Home Tags Treasury

Tag: Treasury

IDG Contributor Network: Biometrics can provide better data provenance

Imagine these scenarios:Insiders at a financial institution place transactions using e-execution and then deny involvement when trades lose money. Regulated individuals share secrets and collude to fix pricing via messaging services. Fraud occurs through re-diverted funds within Treasury departments. Funds are embezzled or re-directed for personal gain. Confidential data is accessed for market price fixing, front running or gaining market advantage Executives request staff members to access confidential or highly secure content to create a more simplistic briefing process. Data is accessed and leaked for personal benefit. The common denominator to every one of these scenarios is individuals denying their involvement or abdicating responsibility in a transaction.

These types of acts are happening every day across virtually every industry -- pharma, finance, the public sector -- costing companies incredible amounts of money to investigate and putting operating licenses at risk.To read this article in full or to leave a comment, please click here

Misys and D+H to join forces to create a new global...

Combination will create one of the largest Fintech companies in the world and market leader in corporate bankingLondon, UK – 13 March 2017 – Today Vista Equity Partners announced that it has signed a definitive agreement to acquire D+H, the largest Canadian-based software provider of lending, payments and financial solutions and intends to merge it with Misys, the global software leader for retail and corporate banking, lending, treasury and capital markets, investment management and enterprise... Source: RealWire

VU#742632: Sage XRT Treasury database fails to properly restrict access to...

Sage XRT Treasury,version 3,fails to properly restrict database access to authorized users,which may enable any authenticated user to gain full access to privileged database functions.

Alior Bank to fuel continued rapid growth with Misys FusionCapital

Bank to boost operational efficiencies across treasury and foreign exchange tradingLondon, UK, 13 February 2017 – Alior Bank will use Misys FusionCapital to streamline processes and boost operational efficiencies across its treasury and foreign exchange trading business.

The solution supports the bank’s continued rapid growth which at the moment averages 15% on an annual basis. “Quality and customer service are the driving force behind our bank. With business growing every day we were looking for... Source: RealWire

Treasury loosens Russia sanctions to ease encrypted tech blockade

It's thought that the order would loosen import restrictions on encrypted products, which are controlled by Russia's state security service.

Carbanak Using Google Services For Command And Control

Carbanak certainly has not sat idly by after years of advanced criminal campaigns targeting primarily financial institutions.

The outfit, alleged to have stolen from more than 100 banks worldwide, has popped up again with a new means of managing command and control over its malware and implants. Researchers at Forcepoint said Tuesday that an investigation into an active exploit sent in phishing messages as a RTF attachment led them to discover the group has been using hosted Google services for command and control. Services such as Google Forms and Google Sheets are being co-opted by the group, allowing Carbanak traffic to essentially hide in plain sight among Google traffic that is unlikely to be blocked by an organization. Forcepoint said that each time a victim is infected by the group’s malware, a Google Sheets spreadsheet is created along with a unique ID for the victim, which is used to manage interactions with the infected machine.

The attacker then manually goes into the spreadsheet, collects any data sent back from the target’s computer and loads the spreadsheet with commands and additional malware that is pulled to the compromised machine. Forcepoint said it was not aware of how many of these command and control channels were open on Google services, but said it is something that was privately disclosed to Google.

A request for comment from Google was not returned in time for publication. “The Carbanak actors continue to look for stealth techniques to evade detection,” Forcepoint said in its report published yesterday. “Using Google as an independent C&C channel is likely to be more successful than using newly created domains or domains with no reputation.” Researchers said their investigation was prompted in part by a new campaign disclosed by tr1adx, a scarcely populated website that has published four pieces of “intelligence,” primarily focusing on state-sponsored groups. On Jan. 1, it published a piece on a Carbanak campaign it was calling Digital Plagiarist.

The main tactic exposed in the report was the group’s use of tainted Office documents hosted on sites mirroring legitimate sites such as the U.S.

Food and Drug Administration, Department of the Treasury, Zyna, Atlantis Bahamas, Waldorf Astoria and many others across sectors such as manufacturing, hospitality, media and health care.

The group, which tr1adx calls the TelePort Crew, is likely Carbanak based on domains and malware used in this campaign that are similar to another disclosed by researchers at Trustwave last year. Forcepoint took a look at a RTF file previously used exclusively by Carbanak that includes crafted VBscript.

The document, Forcepoint said, contains an embedded OLE object disguised as an image asking the victim to click on it to view the attachment.

The image is hosting the VBscript, and if the victim clicks on the image, a dialogue box appears instructing the users to open the file, which executes the attack. “We decoded the script and found hallmarks typical of the Carbanak group’s VBScript malware, however we also found the addition of a new ‘ggldr’ script module,” Forcepoint said. “The module is base64 encoded inside the main VBScript file along with various other VBScript modules used by the malware. When we analyzed the script we noticed that it is capable of using Google services as a C&C channel.” Carbanak’s activities were exposed in 2015 by researchers at Kaspersky Lab who published an extensive report explaining was using advanced malware to attack more than 100 banks, stealing anywhere from $2.5 million to $10 million per bank, putting potential losses at $1 billion. Carbanak used spear phishing to infiltrate banks, laterally moving across compromised bank networks until they landed on the right system that allowed them to steal money. On some instances, Kaspersky Lab said, Carbanak would record video of system operators, which were used in concert with data obtained by implanted keyloggers to fully understand what the victim was doing on the infected machine. Kaspersky Lab said Carbanak would cash out in a number of ways: “ATMs were instructed remotely to dispense cash without any interaction with the ATM itself, with the cash then collected by mules; the SWIFT network was used to transfer money out of the organization and into criminals’ accounts; and databases with account information were altered so that fake accounts could be created with a relatively high balance, with mule services being used to collect the money.”

Thanks, Obama: NSA to stream raw intelligence into FBI, DEA and...

Gee, what a lovely parting gift by outgoing US prez A last-minute rule change signed off by the outgoing Obama administration has made it much easier for the NSA to share raw surveillance data with more than a dozen government agencies. The changes [PDF] are tacked onto executive order 12333, which was enacted by then-President Ronald Reagan to allow intelligence agencies to share information on non-US nationals.

The new rules will allow the NSA to share unfiltered signals intelligence with other members of the intelligence community if it is deemed necessary. "The procedures permit IC [intelligence community] elements to have access, under appropriate conditions, to the unevaluated or unminimized (ie, 'raw') signals intelligence (SIGINT) information that the NSA collects pursuant to EO 12333, thus enabling elements to bring their own analytic expertise to reviewing that information and to use that information in support of their own missions," the office of the Director of National Intelligence explained today. "The procedures therefore provide an important mechanism for enhancing information sharing, integration, and collaboration in the IC." Under the terms of the changes – which were signed off by outgoing US spymaster James Clapper and the Attorney General Loretta Lynch – the NSA can now pass on information to the other 15 organizations that make up the US intelligence community.

Those 15 members are: Air Force Intelligence, Army Intelligence, the CIA, Coast Guard Intelligence, the Defense Intelligence Agency, the Department of Energy, the Department of Homeland Security, the Department of State, the Department of the Treasury, the Drug Enforcement Administration (DEA), the FBI, Marine Corps Intelligence, the National Geospatial-Intelligence Agency, the National Reconnaissance Office, and Navy Intelligence. The collected information itself can include any data slurped on a foreign national, including files, phone calls, satellite messages and faxes.
It applies to communications that take place outside the US and any traffic that passes within US borders. To get their paws on this data, an intelligence organization will have to assert that it's needed for an overseas investigation, and have that request approved by a "high-level NSA official," according to a fact sheet prepared by government officials.

The requestor also has to commit to protecting the data as much as possible. US citizens can have their data surveilled in the same way on the authorization of the Attorney General, the Director of the NSA, or the head of the recipient intelligence body – or a high-level designee. The amendment also requires Uncle Sam's snoopers to undergo training on how to follow the new rules, and creates an audit trail for the information. Quite why this needed to be rushed through in the dying days of the Obama administration remains to be seen. ® Sponsored: Flash enters the mainstream.
Visit The Register's storage hub

Crims shut off Ukraine power in wide-ranging anniversary hacks

Phishing, denial of service, and remote exploitation part of hacking banquet Hackers of unknown origin cut power supplies in Ukraine for a second time in 12 months as part of wide-ranging attacks that hit the country in December. The attacks were revealed at the S4x17 conference in Miami in which Honeywell security researcher Marina Krotofil offered reporters some detail into the exploitation that began 16 December and raged for four days. She told Dark Reading attackers triggered an hour-long power black out at midnight 17 December by infecting the Pivnichna remote power transmission facility, knocking out remote terminal units and the connected circuit breakers. Further attacks against the State Administration of Railway Transport left Ukrainians unable to purchase rail tickets and delayed payments when the Treasury and Pension Fund was compromised. It was the second network-centric attack to knock out power supply in Ukraine.

Attackers of suspected Russian origin targeted facilities in December 2015. Those 23 December outages affected Ukraine's Prykarpattya Oblenergo and Kyivoblenergo utilities cutting power to some 80,000 customers for six hours. Last month's attacks also used the BlackEnergy and KillDisk malware. Other hacks included highly-convincing and successful phishing attacks against an unnamed Ukrainian bank, various remote exploitation, and denial of service attacks. @Marmusha talks about the recent cyber-attack in Ukraine #S4x17 pic.twitter.com/wg6IUqn3Lz — Parnian (@Parnian_7) January 10, 2017 The phishing attack on 14 July last year used the ancient trick of malicious Word document macros but wrapped it in high levels of obfuscation and anti-forensics. Information Systems Security Partners head of research Oleksii Yasynskyi, who worked on dissecting the hacks, reckoned the attackers were a mix of groups specialising in different aspects of offensive security, from infrastructure to obfuscation and payload delivery. Phishing emails numbered in the thousands. Hackers kept quiet observation for months whenever one payload was successful at breaching one of the Ukrainan assets, Krotofil told MotherBoard Yet the attackers' origin was not disclosed, if it is known; Kiev laid blame squarely on Russia for the similar 2015 utility hacking. Krotofil told Dark Reading the Ukraine's utilities may be seen as a test bed for attacks elsewhere, something she says is common with Russian hackers. Alex Mathews, security evangelist lead with Russian SCADA and industrial control system outfit Positive Technologies told El Reg says vulnerabilities in critical infrastructure are easy to find and difficult to get fixed. “It takes just two days to find a new SCADA flaw, yet almost a year to get it fixed," Mathews says. "The vulnerability of our critical infrastructure is evident. "Those charged with protecting industrial control system and SCADA networks must acknowledge that they’re exposed to cyber threats and take steps to reduce the risk." ® Bootnote While concerns the attacks are a test bed for further control system hacking in other countries, compromising such infrastructure cannot be done by cookie cutter hackers. Control systems are highly specialised with proprietary and often undocumented protocols that are not ordinarily understood outside of specialist fields. Using Ukraine as a means to hack US energy companies for example is further troubled by the variance in security controls that may exist in front of and around control systems. ® Sponsored: Flash enters the mainstream.
Visit The Register's storage hub

Rethink on bank cybersecurity rules might only follow major bank breach,...

Banks 'effectively unregulated on cybersecurity' It might take a major bank to fail as a result of a cyber attack for meaningful changes in cybersecurity practices, regulation and governance in the UK banking market to be implemented, a leading industry commentator has said. In an interview with Out-Law.com, professor Richard Benham, chairman of the National Cyber Management Centre, expanded on earlier comments he provided to the BBC. He reiterated his view that there will be a run on a bank in 2017 as a result of customers losing confidence in the security of their funds following a cyber attack, and said more formal regulation of cybersecurity is needed in UK banking. Benham said that, despite the existence of Bank of England guidance, the banking industry is currently "effectively unregulated on cybersecurity".

There is a lack of "mandated standards", he said, and that these should be put in place. "At the moment there is a tendency to leave banks to manage their own security," Benham said. The Tesco Bank incident, and the attacks carried out via the SWIFT banking system, such as those that affected Bangladesh’s central bank and Ecuadorian bank Banco del Austro, should "serve as a wake up call" to industry over cybersecurity vulnerabilities, he said. However, he said he believes some banks appear too willing to sacrifice an element of security when working on initiatives aimed at enhancing the customer experience, in response to consumers' demand for faster means of transferring money. Citing the greater regulation banks have faced since the "credit crunch" as an example, Benham predicted, though, that "it might take a major failure" of a bank, stemming from a successful cyber attack and subsequent run on the bank as customers seek to withdraw funds, to prompt tighter regulation of cybersecurity of banks by central banks, governments and regulators. Benham said that the Tesco Bank case showed that banks can fall victim to hackers and that leading industry figures admit that, should attacks be successful, it is inevitable customer funds will be stolen. Online-only banks are perhaps more vulnerable to reputational damage, loss of customer confidence and a subsequent run on funds, should a cyber attack knock-out their systems, Benham said. High street banks, able to deal with issues in-branch, might be able to better respond to customer concerns and issue refunds quicker in the event they are hit by such an attack, he said. The ability to reassure customers about the security of their funds, and issue refunds speedily, will be vital to a bank should they fall victim to a cyber attack, he said.

Bank customers are likely to show "a degree of apathy" towards a bank's cybersecurity failings if they are promptly refunded for any losses they have sustained, he said. At the moment, the true scale of losses banks suffer from cyber attacks is unknown, Benham said.

This is because banks are able to disguise figures under the generic 'fraud' label, he said. However, he said the forthcoming General Data Protection Regulation (GDPR), with its new data breach notification obligations, is likely to bring a greater number of such attacks to light, as well as more details about their impact. He said it is hard to predict what impact that might have on customer confidence and their eagerness to move money out of accounts. Last month, Andrew Tyrie, chair of the UK parliament's Treasury Select Committee, said the current "lines of responsibility and accountability for reducing cyber threats" in banking "appear to be somewhat opaque".

Tyrie said the UK should consider reorganising its governance of cyber risk in financial services so that there is "a single point of responsibility". Copyright © 2016, Out-Law.com Out-Law.com is part of international law firm Pinsent Masons. Sponsored: Want to know more about Privileged Access Management? Visit The Register's hub

Obama expels 35 Russian spies over election hacking

Russian Embassy responds with pic of 'LAME' duck, says move is 'Cold War deja vu' President Barack Obama has ordered the expulsion of 35 suspected Russian spies in response to "malicious cyber activity and harassment" by Putin's government for attempts to undermine the 2016 election. In a statement issued on Thursday, Obama ordered a number of actions in response to "the Russian government’s aggressive harassment of US officials and cyber operations aimed at the US election." Under an executive order, the Obama administration has provided additional authority for responding to the cyber threats. It has sanctioned nine entities and individuals: including the GRU and the FSB, two Russian intelligence services; four individual officers of the GRU; and three companies that provided material support to the GRU’s cyber operations. He said the decision was a "necessary and appropriate response" to efforts to harm US interests in violation of established international norms of behavior. In addition, the Secretary of the Treasury is designating two Russian individuals for using cyber-enabled means to cause misappropriation of funds and personal identifying information. The State Department is also shutting down two Russian compounds, in Maryland and New York, used by Russian personnel for intelligence-related purposes, and is declaring “persona non grata” 35 Russian intelligence operatives. Obama said the Department of Homeland Security and the Federal Bureau of Investigation are also releasing declassified technical information on Russian civilian and military intelligence service cyber activity "to help network defenders in the United States and abroad identify, detect, and disrupt Russia’s global campaign of malicious cyber activities." In a statement he said: "All Americans should be alarmed by Russia’s actions." Incoming president Donald Trump, responded in a statement that it is time to “move on to bigger and better things.” He added: "Nevertheless, in the interest of our country and its great people, I will meet with leaders of the intelligence community next week in order to be updated about the facts of this situation." The Russian Embassy in London responded with a tweet of a picture of duck with the word LAME written across the bottom. "President Obama expels 35 🇷🇺 diplomats in Cold War deja vu. As everybody, incl 🇺🇸 people, will be glad to see the last of this hapless Adm," it Tweeted. In October, the Obama administration found that Russia took actions intended to interfere with the US election process. "These data theft and disclosure activities could only have been directed by the highest levels of the Russian government," said Obama. Obama said the actions are not the sum total of its response to Russia’s aggressive activities. "We will continue to take a variety of actions at a time and place of our choosing, some of which will not be publicised. "In addition to holding Russia accountable for what it has done, the United States and friends and allies around the world must work together to oppose Russia’s efforts to undermine established international norms of behavior, and interfere with democratic governance. "To that end, my Administration will be providing a report to Congress in the coming days about Russia’s efforts to interfere in our election, as well as malicious cyber activity related to our election cycle in previous elections." ® Sponsored: Flash enters the mainstream. Visit The Register's storage hub

Obama tosses 35 Russians out of US, sanctions others for election...

Enlarge / Obama just left Donald Trump a nice little inauguration present—a fresh pack of sanctions against Russia and evidence of Russian interference in the presidential election.Win McNamee/Getty Images reader comments 44 Share this story In an executive order issued today, President Barack Obama used his emergency powers to impose sanctions on a number of Russian military and intelligence officials and also to eject 35 Russians labeled by the administration as intelligence operatives. The order was issued as a response to the breach of the Democratic National Committee's network and the targeted intrusion into e-mail accounts belonging to members of Hillary Clinton's presidential campaign. Obama made the sanctions an extension of an April 2015 executive order "to take additional steps to deal with the national emergency with respect to significant malicious cyber-enabled activities." The order is being accompanied by the publication of data from US intelligence communities bolstering findings that the breaches were part of an information operation to manipulate the results of the US presidential election. The data, released by the Department of Homeland Security and Federal Bureau of Investigation as a Joint Analysis Report (JAR), contains "declassified technical information on Russian civilian and military intelligence services’ malicious cyber activity, to better help network defenders in the United States and abroad identify, detect, and disrupt Russia’s global campaign of malicious cyber activities," according to an Obama administration statement. "The JAR includes information on computers around the world that Russian intelligence services have co-opted without the knowledge of their owners in order to conduct their malicious activity in a way that makes it difficult to trace back to Russia." Some of the data had been previously published by cyber-security firms, but in some cases the data is newly declassified government data. The JAR (full text available here) includes information that will allow security firms and companies to identify and block malware used by Russian intelligence services, along with a breakdown of the Russian malware operators' standard methods and tactics. DHS has added these "indicators of compromise" to their Automated Indicator Sharing service. The executive order singles out the GRU (Russia's Main Intelligence Directorate), the FSB (Federal Security Service, the successor to the KGB), Esage Lab (a Web development arm of the Russian information security company Zorsecurity), the St. Petersburg-based firm Special Technology Center, and Russia's Professional Association of Designers of Data Processing Systems. It also names four individuals: GRU chief General-Lieutenant Igor Korobov, GRU Deputy Chief and Head of Signals Intelligence Sergey Aleksandrovich Gizunov, and GRU First Deputy Chiefs Igor Olegovich Kostyukov and Vladimir Stepanovich Alexseyev. The 35 Russians ejected from the US—individuals identified as intelligence operatives working out of the Russian embassy in Washington and Russia's consulate in San Francisco—were ejected not in response to the DNC and Clinton campaign hacks, but in response to "harassment of our diplomatic personnel in Russia by security personnel and police," according to a White House fact sheet issued on the executive order. In addition to those explicitly named by the order, Obama's order applies to: …any person determined by the Secretary of the Treasury, in consultation with the Attorney General and the Secretary of State, to be responsible for or complicit in, or to have engaged in, directly or indirectly, cyberenabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States that are reasonably likely to result in, or have materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the United States and that have the purpose or effect of … tampering with, altering, or causing a misappropriation of information with the purpose or effect of interfering with or undermining election processes or institutions. That could, if pressed aggressively, apply to a very large swath of individuals, including operators of "fake news" sites and others involved tangentially in the distribution of information that may be seen as intended to interfere with elections—including the still-unidentified individuals involved in hacking two state election commission websites. But many of the organizations in Russia that might fall under this banner are already under US sanctions. Just how aggressively these measures will be pressed will be left largely to the incoming Trump administration. President-elect Trump will find himself in a position of having to outright dismiss the evidence presented by the FBI and DHS in order to rescind the sanctions entirely. But Trump has already shrugged off "the cyber" on several occasions during the transition. On December 28, Trump responded to a question about possible sanctions over the hacking: I think we ought to get on with our lives. I think that computers have complicated lives very greatly. The whole age of computer has made it where nobody knows exactly what is going on. We have speed, we have a lot of other things, but I’m not sure we have the kind, the security we need.

White House Set To Announce Retaliatory Measures For Russian Election Hacking

US expected to name and sanction some individuals involved in disinformation campaign as early as today, and conduct other covert responses at a time of its choosing. Officials stated Wednesday that the White House will announce, as early as today, a series of measures the US will use to respond to Russian interference in the American election process.

The news comes after President Obama stated in October that the US would issue a "proportional" response to Russian cyber attacks on the Democratic National Committee.  Not all the measures will be announced publicly.

According to CNN, "The federal government plans some unannounced actions taken through covert means at a time of its choosing." Wednesday, CNN reported that as part of the public response, the administration is expected to name names -- specifically, individuals associated with a Russian disinformation operation against the Hillary Clinton presidential campaign. The actions announced are expected to include expanded sanctions and diplomatic actions. Reuters reported Wednesday that "targeted economic sanctions, indictments, leaking information to embarrass Russian officials or oligarchs, and restrictions on Russian diplomats in the United States are among steps that have been discussed." In April 2015, President Obama signed an Executive Order, which gives the president authorization to impose some sort of retribution or response to cyberattacks.

The EO has not yet been used.
It allows the Secretary of Treasury, in consultation with the Attorney General and Secretary of State, to institute sanctions against entities behind cybercrime, cyber espionage, and other damaging cyberattacks.

That includes freezing the assets of attackers. The Russian Ministry of Foreign Affairs' official representative, Maria Zakharova, said in a statement on the ministry's website: "If Washington really does take new hostile steps, they will be answered ... any action against Russian diplomatic missions in the US will immediately bounce back on US diplomats in Russia." 'Proportional' response The administration has used the word "proportional" when discussing cyber attacks before.
In December 2014, while officially naming North Korea as the culprit behind the attacks at Sony Pictures Entertainment, President Obama said the US would "respond proportionately." That attack was against one entertainment company, however, and not a nation's election system, so the proportions are surely different. "We have never been here before," said security expert Cris Thomas, aka Space Rogue, in a Dark Reading interview in October. "No one really knows what is socially acceptable and what is not when it comes to cyber. We have no 'Geneva Convention' for cyber."  According to Reuters reports, "One decision that has been made, [officials] said, speaking on the condition of anonymity, is to avoid any moves that exceed the Russian election hacking and risk an escalating cyber conflict." As Christopher Porter, manager of the Horizons team at FireEye explained in a Dark Reading interview in October, Russian doctrine supports escalation as a way to de-escalate tensions or conflict. "If the US administration puts in place a proportional response, Moscow could do something even worse to stop a future response … I think that is very dangerous." "The administration, fellow lawmakers and general public must understand the potentially catastrophic consequences of a digital cyber conflict escalating into a kinetic, conventional shooting-war," said Intel Security CTO Steve Grobman, in a statement. "While offensive cyber operations can be highly precise munitions, in that they can be directed to only impact specific targets, the global and interconnected nature of computing systems can lead to unintended consequences.
Impacting digital infrastructure beyond the intended target opens the door to draw additional nation states into a conflict.

This increases risk to civilian populations as countries see the need to retaliate or escalate." Related Content:   Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ...
View Full Bio More Insights