KOMO reports “The city of Burlington (Washington) is warning its employees to check their bank accounts after finding out funds have been stolen. They believe computer hackers got access to the city bank account, which is used as a direct deposit to pay workers. It is unknown how much money was taken, but more than $400,000 has been transferred to several accounts over the past two days.”Any time that more than $400,000 actually moves out of a city of Burlington account, there can’t possibly be a joke involved,” said town administrator Bryan Harrison. “It actually is very chilling.”
Chilling indeed. Hacks like this often take place as a result of a virus getting into a machine that has access to the bank account. In one scenario the offending machine is not properly updated with antivirus and the virus allows a criminal remote access to the device or the virus acts as a “Man In The Middle” Attack.
RSA reports in one of the most interesting cases of organized cybercrime this year, a cyber gang has recently communicated its plans to launch a Trojan attack spree on 30 American banks as part of a large-scale orchestrated crimeware campaign. Planned for this fall, the blitzkrieg-like series of Trojan attacks is set to be carried out by approximately 100 botmasters. RSA believes this is the making of the most substantial organized banking-Trojan operation seen to date.
RSA further reports American banks are the major target. “Another attractive element for the attackers appears to be the slim deployment of two-factor authentication (2FA) for private banking consumers in the US, unlike many European banks that generally require all consumers to use 2FA for wire transfers.”
Multi-factor authentication, requires a username, password “something you know” and “something you have”—a personal security device separate from the PC. But that’s not even enough.
The Federal Financial Institutions Examination Council (FFIEC) states: “Since virtually every authentication technique can be compromised, financial institutions should not rely solely on any single control for authorizing high risk transactions, but rather institute a system of layered security, as described herein.”
Enhanced device identification is also essential. The FFIEC suggests complex device identification. While complex device identification is more sophisticated than previous techniques, take one step instead of two and incorporate device reputation management.
Robert Siciliano, personal security and identity theft expert contributor to iovation. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- Banking Security Guidelines Go Into Effect in January 2012
As banking applications evolve, common attacks on banks are becoming correspondingly more sophisticated. Small businesses, municipalities, and moneyed individuals are often targeted for obvious reasons: they have hundreds of thousands of dollars, if not a few million, in the bank, but their security is often no more effective than that of an average American household. The
- One-Third of Banking Account Takeover Attempts Successful
The Financial Services Information Sharing and Analysis Center (FS-ISAC), which works with the Department of Homeland Security, has released a study indicating that attacks on customer bank accounts have increased considerably in recent years. The FS-ISAC, in collaboration with the American Bankers Association, surveyed large financial institutions to collect data on fraud attempts. The responding banks
- How Does Your Bank Protect Your Data?
Consumers tend to be oblivious to the various layers of security financial institutions utilize to protect their bank accounts. But having a better understanding of what occurs behind the scenes can help consumers adapt to influential new technologies. The Federal Financial Institutions Examination Council responds to innovations and increases in cybercrime with updated security guidelines for banks
- Why Complex Device Identification Isn’t Enough
“Simple device identification” relies on cookies or IP addresses to confirm that a customer is logging in from the same PC that was used to create the account. The Financial Federal Institutions Examination Council has explained the fallibility of this system: “Experience has shown this type of cookie may be copied and moved to a fraudster’s PC, allowing
- FFIEC Mandates “System Of Layered Security” to Combat Fraud
For any cave-dwelling, living-under-a-rock, head-in-the-sand, naïve, under-informed members of society who aren’t paying attention, we have serious cyber-security issues on our hands. Black hat hackers, who break into networks to steal for financial gain, are wreaking havoc on banks, retailers, online gaming websites, and social media. Black hats cost these companies and their clients billions of dollars every year. They
Leave a Comment
You must be logged in to post a comment.