According to the UK's Financial Conduct Authority, only five attacks were reported in 2014, a figure that has soared to 75 so far this year.

But the numbers fail to give the full picture. US regulations oblige banks to disclose breaches, and reporting is more consistent as a result.
In the UK, only breaches that have a material impact need be revealed – something open to interpretation. Jacob Ginsberg, senior director at Echoworx, argued that the EU’s General Data Protection Regulation (GDPR) directive, which comes into force before Brexit, will remove banks’ ability to keep quiet about some security problems. “Articles 31 and 32 of the GDPR would bring EU regulation more in line with US banking regulation, with forced disclosures shoving these conversations out into the open, hopefully to everyone’s benefit,” said Ginsberg, who argues banks could benefit from increased openness and sharing about security problems. “Hackers communicate with each other, they share tools and are constantly learning. With banks unwilling to disclose the attacks they’ve come under, we are missing out on the opportunity to collaborate and learn about what is and isn’t working, which would help us gain useful insights.
In fact, many bank security officers would prefer attacks to be more openly discussed, as they see the obvious value." A security supplier who declined to be named told Reuters: "Banks are dramatically under-reporting attacks, they do what's legally required but out of embarrassment or fear of punishment they aren't giving the whole picture." Attacks on banks linked through the SWIFT banking messaging system have increased concerns about the resilience of UK financial institutions even though hackers seem to be concentrating on attacking banks in the developing world. Mark James, security specialist at ESET, expressed some sympathy for the dilemma banks face. “Financial organisations suffer cyberattacks on a daily basis,” he said. “Reporting every one of those attempts would indeed clog systems with lots of unnecessary information. “However, the problem of course is perceived security, as more and more breaches happen and more malware is being used to target financial systems, then the damage caused when things go wrong can be so great decisions will be made to keep it quiet.” Troels Oerting, group chief information security officer at Barclays and former head of Europol's Cyber Crime Unit, told Reuters that Barclays shares all its relevant information on attacks with regulators. Banks' sharing of information with authorities has improved over recent years, he added.

ESET’s James agreed that sharing information – something senior techies at merchant banks have practiced informally for years – is key to staying ahead of the growing number of threats financial services firms face. “Sharing information enables better defences,” James explained. "It provides authorities and regulators a better understanding of the wider picture and should help investment in the correct placement of funds to combat future attacks “In addition to this, the public have a right to know what a company is doing regarding security and privacy, because only then can they make an informed decision based on facts.”®
Banks are not providing enough details on cyber-attacks in order to downplay security fears, say insiders. By Matthew BroersmaBritish banks are "dramatically under-reporting" computer attacks due to their fear of bad publicity, according to several IT security firms who provide services to them.Staff from five computer security firms that provide services and advice to United Kingdom banks said they have seen first-hand examples of banks choosing not to report security breaches, according to a Reuters report citing unnamed individuals. Law Enforcement Left in the Dark While the banks did not break the law, their reporting practices are overly conservative and mean the public is unaware of the true extent of the risks to which banking IT systems are exposed, the firms said."Banks are dramatically under-reporting attacks, they do what's legally required but out of embarrassment or fear of punishment they aren't giving the whole picture," said one source.Barclays' head of information security, Troels Oerting, who joined the bank in February of last year, said banks' sharing of data with authorities has improved since then and that Barclays provides all relevant information on attacks to regulators. Oerting was previously head of Europol's Cyber Crime Unit.The comments will, however, add to concerns that information-gathering on computer attacks is inadequate, following a National Audit Office (NAO) report last month that found a lack of coordination in government data-gathering on breaches. The government earlier this month opened a National Cyber Security Centre (NCSC) to help centralize computer defenses, including reporting, but the NAO said more reforms would be necessary. Sharp Rise in Attacks British financial institutions reported only five network-based attacks in 2014, rising to 75 so far this year, according to the Financial Conduct Authority (FCA).But IT security experts have said that such figures do not reflect the growing focus on banks and financial institutions by online thieves.They say the growing sophistication of malware such as Odinaff and Carbanak, which target banks and other financial institutions, shows a heavy investment in the coordination, development and deployment of computer attack tools.Investigators looking into the theft of $81 million using the SWIFT payment network said the attack showed a similar level of expertise.Industry observers say that as banks make it ever-easier for their customers to conduct network-based transactions, they present a natural target for online criminals."These attacks require a large amount of hands on involvement, with methodical deployment of a range of lightweight back doors and purpose built tools onto computers of specific interest,” said Symantec in a report on Odinaff earlier this month. "Although difficult to perform, these kinds of attacks on banks can be highly lucrative."