U.S. FINRA Warns Brokerages of Targeted Phishing Campaign - Binary Defense

Threat Watch

Threat Watch U.S. FINRA Warns Brokerages of Targeted Phishing Campaign

U.S. FINRA Warns Brokerages of Targeted Phishing Campaign

On Monday August 16, 2021, the United States Financial Regulatory Authority (FINRA) released an alert detailing active phishing campaigns that targeted brokerage firms across the industry. Threat Actors are sending out convincing phishing emails reporting violations and impending fines. Three domains are listed below in the alert:

“finrar-reporting.org”
“Finpro-finrar.org”
“gateway2-finra.org”

Notice the added “r” to the two domains at the beginning. The emails ask recipients to complete a request to avoid additional penalties. According to Security Affairs, these domains were registered August 12^th through NameCheap and Hosting Concepts B.V. FINRA has requested the suspension of these domains already.

ANALYST NOTES

It is a common recommendation among security experts to have a mature training program in place for employee security awareness. A program such as this, using positive reinforcement, teaches users strategy and skill to spot the indicators of malicious email. A second step towards a strong defensive posture is enabling your Security Operations Center to deploy effective detections quickly to adapt to changes in strategy by threat groups. Although tedious, filtering out known bad domains can be automated to help relieve the burden placed on analysts. Third, a proactive team hunting for initial compromise will reinforce defensive posture and spot room for additional detection or adjustments needed.

https://www.finra.org/rules-guidance/notices/21-30

https://securityaffairs.co/wordpress/121175/hacking/us-finra-warns-phishing-attacks.html