Spotlight on your bank account…yes, YOUR bank account
There’s a race occurring daily and it’s as competitive as any competition imaginable. What’s at stake you ask? Your bank account. Cybercriminals are hard at work, chipping away at any form of protection you or your bank can throw at them.
Its all in the numbers..The bad guys get as many attempts as they want and the bank only has to fail once before millions can be lost and just as many accounts are compromised. The attackers have the advantage, and they know it.
Think you’re too small of a fish to be a target? New data suggests that cyber attacks aimed at small businesses have doubled over the past six months. According to Symantec, 36 percent of all targeted attacks during the last six months were directed at businesses with 250 or fewer employees.
How are they doing it? With your help! Whether it’s a website you visit or an email attachment you’ve opened, the Internet is littered with botnet-creating, information-stealing Trojans. A Trojan is a small program that first infects your computer and then sends information from infected computers to remote servers.
When thousands of copies of a Trojan have been installed on computers all over the Internet, you get a network of machines under the remote control of a cybercriminal — known as a botnet. The reason this method has proven to be so successful for the bad guys is that the owners of the infected machines usually aren’t even aware that anything wrong is happening.
One recent story on how quickly things can go awry
occurred on July 10th, when crooks who’d broken into the computers of a fuel supplier in southern Georgia attempted to transfer $1.67 million out of the company’s accounts. When that failed, they put through a fraudulent payroll batch totaling $317,000, which the victim’s bank allowed. Shortly after the dust settled, the victimized company hired an outside forensics firm to investigate, and found that the trouble started on July 9, when the firm’s controller clicked a link embedded in an image in an email designed to look as though it was sent by the U.S. Postal Service. Read more about it.
Criminals are using these botnets to perform a whole slew of malicious internet activities. Whether it’s mounting distributed denial-of-service (DDoS) attacks or sending out spam emails, like anyone else they’re after the money. Banking Trojan botnets are used specifically to snag login credentials to online bank accounts and payment processors such as PayPal.
While banks are constantly refining online account security by coming up with new methods for authenticating users, there are still steps you can take as well. Getting to know what’s coming into your network is one thing, but what’s being sent out of it is another. Many of these botnets report to very specific and known areas of the world and internet addresses. Having a firewall block incoming traffic can’t help when a Trojan is injected into a system. Very few networks filter proactively or on a regular basis, for outgoing traffic and connections in general, let alone to the botnet servers.
In business it’s often about the bottom line. There are criminals out there trying to attack yours….what are you doing to protect it? If you have concerns about security threats in general, and want more information about how to check your network for these threats, and then how to effectively ‘curb the trojan appetite’, email us about this topic, email us.
