Popular financial software and services provider, Finastra, whose clientele includes 45 of the world’s top 50 banks, is reportedly warning these institutes of a potential breach affecting one of its internally hosted file transfer platforms.In an Incident Disclosure letter sent to its customer firms, first obtained and reported by cybersecurity journalist Brian Krebs, Finastra said that it discovered suspicious activities on a secure file transfer platform (SFTP) the company leverages to send large files outside of its networks.”We are continuing to investigate root cause, but initial evidence points to credentials that were compromised. The source of the compromise is a priority aspect of the investigation,” Finastra said in a statement issued on Thursday.A threat actor, using the alias “abyss0,” posted claims for the breach on BreachForums, attempting to sell the allegedly stolen data. The BreachForum post from abyss0, which has since been deleted from the forum, claimed it possessed 400GB of customers and internal data. The actor put up the entire data for sale, sharing a preview for interested dark web buyers.The data, abys00 had said, is from Finastra’s Enterprise Service Bus (ESB) and has been exfiltrated via IBM Aspera, a Fast Adaptive Secure Protocol (FASP) based file transfer solution.”Not everything just stuff we deemed as important,” abys00 added. “There is a lot of files and different file format.”The Fintech vendor powers operations for around 8100 financial institutions in over 130 countries, including solutions for lending and corporate banking, the threat actor added.The customer data in question may pertain to transactional details and financial records. Internal documents may include Finastra’s operational data, transactional details, and documents related to its services.
Finastra assures no direct impact on business
“On November 7, 2024 Finastra’s Security Operations Center (SOC) detected suspicious activity related to an internally hosted Secure File Transfer Platform (SFTP) we use to send files to certain customers,” Finastra said in a statement. “This incident was limited to the one platform and there was no lateral movement beyond it. Importantly, this was not a ransomware attack, no malware was deployed to the Finastra network, and there is no direct impact on Finastra’s customer operations or systems.” The Fintech solutions provider said it first communicated this incident to customers on November 8 and has remained in direct contact with them.”We are analyzing affected data to determine what specific customers were affected, while simultaneously assessing and communicating which of our products are not dependent on the specific version of the SFTP platform that was compromised. The impacted SFTP platform is not used by all customers and is not the default platform used by Finastra or its customers to exchange data files associated with a broad suite of our products, so we are working as quickly as possible to rule out affected customers. This is a time-intensive process because we have many large customers that leverage different Finastra products in different parts of their business. We are prioritizing accuracy and transparency in our communications,” the company said.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3610267/finastra-investigates-breach-potentially-affecting-top-global-banks.html
