Alert – Financial Processes Targeted
- At August 28, 2009
- By Josh More
- In Business Security
- 0
I normally avoid spreading word about specific attacks, as it is better for overall security to continuously strengthen your defenses and keep an eye out for strangeness. Focusing on attack types and general security practice tends to have a better overall result then trying to play whack-a-mole and knock down individual people or pieces of malware.
That said, there is a current threat that people should know about, so I want to do my part to boost the signal.
At issue is a specific piece of malware that is targeting people with access rights to financial systems. It generally arrives in the form of a targeted email (spear phishing) which then installs the malware. Once installed, the malware monitors the computer for financial transactions and will then make some additional ones.
What’s different here is that small businesses are being singled out. This is largely because they tend to have weaker security and audit controls when compared to the larger firms. So, though the larger firms tend to have more money to steal, stealing a smaller amount from a great many other business can net just as much. And after, a dollar is worth a dollar, no matter who it’s stolen from.
To protect against this attack, you have to keep one thing in mind — there is no guaranteed way to prevent it. All you can do it do your best to protect yourself and check transfers regularly to make sure that you’ve not been hit. In short, if your account people are not doing all of the below, your business is facing some serious risk:
- Using a two-factor authentication system (RSA tokens are the most popular) to login to the banking system.
- Using a dedicated workstation for financial transfers. This system should not have any email client installed and be firewalled to only access the necessary web systems.
- Enter into an agreement with your bank so that all transfers must be confirmed. A verbal confirmation originating from the bank is best, as that way the attackers cannot initiate a transfer and then call the bank to confirm it. If they cannot do that and you have to stay with them, look into email or SMS-based confirmation systems.
- Using a bank-enforced 24-48 hour hold on transfers.
- Check your accounts regularly and reconcile all transactions.
Check out the following links for more information:
I would like to thank Rob Lee for alerting many of us to this situation.