Noted computer security journalist Brian Krebs who wirtes the Security Fix blog and also for the Washington Post has recently chronicled in his blog the escalation of costly cyber security incidents encountered by small and medium businesses. This three part article highlights these developments and suggests several practical and affordable defensive measures for small and medium businesses. To request a complete copy of the article you can email us: info [at] calyptix [dot] com.
How attacks occur. The victims of this type of fraud have told Krebs different stories, but the basic elements are the same. Malicious software is planted on the company's PC that allows the crooks to gain access to the victim's corporate bank account online. The attackers wire chunks of money to accomplices called “money mules” in the United States who then wire the money to the fraudsters overseas.
Common ploys include email targeting the company’s controller, accounting staff or other high level executives. These email contain a virus-laiden attachment or link to a web site, that when opened, surreptitiously installs malicious software. The malicious software is designed to be undetected and steal passwords and other banking credentials. Once the credentials are obtained and communicated back to the fraudsters, the crooks start transferring small amounts (less than $10,000) out of the account to the “money mules.” The transfers can take the form of wire transfers and even checks paid as online bill payments.
A recent intelligence report circulated among the financial services industry on September 14, 2009 reported one such scheme involving a new series of spam originating from the “Cutwail botnet” - the world's highest volume spam sending botnet (90,000 spam per hour). In this case, the spam purports to come from the U.S. Internal Revenue Service (IRS) and contains a link to the IRS web site. Instead, the link directs the recipient to a site that downloads malicious software. Users are advised to be aware that the IRS does NOT send email to conduct business, and any spoofed emails should be deleted immediately.
Today's underground online fraud economy is a sophisticated international business model equipped with expertise and multi-levels of participants. The lead research at RSA's Anti-Fraud Command Center illustrates the main goals of online fraud as "harvesting" and "cash-out." Harvesting is where criminals target user access credentials by skimming, phishing or Trojans, and cash-out fraudsters are after the profit (money) through e-commerce transactions or online banking transfers using sophisticated malware-mostly Trojans. Online fraudsters collaborate and set up business relationships through online forums to share information, tools and discuss the latest business opportunities.
The sophistication of the malicious software varies and can be extremely difficult to detect. For instance, one data-stealing Trojan program known as "Zeus" allows the attacker to change the display of a bank's login page as a victim is entering their credentials. For example, when a victim submits his one-time password along with his credentials, the malware may force the browser to return a counterfeit page (still showing the bank's domain name in the URL bar) stating that the bank's site is down for maintenance, please try back again in 15 minutes. Meanwhile, those credentials are not submitted to the bank but instead sent to the attackers. While the unwitting victim waits as instructed, the thieves use the intercepted credentials to log in as the victim and initiate unauthorized transfers from that account.
Part III: Practical steps to take.
1 comments:
I want to quote your post in my blog. It can?
And you et an account on Twitter?
Post a Comment