An overview of recent large scale attacks / black swan events in the news from 2018 untill recent:
The hack is thought to be just the latest in a long string of attacks on American companies that have earned the cybercriminals’ alleged leader, Maksim Viktorovich Yakubets, 33, a $5m bounty on his head from the FBI. The Guardian
As the result of a breach at Waydev, one of Dave's former third party service providers, a malicious party recently gained unauthorized access to certain user data at Dave. ZDnet
The master key is a 36-digit code that allows its holder to decrypt the bank's operations and even modify banking systems. The rogue employees gained access ato ccounts and make more than 25,000 fraudulent transactions. ZDnet
An insidious Android application is trying to steal users’ login credentials, and their money, by impersonating Brazilian banks. The malicious code is designed to steal the text messages that people use as a secondary security measure to log into their bank accounts. Cyberscoop / IBM
"a perceived irrecoverable destruction, alteration or encryption of account balances of one or several financial institutions could constitute a sufficiently severe shock to the financial system." Finextra
The high street chain said the issue affected less than 1% of the company’s 14.4 million active loyalty card users – around 150,000 people. The attack on Boots cards comes two days after a similar security breach with Tesco Clubcards. Metro
Equifax was forced to pay a $700m (£541m) settlement to the Federal Trade Commission. At least $300m of the settlement went towards paying for identity theft services and other related expenses run up by the victims. BBC
In one of the more severe scenarios, in which banks hoard liquidity in response to the attack, foregone payments could amount to up to 2.7 times US gross domestic product. Even a cyber attack on banks with less than $10 billion in assets would "impair a significant amount of the system." Business Insider
The fingerprints of over 1 million people, as well as facial recognition information, unencrypted usernames and passwords, and personal information of employees... TheGuardian
On Thursday, 7-Eleven Japan suspended a recently-launched mobile payments feature on its 7Pay app after a flaw allowed a third party to make bogus charges on hundreds of customer accounts. The Verge
"Experts say that with access to these details, fraud could be committed on a mass scale." Sydney Morning Herald
Redbanc confirmed that he suffered a new cyber attack that affects 41,593 credit and debit cards from 13 banking and non-banking institutions. Cooperativa
Around £354 million has been lost in the last year alone - most of it stolen from personal accounts. Evening Standard
"What is known as 'crime as a service' has been a growing feature in recent years, allowing organised crime gangs to switch from their traditional haunts of drugs to much more lucrative cyber-crime." BBC News
Filings have revealed that Amazon suffered a fraud attack with hackers stealing funds for over six months in 2018. The 'extensive' fraud involved hackers breaking into roughly 100 merchant accounts and siphoning cash from loans or sales into their own accounts. Daily Mail
"The next crisis is going to come from a different place," Hunt said. Business Insider
a smaller series of attacks allowed hackers to siphon off 300 to 400 million pesos, or roughly $15 to $20 million from Mexican banks. Here's how they did it. WIRED
Bank of Valletta shut down all its operations on Wednesday morning. All of the bank’s functions - branches, ATMs, mobile banking and even email services - were suspended and its website taken offline. Times of Malta
Metro Bank has become the first major bank to be named as a victim of a new type of cyber attack targeting the codes sent via text messages to customers to verify transactions. The Telegraph
Foreign-based hackers had breached the security systems of several domestic banks and added that “large sums of money have been taken out from bank accounts”. Data of more than 8000 accounts of 10 banks were available for sale in dark web. Pakistan Today
An investigation by the FCA found flaws had left account holders vulnerable and the bank's response was "too little, too late".
It is the first time the FCA has issued a fine for a cyber-related incident. Tesco Bank said that since the incident it had "significantly enhanced" security measures. Sky News
But the next crisis might not come from a financial shock at all. The more likely culprit: a cyber attack that causes disruptions to financial services, especially payments systems, around the world. Harvard Business Review
Cyber criminals hacked the systems of India’s Cosmos Bank and siphoned off nearly 944 million rupees (US$13.5 million, RM55.1 million) through simultaneous withdrawals across 28 countries over the weekend, the bank has told police. Malay Mail
The criminal operation has struck banks in more than 40 countries and has resulted in cumulative losses of over EUR 1 billion for the financial industry. The magnitude of the losses is significant: the Cobalt malware alone allowed criminals to steal up to EUR 10 million per heist. Europol
The comments come after the small private lender on Saturday had disclosed it had discovered the three “fraudulent remittances”, which were sent via correspondent banks to accounts in Dubai, Turkey and China. Reuters
The timeline is based on data compiled by new outlets and gathered by Belleron, with disclosure of source. Incidents that occurred after 2018 are based on data found in the media and on a monthly basis and are subsequently added to the timeline.
With respect to associating a specific date with an incident, which may be part of a larger financial attack, the dates for each event are either using the starting date/month of the incident, if known, or when the incident was first reported. For further questions about the method, please contact the team here. Belleron is not responsible for any of the content provided or relayed via this timeline.