{
	"id": "5e1d5c4d-8e6b-4884-9a2d-4e4b23fa92ce",
	"created_at": "2026-04-06T00:19:57.497112Z",
	"updated_at": "2026-04-10T13:12:23.624337Z",
	"deleted_at": null,
	"sha1_hash": "83ae82c493b35b72ab9e70c5e8cb37c842f7dc42",
	"title": "First Known Targeted OSS Supply Chain Attacks Against the Banking Sector",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 71083,
	"plain_text": "First Known Targeted OSS Supply Chain Attacks Against the\r\nBanking Sector\r\nArchived: 2026-04-05 17:59:01 UTC\r\nLearn how Checkmarx and AWS have partnered to help your financial services\r\nfirm adapt to the evolving landscape\r\nThe way we bank has changed beyond recognition. Where transactions once took place in person within the walls\r\nof impressive buildings, we now see mobile and online banking on the rise. Anywhere, anytime, palm-of-your-hand banking is the norm, and our expectations are shaped by the seamless, personalized app experiences that\r\nhave become the default in the digital universe. At the same time, the global acceleration of digital banking\r\nlicenses has created a new competitive landscape populated by fast-moving market entrants and born-in-the-cloud\r\nproviders.\r\nOne thing that hasn’t changed, though, is the position of trust at the cornerstone of the banking system. Indeed, in\r\ntoday’s volatile economic and cybersecurity environment, building brand trust is more important than ever.\r\nWhether you are a legacy brand or a new market entrant, any lack of trust compromises your ability to succeed.\r\nSo financial services firms face a continuing challenge: how to innovate at the speed required without\r\ncompromising customer safety and system security? Most are turning to the cloud for answers. Its flexibility and\r\nscalability are making it central to financial service organizations’ efforts to embrace new trends and deliver\r\ninnovative services at pace.\r\nAWS has some intriguing solutions to meet the challenge. The cloud leader provides a full suite of services to help\r\nbanks achieve the agility to thrive in the digital age, while certified partners such as Checkmarx ensure the\r\nsecurity of the applications and services banks develop.\r\nRecently, the team at AWS identified seven key trends that are impacting the financial services industry. Here we\r\ntake a deep dive into three areas where AppSec is highly relevant and explore what they mean for the sector.\r\nTrend 1: Customer experience — speed and security must be dual priorities\r\nToday, the economic power is passing to a digital-native generation with little loyalty to legacy banking brands\r\nand great expectations of how personal and business financial services should perform. This means customer\r\nexperience is the modern commercial battleground. Banking must be hyper-personalized and service-led.\r\nIncreasingly, banking is integrated into consumers’ day-to-day journeys through embedded financial services\r\nwithin trusted brands such as Starbucks and Uber.\r\nBanks are leaning heavily on AI and machine learning to predict customer needs through analysis of internal and\r\nexternal datasets, while the omnichannel drive continues through solutions such as authentication based on voice\r\nhttps://checkmarx.com/blog/first-known-targeted-oss-supply-chain-attacks-against-the-banking-sector/\r\nPage 1 of 4\n\nrecognition, real-time sentiment analysis of customer service calls, chatbot support, and automated self-service\r\noptions.\r\nAWS supports these initiatives and many more through cloud-powered big data analysis that allows banks to\r\nleverage AI and machine learning on a massive scale. It also, in its own words, “helps compress time to\r\ninnovation and, ultimately, time to value, by facilitating rapid development, testing, and deployment to produce\r\nnew ideas and customer propositions.”  \r\nAWS allows banks to accelerate innovation through its cloud-native application development services, but they\r\nalso need to ensure the code they create is secure and resilient. Achieving application security assurance without\r\nputting a brake on delivery speed is crucial. However, a recent Checkmarx survey of banking and insurance\r\nCISOs found that 84% of respondents undergoing digital transformation and implementing a cloud-native strategy\r\nwere concerned about secure application development and deployment.\r\nAs an AWS accredited partner, Checkmarx understands that security must work at the speed of DevOps. The\r\nCheckmarx One™ Application Security Platform is designed for the cloud development generation and delivered\r\nfrom the cloud, bringing integrated one-click AppSec testing that allows financial services companies to deploy\r\nmore secure code — fast.\r\nTrend 2: Ecosystem-based banking and banking-as-a-service — APIs take center stage\r\nThe open banking era is unlocking the doors to greater innovation and collaboration. Providers can now seize new\r\nopportunities to develop products that blur the boundaries between different types of financial services. They are\r\nestablishing solutions that offer their banking services, including fully managed banking propositions, to third\r\nparties securely via microservices and a common platform.\r\nAWS identifies two key approaches to this trend. The “marketplace” approach sees banks providing “value-added\r\nand contextualized services to their customers such as ERP integrations or personal finance management.” The\r\naim is to deepen the relationship with individual and business customers beyond basic service provision.\r\nThe “banking-as-a-service” approach sees banks offering a range of services — from standalone specific\r\nregulatory-driven services like Know Your Customer’s Customer (KYCC) to fully managed offerings that let any\r\norganization set up a branded banking service.\r\nCenter-stage in both approaches are the bank’s APIs, designed to allow banking products and services to be\r\ndistributed to customers and third parties. Modernizing API architecture in the cloud accelerates the development\r\nand testing of APIs, making them easier to integrate as well as providing scalability.\r\nCheckmarx API security offers banks and their customers and partners a crucial service that helps discover,\r\ncontrol, and mitigate API security risk. It offers complete visibility into your API inventory and identifies\r\nvulnerabilities and misconfigurations. Controlling API risk is an essential component of developing financial\r\nmarketplace ecosystems and banking-as-a-service solutions.\r\nTrend 3: Cyber event recovery — reducing the attack surface and responding to regulatory requirements\r\nhttps://checkmarx.com/blog/first-known-targeted-oss-supply-chain-attacks-against-the-banking-sector/\r\nPage 2 of 4\n\nGiven its nature, it is not surprising that the financial services sector faces more cyberattacks than any other. On\r\ntop of these external incursions comes the disruption of digital transformation, which can also create\r\nvulnerabilities including third-party and supply chain risk.\r\nBanks are investing in a range of measures designed to manage and mitigate risk and accelerate recovery from any\r\nattack. Reducing the attack surface and minimizing vulnerabilities is an essential activity if the sector is to\r\nsafeguard its reputation and maintain customer trust. Additionally, the growing library of regulations designed to\r\nensure banks are meeting their security obligations means they need to adopt solutions that support compliance.\r\nAWS offers a wealth of solutions to ensure client data is protected and banks can recover quickly from attacks.\r\nThese include Amazon Simple Storage Service (Amazon S3), key management services, software-defined\r\nfirewalls that facilitate network isolation, and geographic sovereignty solutions that meet compliance\r\nrequirements.\r\nThese and many other offerings take care of Amazon’s part of the shared security bargain, however, banks are also\r\nresponsible for securing the workloads they deploy in AWS. This is where Checkmarx steps in, providing\r\ncomprehensive AppSec solutions that integrate seamlessly with AWS SDLC tools to secure the entire process.\r\nCheckmarx addresses all types of application risk, from custom code errors to open-source component\r\nvulnerabilities, API risks, and infrastructure as code misconfigurations.\r\nThese are dynamic times for financial services firms, and AWS with Checkmarx are helping them capitalize on\r\nopportunities while defending against threats — both malicious and competitive.\r\nInterested in learning more?\r\nWe’re exploring these trends in detail in our webinar on May 4, 2023, where AWS and Checkmarx will explain\r\nhow you can turn AppSec into a competitive advantage as you continue your cloud transformation journey.\r\nREGISTER FOR THE WEBINAR\r\nStay Ahead of Supply Chain Attacks: Secure Your Banking Sector Software\r\nProtect your banking sector software from targeted OSS supply chain attacks with Checkmarx’s cutting-edge\r\nsolutions. With Checkmarx SCA, effortlessly generate SBOMs for all your applications, enabling your developers\r\nand security teams to gain immediate insights into potential security risks. Our SBOM generation feature\r\nempowers organizations not only to identify vulnerabilities within their supply chains but also to maintain up-to-date information within constantly changing CI/CD workflows. Ready to fortify your software against\r\nthreats? Request a demo today and take proactive steps towards securing your banking sector infrastructure.\r\nTags:\r\nAppSec\r\nBanking Sector\r\nBreaking News\r\nhttps://checkmarx.com/blog/first-known-targeted-oss-supply-chain-attacks-against-the-banking-sector/\r\nPage 3 of 4\n\nCheckmarx Security Research Team\r\nEnglish\r\nsecurity research\r\nSupply Chain Security\r\nSource: https://checkmarx.com/blog/first-known-targeted-oss-supply-chain-attacks-against-the-banking-sector/\r\nhttps://checkmarx.com/blog/first-known-targeted-oss-supply-chain-attacks-against-the-banking-sector/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://checkmarx.com/blog/first-known-targeted-oss-supply-chain-attacks-against-the-banking-sector/"
	],
	"report_names": [
		"first-known-targeted-oss-supply-chain-attacks-against-the-banking-sector"
	],
	"threat_actors": [],
	"ts_created_at": 1775434797,
	"ts_updated_at": 1775826743,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/83ae82c493b35b72ab9e70c5e8cb37c842f7dc42.pdf",
		"text": "https://archive.orkl.eu/83ae82c493b35b72ab9e70c5e8cb37c842f7dc42.txt",
		"img": "https://archive.orkl.eu/83ae82c493b35b72ab9e70c5e8cb37c842f7dc42.jpg"
	}
}