Skip to main content


Advisory: Core Processor Finastra Services Disrupted by Breach

Advisory: Core Processor Finastra Services Disrupted by Breach

On Friday, March 20, 2020 Finastra notified its customers of a security incident that is currently impacting its customers. The statement Finastra released on its website is as follows:

“Earlier, Finastra teams learned of potentially anomalous activity on our systems. Upon learning of the situation, we engaged an independent, leading forensic firm to assist us in investigating the scope of the incident. Out of an abundance of caution, we immediately acted to take a number of our servers offline while we continue to investigate.

We are working to resolve the issue as quickly and diligently as possible and to bring our systems back online, as appropriate. We are in touch directly with any customers who may be impacted. Safeguarding our assets and those of our customers remains paramount, and we have committed to updating our stakeholders regularly and providing more information as it becomes available.”


Brian Krebs, the notable security researcher, also posted about this story on his website. Krebs points out that while Finastra has not explicitly mentioned the cause of the outage, “their response so far is straight out of the playbook for dealing with ransomware attacks.”

Also according to Krebs, statements received by Finastra clients inform of a “potential security breach.” The incident has caused Finastra to “temporarily disconnect from the internet the affected servers, both in the USA and elsewhere, while we work closely with our cybersecurity experts to inspect and ensure the integrity of each server in turn.”

The timeframe for restoration of Finastra’s services is unknown, leaving many financial institutions across the US looking for answers and trying to help their customers access their funds. Unfortunately, many of these financial institutions have recently closed their lobbies and/or implemented strict Social Distancing practices while informing their customers of all the ways they can access their funds digitally. This Finastra disruption combined with the COVID-19 pandemic is a worst-case scenario for financial institutions and the customers that need to access their funds to support their families.


Additionally, according to a story from ZDNet and threat intelligence firm Bad Packets, research has shown that Finastra's internet-facing security measures were lacking. According to Bad Packets, Finastra had been running vulnerable Pulse VPN servers and outdated Citrix servers recently.


It’s not known at this point how long this Finastra outage is projected to last, but the average ransomware outage lasts 16 days.

Finastra’s core processing services make up about 4.5% of the core processor market, making the provider the #5 core banking provider globally.

One of the biggest risks to financial institutions is utilizing vendors and managed service providers to deliver products and services that are critical to business operations. SBS CyberSecurity will be hosting an upcoming Virtual CyberSecurity Conference that will discuss Managing Your Managed Services Provider. Stay tuned - more details to come soon!


Always remember, information security is a journey, not a destination.


It's more important now than ever to remain vigilant when it comes to cybersecurity. Watch the Hackers Don't Stop for a Pandemic: Tips to Remain Cyber Safe video for five cybersecurity tips to keep in mind during this time.


Written by: Jon WaldmanPartner,
EVP – IS Consulting – SBS CyberSecurity, LLC 

SBS Resources: 

  • {Service} Full Service Vendor Management: SBS security experts will get to work for you by taking on the daunting responsibility of vendor management. Your organization will be able to make better data-driven security decisions without having to do all the background work. Learn More
  • {Blog} Is the Fox Guarding the Hen House?: You have likely heard the expression “Fox Guarding the Hen House.” This phrase describes the situation that occurs when someone takes on the role of supervising and protecting valuable things when they have a bias or conflict of interest with the valuables they are protecting. In cybersecurity, one example of this is when Managed Services Providers are responsible for both IT operational services AND the auditing and verification that shows how well the services are being performed. Read blog.
  • {Blog} Choosing a Managed Service Provider: As the cost of technology and cloud computing have decreased in contrast with the cost of hiring talented technology professionals, more organizations are looking at outsourcing the management of their IT infrastructure today than ever before. However, like any big decision, outsourcing the management of your network to a Managed Services Provider (MSP) should not be made quickly or without careful consideration. Read blog.


Related Certifications:

Join our growing community of financial service professionals showing their commitment to strong cybersecurity with a cyber-specific certification through the SBS Institute. Click here to view a full list of certifications.

Certified Banking Incident Handler 


Hacker Hour webinars are a series of free webinars hosted by SBS CyberSecurity. Unlike paid webinars, Hacker Hours are aimed to meet on a monthly basis to discuss cybersecurity issues and trends in an open format. Attendees are encouraged to join the conversation and get their questions answered. SBS will also offer products and services to help financial institutions with these specific issues.

Posted: Friday, March 20, 2020
Categories: Blog