Latest news with #Infostealer
Daily Mail
01-05-2025
- Business
- Daily Mail
Huge change to the way you bank in Australia: What you need to know
One of the Big Four banks is scrapping passwords in a 'revolutionary' change for one million Australians. ANZ is the first Australian bank to offer its customers internet banking without the need for passwords, for its digital arm, ANZ Plus. From mid-2025, one million ANZ Plus customers can choose to log in to internet banking via two different verification methods. They can do it by using a passkey, which is their fingerprint, face or mobile device PIN, or by entering their mobile phone number and approving a log-in request sent to their ANZ Plus app. Maile Carnegie, ANZ Group's Executive for Australia Retail, claimed the changes would 'revolutionise' the way customers accessed their bank account and offer an extra layer of security. 'Not only will it be easier than ever to log in to your account, we're helping our customers bank with confidence knowing their accounts are secure,' she said. 'By introducing this change, we're helping prevent customer log in details from the risk of data breaches or phishing attacks, providing an extra layer of protection, and one less thing for customers to worry about when it comes to banking security.' The bank claimed removing passwords would help protect customers from malware attacks including Infostealer, where passwords were at risk of infection and breaches. It comes as cyber intelligence researchers Dvuln revealed more than 31,000 passwords belonging to customers of the Big Four banks were shared between cybercriminals online, including 7,000 ANZ customers. It was because devices were infected with Infostealer malware. ANZ intends to run its entire retail bank on ANZ Plus by 2029 for its six million customers and its one million Suncorp banking customers. Another of the Big Four banks, NAB, is planning to phase out passwords for internet banking within the next five years. NAB chief security officer Sandro Bucchianer said passwords were 'terrible' and had become progressively more risky as cybersecurity breaches become more widespread. Identity theft had also increased while many people used the same password across multiple websites. Commonwealth Bank recently announced multi-factor authentication for its customers who log in to NetBank. Customers who use the CommBank app are hit with a request for confirmation each time an effort is made to log in to web banking.
Yahoo
30-04-2025
- Business
- Yahoo
Major bank scraps passwords for 1 million customers in Aussie first
ANZ is scrapping passwords for internet banking for its digital banking arm ANZ Plus. The move makes it the first Australian bank to offer a fully passwordless internet banking option. From mid-2025, ANZ Plus customers will be able to log into internet banking through two authentication methods. Either by using a passkey, which could be their fingerprint, face or mobile device PIN, or by entering their mobile number and approving a login request sent to their ANZ Plus app. ANZ Group Executive for Australia Retail Maile Carnegie said the move would 'revolutionise' the way customers accessed their bank account and provide an extra layer of security. RELATED Commonwealth Bank issues RBA interest rate cut warning for mortgage holders Woolworths worker with three jobs shares bank balance as average Aussie savings revealed: 'Uphill battle' Banks reveal impact after Aussies try to drain ATMs in cashless protest 'Not only will it be easier than ever to log into your account, we're helping our customers bank with confidence knowing their accounts are secure,' she said. 'By introducing this change, we're helping prevent customer log in details from the risk of data breaches or phishing attacks – providing an extra layer of protection and one less thing for customers to worry about when it comes to banking security.' ANZ said the removal of passwords could also help protect customers from malware attacks including Infostealer, where exposed passwords are at risk of infection and breaches. Cyber intelligence researchers Dvuln recently revealed more than 31,000 passwords belonging to customers of the Big Four banks had been shared amongst cybercriminals online, including 7,000 ANZ customers. This was due to devices being infected with Infostealer malware, rather than vulnerabilities on the major banks parts. ANZ Plus was launched by ANZ in 2022 as its digital banking platform. It hit one million customers in March and nearly $20 billion in deposits. Carnegie said ANZ Plus would become the "bedrock" of ANZ's retail bank and it would begin to migrate ANZ customers to the digital platform over the coming years. The major bank has previously said it plans to run its entire retail bank on ANZ Plus by 2029, which would include six million retail customers and one million Suncorp banking customers. Fellow major bank NAB revealed it planned to phase out passwords for internet banking within the next five years, replacing them with passkeys and biometric recognition technology. NAB's own digital bank Ubank has already introduced passkeys for customers to access their banking app. NAB chief security officer Sandro Bucchianer described passwords as 'terrible' and said they had become increasingly risky as cybersecurity breaches became more widespread and identity theft increased, with many people using the same password across multiple sites and platforms. Commonwealth Bank, meanwhile, recently introduced multi-factor authentication for customers logging into its internet banking NetBank. Customers who already use the CommBank app are prompted with a request for confirmation via the app each time an attempt is made to log into their web in to access your portfolio
Forbes
31-03-2025
- Business
- Forbes
Infostealer Strikes Samsung—270,000 Records Stolen
Samsung has been hit by a 270,000 record infostealer attack. There really is no shortage of infostealer malware headlines these days. In fact, you might say that this particular type of attack has become something of a security epidemic. Nor does it look like data leaks are going away either, what with new reports of 200 million X user records being given away in an online breach forum. Now, the two have come together as reports surface of 270,000 Samsung customer tickets being made available online. Here's what we know so far. Infostealers. I hate them, and you should as well. If you are a business, on the other hand, you should be ensuring that your customers are protected from them. And that includes, it would seem, from historical attacks. I've already written about time-traveling hackers, but this is different. According to Alon Gal, co-founder and chief technology officer at Hudson Rock, writing at the organization's Infostealers hub, an Infostealer malware attack in 2021 has led to a brand new dump of some 270,000 Samsung customer tickets. Gal warned that Hudson Rock analysts have confirmed that those 270,000 tickets contain full names, email addresses, home addresses, transaction details such as order and model numbers, payment methods, tracking URLs and support interactions, among other data. 'From exact addresses to what TV they bought three years ago,' Gal said, 'it's all there, dumped for anyone to grab—and since it's free, the barrier to entry for exploitation is zero.' The stolen data appears to be from Samsung Germany, and Gal said it can be traced back to an original Infostealers attack back in 2021. At the time, Raccoon malware harvested login credentials from a third party associated with Samsung's German ticketing system, Gal explained. These credentials sat dormant until a hacker called GHNA got their hands on them. And now, Gal continued, '270,000 customer tickets have hit the open internet, most of them from 2025, courtesy of a simple login that never got rotated.' The worst part is that it appears Hudson Rock flagged those stolen credentials in a threat intelligence database years ago. 'Samsung could've acted,' Gal said, 'but they didn't, and now the damage is done.' I have reached out to Samsung for a statement.
