Private cloud computing provides businesses with flexible, scalable, on-demand IT resources. However, security remains a significant challenge. The very principles that make cloud computing attractive run counter to cybersecurity best practices, such as separation and segmentation. Malicious actors seek these open environments where much of the lucrative data they desire can be found, and if a virtual environment, without proper security and segmentation in place, is compromised, the attacker has access to everything – critical data included. Download the Network Segmentation use case to see how the Palo Alto Networks Next-Generation Security Platform applies segmentation to increase security and protect applications and data in a virtualized data center.

Read how thousands of banks, institutional investors, asset managers, broker-dealers and financial institutions across the globe prevent successful cyberattacks.

Unit 42 tracks Nigerian Threat Actors and finds they've evolved into capable and formidable adversaries successfully attacking major companies and governments.

The Security Reference Blueprint for Financial Services IT enables institutions to augment the security of existing infrastructure, enable new applications, provide greater access to data, and prevent advanced threats without disrupting vital operations.

By taking a pragmatic approach to introduce network segmentation, financial institutions can minimize business disruption and reap benefits, such as limited exposure after an intrusion, and reductions in lost productivity, remediation costs, and reputational damage from actual loss of personally identifiable information (PII) or financial data. This white paper discusses how network segmentation enables financial institutions to survive intrusions and minimize or prevent data breaches.

In May 2016, Unit 42 observed targeted attacks primarily focused on financial institutions and technology organizations within Saudi Arabia. Artifacts identified within the malware samples related to these attacks also suggest the targeting of the defense industry in Saudi Arabia, which appears to be related to an earlier wave of attacks carried out in the

Hear Matthew McLimans, Sr. Network Security Engineer at Warren Rogers Associates discuss how the Palo Alto Networks Next-Generation Security Platform deployed in Amazon Web Services (AWS) segments network traffic coming from thousands of remote data collection devices, prevents malicious traffic from infiltrating fuel system diagnostics and reporting systems, white-lists applications and services, and segments cardholder data to ensure PCI compliance in the company’s cloud-based data center.

We recently discovered 22 Android apps that belong to a new Trojan family we’re calling “Xbot”. This Trojan, which is still under development and regularly updated, is already capable of multiple malicious behaviors. It tries to steal victims’ banking credentials and credit card information via phishing pages crafted to mimic Google Play’s payment interface as

The AUTR provides visibility into the real-world threat and application landscape, helping security teams to understand how adversaries are attempting to attack organizations around the world and build proactive, actionable controls. Built by the Unit 42 threat research team, the report correlates data from more than 7,000 enterprise organizations, providing broad visibility into critical trends.

After Brian Krebs reported the September arrests of alleged key figures in the cyber crime gang that developed and operated Dridex, Unit 42 observed a marked decrease in activity related to this banking Trojan – at least until today.  Dridex re-entered the threat landscape with a major e-mail phishing campaign. Leveraging the Palo Alto Networks

Retefe is one of the most targeted banking Trojans currently in the wild. While other families such as Zeus and Citadel are widely adopted by attackers targeting banking websites around the world, Retefe is consistently used to target victims in Sweden, Switzerland and Japan. In the last two weeks we have detected a surge of

Ashutosh Kapse, IOOF Holdings talks about why IOOF chose the Palo Alto Networks platform to meet its cybersecurity challenges.

The volume of malware alerts received by security teams in Financial Services can now reach into the tens of thousands daily. Properly addressing these requires tools and security products that deliver a high degree of automation and eliminate many of the manual tasks that security teams still have to deal with when using traditional products. During this webinar, we describe how an integrated and streamlined approach to security can not only detect the most aggressive threats before they cause any damage, but also block any further propagation of malware through an automated closed loop approach that minimize the reliance on manual intervention.

Critical datacenter assets are at the heart of financial services (and many other industries) enterprise networks. Unfortunately, it’s still too easy for attackers to get into the datacenter through an insider, a partner, a side server, virtualization, or even a development environment. A new frame of mind for security is needed to protect today’s and tomorrow’s data, application, networks, and systems

Session Traversal Utilities for NAT (STUN) is a network protocol with standardized methods that enables an internal network address space host employing Network Address Translation (NAT) to determine its Internet-facing/public IP address. STUN has several legitimate uses, including enablement of NAT traversal for voice over IP (VOIP), messaging, video, and other IP-based interactive communication. As

Read how financial institutions around the world can minimize risks presented by cybercriminals.

The theft of credit card data continues to grow at an alarming rate. It is costly to credit card companies and merchants, and it undermines consumer confidence. The Payment Card Industry has developed the PCI Data Security Standard (PCI DSS), which includes 12 requirements for protecting cardholder data. Despite substantial investments made in securing their networks, organizations are realizing that being PCI compliant does not mean an enterprise is protected against advanced cyberattacks.

In the face of government regulation such as the Health Insurance Portability and Accountability Act (HIPAA), personal health information (PHI) continues to leak into the public domain at an alarming rate, resulting in fraudulent insurance claims, identity theft and other costs to the health care industry. Research indicates PHI can easily be found on peer-to-peer (P2P) filesharing networks. But why?

In this edition of the threat review, we will follow the money with a dive into the world of banking malware and its growth into one of the most popular and lucrative avenues for professional hackers. We will take a closer look at Zeus, how it has evolved over time, and spawned a new generation of financial botnets that promise to cause even more damage. As always, we will cover the skills and intelligence you will need in order to protect your networks from these rapidly evolving threats.