10Fold – Security Never Sleeps – 89

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: SWIFT, the global financial messaging network that banks use to move billions of dollars every day, warned on Thursday of a second malware attack similar to the one that led to February’s $81 million cyberheist at the Bangladesh central bank. Germany has blamed Russia for a huge cyber attack last year on its parliament and has said that Moscow could be planning further assaults on its institutions. Offices of German chancellor Angela Merkel among those targeted in recent attacks, Trend Micro says. Vormetric announced the results of the Financial Services Edition of the 2016 Vormetric Data Threat Report (DTR).

SWIFT says commercial bank hit by malware attack like $81M Bangladesh hack – Publication: CNBC- Reporter name: STAFF

News of a second case comes as law enforcement authorities in Bangladesh and elsewhere investigate the February cyber theft from the Bangladesh central bank account at the New York Federal Reserve Bank. SWIFT has acknowledged that that scheme involved altering SWIFT software to hide evidence of fraudulent transfers, but that its core messaging system was not harmed. SWIFT had previously acknowledged that the Bangladesh Bank attack was not an isolated incident but one of a number of recent criminal schemes aimed at its messaging platform, which is used by 11,000 financial institutions globally.


Germany points finger at Kremlin for cyber attack on the Bundestag – Publication: Financial Times – Reporter name: Stefan Wagstyl

While Russian connections to cyber attacks on German targets are not new — in January 2015, CyberBerkut, a group linked to Ukraine’s pro-Russia separatists, broke into several German government websites — it is rare for Berlin to point the finger so directly at the Kremlin. A draft defense paper, due to be published in the summer, ranks cyber security second only to global terrorism in a list of 10 threats facing Germany. The tools for cyber attacks are so accessible that individuals and private groups, as well as states, can carry out such offensives, the paper says.


‘Pawn Storm’ APT Campaign Rolls On With Attacks in Germany, Turkey – Publication: Dark Reading- Reporter name: Jai Vijayan

The latest evidence that the group is still alive and operating is an attack last month targeting German chancellor Angela Merkel’s Christian Democratic Union (CDU) party website. As part of the campaign, the threat actors set up a fake webmail server in Latvia designed to look like the CDU’s main webmail server in an apparent attempt to steal the email credentials of party members.  The attackers also set up three separate phishing domains to try and grab the personal email credentials of targeted and high profile users of two German free email service providers.


Security spending rises in areas ineffective against multi-stage attacks – Publication: Help Net Security – Reporter name: Mirko

Vormetric announced the results of the Financial Services Edition of the 2016 Vormetric Data Threat Report (DTR). This edition extends earlier findings of the global report, focusing on responses from IT security leaders in financial services, which details IT security spending plans, perceptions of threats to data, rates of data breach failures and data security stances.