Cybercrooks increasingly target small business accounts
Fraudsters use online credentials to deplete corporate bank accounts, financial group says
Computerworld - An organization representing more than 15,000 financial institutions has issued a warning about a growing wave of attacks against small banks and businesses by cybercriminals using stolen banking credentials to plunder corporate accounts.
In an alert to its members earlier this month, NACHA–the Electronics Payments Association said that attackers are increasingly stealing online banking credentials, such as usernames and passwords, from small businesses by using keystroke-logging tools and other malware. The cybercriminals are using the stolen credentials to "raid" and "take over" corporate accounts and initiate unauthorized transfers of funds via electronic payment networks.
NACHA oversees the Automated Clearing House (ACH) electronic payments network.
A similar alert was sent confidentially last Friday to members of the Financial Services Information Sharing and Analysis Center, according to a story published in the Washington Post yesterday. According to the Post, the alert identified organized cybercrime groups in Eastern Europe as being predominantly responsible for illegally siphoning millions of dollars off of corporate accounts and sending the money overseas via popular money and wire transfer services.
The Financial Services Information Sharing and Analysis Center was formed by major financial services firms to share information about potential cyber and physical threats to their companies.
NACHA's alert said that the cybercrooks are apparently targeting small businesses because of their relative lack of strong authentication procedures, transaction controls and "red flag" reporting capabilities.
In some cases, the alert said, attackers trick people who work at small businesses into visiting phishing sites that have the same look and feel as those of the small businesses' financial institutions. Once they reach a phony site, the employees log in using the credentials they normally use for the legitimate site.
In other instances, keystroke loggers and data-stealing malware programs are downloaded onto corporate systems via e-mail attachments, and cybercriminals then use them to capture the usernames and passwords that employees use to log onto banking Web sites.
Some of the malware tools can send alerts to the crooks when a victim has logged onto the Web site of a financial institution. The tools then fool the user into thinking the banking site is not responding while a cyberthief quietly conducts transactions in the user's name, the alert noted.
In a "worst-case scenario" such compromises could lead to a complete takeover of a business's account, NACHA said. "To the financial institution, the credentials look just like the legitimate user," the NACHA alert said. Thus the attackers can gain access to all account details and activity. The crooks use the confidential credentials to quietly transfer funds to accounts set up by accomplices and unwitting "mules." Often, the stolen funds are ultimately sent to accounts overseas.
- University of North Florida breach exposes data on 107,000 individuals
- Zeus Trojan bust reveals sophisticated 'money mules' operation in U.S.
- GAO slams White House for failing to lead on cybersecurity
- Man charged with attack on Web site of Fox News' Bill O'Reilly
- Heartland breach expenses pegged at $140M -- so far
- IT contractor gets five years for $2M credit union theft
- Democracy would suffer if Google left China, says MIT panel
- Gonzalez accomplice gets five years for hacking TJX
- Threat of cyberattacks from overseas high, federal IT execs say
- Botnets 'the Swiss Army knife of attack tools'
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts