Finastra, a global financial technology provider serving over 8,000 institutions, experienced a data breach in November 2024. Attackers leveraged compromised credentials to access the company’s internally hosted Secure File Transfer Platform (SFTP). Approximately 400 gigabytes of sensitive data were exfiltrated by the attackers, a group identifying themselves as "abyss0." This stolen data was subsequently offered for sale on cybercrime forums.
400GB of Sensitive Finastra Data Stolen via Compromised Credentials
Attackers exploit weak authentication to access secure file transfer platform.
What is the attack?
Why did it get through?
Compromised Credentials: The attackers used stolen or weak credentials to gain unauthorized access to the SFTP platform.
Lack of Multi-Factor Authentication (MFA): The absence of MFA or its incomplete implementation likely allowed attackers to exploit the stolen credentials without additional security barriers.
What is required to solve for this attack?
Credential Security: Implement robust authentication measures, including multi-factor authentication (MFA), for all access to critical systems. Enforce regular password rotations and monitor for credential leaks on dark web marketplaces.
Behavioral and Anomaly Detection: Deploy tools to monitor for unusual system activity, including abnormal API usage, privilege escalation attempts, and deviations from baseline behaviors to detect and respond to potential attacks in real time.