New service to fight cybersecurity threats to African banks
April 2019, Cyber Security
Foregenix is launching a service to combat the new and growing breed of cyber-attacks on African banks. The global cybersecurity firm, which specialises in the financial services and has a regional hub in Johannesburg, is introducing the Foregenix Threat Sweep.
Based on Foregenix’s established Serengeti technology, the service cuts the dwell-time of attackers within an organisation to hours from an industry average of around 100 days.
The new service cuts through the noise and identifies latent threats in a matter of minutes. Threat Sweep is backed-up by a threat intelligence team and senior digital forensics and incident response analysts performing threat hunts on specific issues experienced within the sector. The combination of technical innovation and human elements mean threats are detected quickly and mitigated efficiently.
Among the rapidly emerging attacks Threat Sweep is aiming to combat is the surge in ATM cashout type attacks (FASTCash). These attacks on issuing banks or payment card processors exploit weak internal system architecture and security controls of processing switches (servers) and then use a small subset of cloned payment cards at ATMs to fraudulently withdraw large amounts of money in untraceable hard currency.
The CEO of Foregenix, Andrew Henwood explains: “ATM cashouts allow hackers to extract vast sums of money in less than 30 minutes by compromising the backend and eliminating the removal limits on these accounts. This is all done in an almost risk free manner. So it is essential to be extra vigilant and perform additional checks within the payment environment, even if there is no obvious breach as attackers typically lie dormant for months.”
Henwood adds: “As a PCI Forensic Investigator, we are seeing regular requests for assistance from organisations experiencing ATM cashout attacks. Previously, these were on the periphery but are now becoming a weekly phenomenon on some parts of the continent.”
The Threat Sweep service offers immediate response to this type of critical situation. It is offered for a fixed-time and cost for 30-days and most clients opt to extend into the Foregenix MDR service.
Henwood comments: ‘Unfortunately, in most of our forensic investigations, banks and organisations are failing to detect when their systems were initially compromised. From analysis of our casework we see 135 days elapsing before an alert is raised and by that point the hacker typically knows and understands the environment better than the IT administrators, they are well-established and have already harvested large amounts of valuable personal and financial data.
“Many organisations rely on the traditional security systems – firewalls, antivirus, patch management – but they are still being breached. With new threats emerging, our rapid response service meets an increasing need for the sector to accurately establish their threat and risk level and take appropriate action.”
For more information go to www.foregenix.com
- When cybercrime affects health and safety
April 2019, This Week's Editor's Pick, Cyber Security
The threat of a category-one cyber-attack is that everything could seem right – the readings on the meter could be fine, checklists would be followed, and equipment would work – yet danger could still unfold.
- Cyber/physical perils in hospitality
April 2019, Wolfpack Information Risk, This Week's Editor's Pick, Cyber Security, Entertainment and Hospitality (Industry)
How can we prepare for our holidays and avoid becoming the victim of a scam or data breach?
- Cloud and mobile deployments are the weakest links
April 2019, Check Point South Africa, Cyber Security
Report highlights the cloud and mobile attack vectors used to target enterprises: nearly one in five organisations experienced a cloud security incident in the past year.
- Rethink security priorities
April 2019, News, Cyber Security
Cryptocurrency mining is up 237%, phishing attacks increase by 269%, business email compromise attacks have gone up by 28%.
- New supply chain attack
April 2019, Kaspersky Lab, Cyber Security
Kaspersky Lab has uncovered a new advanced persistent threat (APT) campaign that has affected a large number of users through what is known as a supply chain attack.
- Overcoming the 2019 cyberthreat
April 2019, IT infrastructure, Cyber Security
The flexibility of remote working is good, however, the wider a network perimeter has to stretch, the more scope exists for security breaches.
- Halt, who goes there?
March 2019, Technews Publishing, Wolfpack Information Risk, This Week's Editor's Pick, Cyber Security
As long as organisations treat their physical and cyber domains as separate, there is little hope of securing either one.
- IoT is convergence in action
March 2019, Gijima Electronic and Security Systems (GESS), NEC XON, Technews Publishing, Axiz, G4S South Africa, This Week's Editor's Pick, Cyber Security, Integrated Solutions, IT infrastructure
The Internet of Things gains more than enough attention these days, but the IoT demonstrates the reality of the convergence between the physical and cyber worlds, and physical security is part of it.
- Stop hacking of access control systems
March 2019, This Week's Editor's Pick, Access Control & Identity Management, Cyber Security
Think someone hacking your access control system not a big deal? Scott Lindley suggests that you think again.
- New cybersecurity pavilion for Securex 2019
March 2019, Securex South Africa , This Week's Editor's Pick, Cyber Security, News, Conferences & Events, Training & Education
Securex South Africa 2019 has announced that 4Sight Technologies, a subsidiary of an international holdings company focusing on investing in Industry 4.0 companies, has signed on as the official sponsor ...
- Security by design
March 2019, Johnson Controls, Cyber Security, Integrated Solutions
The security of the platforms on which physical security products are built will increasingly impact purchase decisions and market positions.
- A logical solution for cyber solutions
March 2019, Suprema, Cyber Security, Access Control & Identity Management, Products
BioMini Slim 2 is a thin, FBI PIV and FBI Mobile ID certified FAP20 optical scanner with a large platen for easy capturing of fingerprints.