- Education & Events
- Advocacy
- Products & Services
- Membership
- Resources
- SDBANKER Magazine
- SDBA eNews
- SDBA eNews Archives
- Legislative Update/Bill Watch
- South Dakota Bank Directory
- Women in Banking
- Scenes of South Dakota Calendar*
- Holiday Signs
- Regulatory Report
- South Dakota Banking Code
- Record Retention Manual
- Advertising & Sponsorship Guide
- COVID-19 Resources
- Mental Health and Crisis Prevention
- About
|
ABA Banking Journal: FS-ISAC releases framework to help financial institutions fight phishingNovember 20, 2024
The Financial Services Information Sharing and Analysis Center this week published a framework of recommended best practices to help financial services institutions counter phishing attacks. The report — “Stop the scams: A phishing prevention framework for financial services” — lists strategies to counter phishing, noting that three U.S. banks reported a 50% reduction in text abuse scams after implementing its recommendations. According to an FS-ISAC summary, the framework’s recommendations fall into four broad categories: collecting intelligence from consumers and sharing it among a firm’s departments, employees and customer education; maintaining a catalog of telephone numbers used by the institution and third-party partners to prevent spoofing; and collaborating with telecommunications providers to deploy anti-phishing solutions. The framework also recommends that institutions implement two best practices. First, institutions should design a fraud and phishing intake process with clear, concise questions to gather actionable intelligence while minimizing the burden on consumers. Second, they should set up an “abuse box” infrastructure, enabling consumers to report phishing attempts. In related news, the American Bankers Association’s media campaign — #BanksNeverAskThat — provides banks with free resources to educate customers about phishing threats. CISA News: Was Amazon Hacked? No—Your Account And Password Have Not Been Compromised. Here’s What You Need To KnowNovember 13, 2024 | Davey Winder, Senior Contributor, Forbes Amazon has confirmed that some data was breached during the spate of MOVEit software exploits that started during May 2023. The MOVEit cyber attacks hit several large organizations, including the BBC, British Airways, Shell and several government agencies, as hackers targeted a critical SQL injection vulnerability, CVE-2023-34362, in the software. But as the news breaks, more than a year on, that Amazon data was breached, customers now want to know if their accounts are safe and whether they should change their passwords. Amazon Has Not Experienced A Security Event, A Spokesperson SaidA statement released by Amazon spokesperson Adam Montgomery on Nov. 11 has clarified the nature of the data breach and denied that Amazon or Amazon Web Services had “experienced a security incident.” The MOVEit exploit impacted an unnamed third-party property management vendor that includes Amazon as one of its customers. “We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon,” the Amazon spokesperson, Adam Montgomery, said. The good news is that there would appear to be no impact upon customer accounts or credentials. “The only Amazon information involved was employee work contact information,” Montgomery said, “for example, work email addresses, desk phone numbers, and building locations.” What Do Security Professionals Say About The News That Hackers Have Accessed Amazon Employee Data?Forbes contributor Lars Daniel said the breach was carried out by a threat actor going by the name of Nam3L3ss — oh, the irony. They recently posted data from 25 organizations, including Amazon, and warned there is an archive in excess of 250TB that includes “entire databases from exposed web sources including mysql, postgres, SQL Server databases and backups, azure databases and backups etc." While it is, obviously, good news that Amazon customer data was not impacted by the MOVEit breach, the bad news is that third-party supplier security continues to be in the hacker crosshairs. "This update to an older vulnerability exploit reinforces how third-party software remains one of the largest and least manageable cybersecurity risks organizations face,” Joe Silva, CEO at cybersecurity vendor Spektion, said, “including large and technically sophisticated enterprises.” While the MOVEit attacks from last year haven’t had anywhere near the same media coverage this year, it’s old news to a large degree, this latest update shows that attackers are continuing to monetize the compromised data. “Nam3L3ss is not thought to be a part of the initial MOVEit attack,” Kevin Robertson, chief operating officer at Acumen Cyber, said, “but some of its data has landed in their hands, which provides evidence of how stolen data markets across the dark web.” The Amazon update also serves as a timely reminder, Robertson said, “for organizations to prioritise their supply chain resilience, because once data is stolen and ends up on the dark web, it rarely goes away.” There are many lessons to be learned from both the original MOVEit compromise of an Amazon third-party contractor and the fallout that has continued in the many months that followed. “One of the main lessons is that any place where your data resides is a place that data can be compromised,” Roger Grimes, data-driven defense evangelist at KnowBe4, said. “Every vendor relationship that either has access to your network and data or who you send data to, for whatever reason, is a new place for a potential compromise.” Some Amazon Customers Are Convinced That Their Data Was Compromised And Used Fraudulently Following The MOVEit Cyber AttackSince the publication of this news story, I have been contacted by numerous Amazon customers across various methods of communication but with one thing in common: they insist that their accounts were hacked during the MOVEit attack in 2023. The problem here is that an article such as this one stars up memories of events past and, without wishing to patronize anyone who has found themselves victim to an account compromise, made connections that simply aren’t there. I apologize for not replying to all of you individually, that would simply have taken too much time, but if you are reading this be assured that just because your account was compromised around Black Friday or Cyber Monday week, or earlier in 2023, does not mean that MOVEit hackers were to blame. Another common thread connecting those who contacted me was that phrase “I clicked on the link which took me straight to my Amazon account.” This is, I’m afraid, the giveaway that these were opportunist phishing attacks taking advantage of interest in the Black Friday sales, and nothing more. Therefore, the advice that Amazon customers do not need to change their passwords or check their credit cards for signs of fraud reasons the same. ABA Banking Journal: Banks, credit unions urge lawmakers to reject new credit card mandatesNovember 18, 2024
Any legislative initiatives to expand the power of the federal government to intervene in the U.S. credit card market would harm small businesses and consumers across the country, the American Bankers Association and seven bank and credit union associations said in a joint letter to the Senate Judiciary Committee, which will hold a hearing on the issue Tuesday. In the letter, the associations expressed their strong opposition to the Credit Card Competition Act, a retailer-backed bill that would impose network routing requirements on banks that issue credit cards, and any attempt to expand the Durbin amendment. The groups also expressed disappointment with the committee’s decision to hold the hearing during the lame-duck session of Congress and not invite testimony from community banks or credit unions harmed by the proposal. Committee Chair Dick Durbin (D-Ill.) is co-sponsor of the Credit Card Competition Act along with Sen. Roger Marshall (R-Iowa). The negative repercussions of the Durbin amendment are still being felt nearly 15 years after it was signed into law,” the groups wrote. “A 2022 report from the Government Accountability Office found that if the Durbin amendment ‘had not been implemented, 65% of noninterest checking accounts offered by covered banks would have been free.’” The groups said that imposing regulations on credit card interchange fees will lead to similar consumer harm, citing recent research that estimates the Durbin-Marshall bill would raise the cost of checking account services to consumers by $1.3 to $2 billion a year. They also noted the bill will “open the door to fraud, hamper rewards programs, and limit the allocation of credit to individuals and small businesses.” The letter also highlighted survey data that shows U.S. consumers value their cards and oppose the federal government reaching into their wallets. FinCEN Releases Commercial on Beneficial Ownership Information Reporting |
Extra copies of our 2025 Scenes of South Dakota Calendar are available to purchase. This newly designed calendar features photo submissions by South Dakota bankers, their family members, and friends.
Participants will learn how to assess and analyze a bank’s financial performance by working with data from real institutions. Using financial statements from one sample financial institution along with statements from their own banks, participants will become familiar with the ins and outs of balance sheets and income statements and learn how to apply key performance metrics to the data presented in these documents.