{"id":940,"date":"2024-11-21T12:13:28","date_gmt":"2024-11-21T12:13:28","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=940"},"modified":"2024-11-21T12:13:28","modified_gmt":"2024-11-21T12:13:28","slug":"finastra-investigates-breach-potentially-affecting-top-global-banks","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=940","title":{"rendered":"Finastra investigates breach potentially affecting top global banks"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

Popular financial software and services provider, Finastra, whose clientele includes 45 of the world\u2019s top 50 banks, is reportedly warning these institutes of a potential breach affecting one of its internally hosted file transfer platforms.<\/p>\n

In an Incident Disclosure letter sent to its customer firms, first obtained and reported by cybersecurity journalist Brian Krebs<\/a>, Finastra said that it discovered suspicious activities on a secure file transfer platform (SFTP) the company leverages to send large files outside of its networks.<\/p>\n

\u201cWe are continuing to investigate root cause, but initial evidence points to credentials that were compromised. The source of the compromise is a priority aspect of the investigation,\u201d Finastra said in a statement issued on Thursday.<\/p>\n

A threat actor, using the alias \u201cabyss0,\u201d posted claims for the breach on BreachForums, attempting to sell the allegedly stolen data.<\/p>\n

400 GB of customer data allegedly stolen<\/h2>\n

The BreachForum post from abyss0, which has since been deleted from the forum, claimed<\/a> it possessed 400GB of customers and internal data. The actor put up the entire data for sale, sharing a preview for interested dark web<\/a> buyers.<\/p>\n

The data, abys00 had said, is from Finastra\u2019s Enterprise Service Bus (ESB) and has been exfiltrated via IBM Aspera, a Fast Adaptive Secure Protocol (FASP) based file transfer solution.<\/p>\n

\u201cNot everything just stuff we deemed as important,\u201d abys00 added. \u201cThere is a lot of files and different file format.\u201d<\/p>\n

The Fintech vendor powers operations for around 8100 financial institutions in over 130 countries,\u00a0including solutions for lending and corporate banking, the threat actor added.<\/p>\n

The customer data in question may pertain to transactional details and financial records. Internal documents may include Finastra\u2019s operational data, transactional details, and documents related to its services.<\/p>\n

Finastra assures no direct impact on business<\/h2>\n

\u201dOn November 7, 2024 Finastra\u2019s Security Operations Center (SOC) detected suspicious activity related to an internally hosted Secure File Transfer Platform (SFTP) we use to send files to certain customers,\u201c Finastra said in a statement. \u201dThis incident was limited to the one platform and there was no lateral movement beyond it. Importantly, this was not a ransomware attack, no malware was deployed to the Finastra network, and there is no direct impact on Finastra\u2019s customer operations or systems.\u201c <\/p>\n

The Fintech solutions provider said it first communicated this incident to customers on November 8 and has remained in direct contact with them.<\/p>\n

\u201dWe are analyzing affected data to determine what specific customers were affected, while simultaneously assessing and communicating which of our products are not dependent on the specific version of the SFTP platform that was compromised. The impacted SFTP platform is not used by all customers and is not the default platform used by Finastra or its customers to exchange data files associated with a broad suite of our products, so we are working as quickly as possible to rule out affected customers. This is a time-intensive process because we have many large customers that leverage different Finastra products in different parts of their business. We are prioritizing accuracy and transparency in our communications,\u201c the company said.<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

Popular financial software and services provider, Finastra, whose clientele includes 45 of the world\u2019s top 50 banks, is reportedly warning these institutes of a potential breach affecting one of its internally hosted file transfer platforms. In an Incident Disclosure letter sent to its customer firms, first obtained and reported by cybersecurity journalist Brian Krebs, Finastra […]<\/p>\n","protected":false},"author":0,"featured_media":925,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-940","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/940"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=940"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/940\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/925"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=940"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=940"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=940"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}