[BreachExchange] Fintech company Finastra hit by ransomware

Destry Winant destry at riskbasedsecurity.com
Tue Mar 24 10:25:05 EDT 2020


https://www.zdnet.com/article/fintech-company-finastra-hit-by-ransomware/

Finastra, a London-based company that provides financial software and
adjacent services to the world's banking sector, has disclosed a
security incident today.

In a statement posted on its website, the fintech giant said it was
infected with ransomware strain. The UK company said it discovered the
intrusion into its systems after staff detected what they described as
"potentially anomalous activity."

"Out of an abundance of caution, we immediately acted to take a number
of our servers offline while we continue to investigate," Tom Kilroy,
the company's Chief Operating Officer said in a public statement.

Notifications were also sent to the company's customers and employees
who were directly impacted by the server shutdowns. In calls with
customers, the company promised to have all impacted servers up and
running by Monday morning.

Once the security breach became public knowledge earlier today,
security researchers were quick to point out Finastra's less than
stellar security posture.

Threat intel firm Bad Packets said that its internet-wide scans had
discovered last year that the fintech company had run unpatched
servers for a long time, leaving its systems exposed to attacks.

According to Bad Packets, Finastra ran outdated Pulse Secure VPN
servers last year, and also ran outdated Citrix servers earlier this
year.

Both server technologies had been plagued by severe vulnerabilities
that were mass-exploited by hackers for the past months -- including
by both ransomware gangs and state-sponsored groups [1, 2].

At the time of writing, Finastra has declined to share details about
what happened on its systems, citing an ongoing investigation;
however, the company said that it did not find "any evidence that
customer or employee data was accessed or exfiltrated, nor do we
believe our clients' networks were impacted."


More information about the BreachExchange mailing list