Computerworld
Home News Blogs ReviewsWhite Papers Newsletters IT Careers

resource center


Ads by TechWords

See your link here

Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 
 

Print edition

South African bank readies defenses for online attacks

By Samantha Perry
August 3, 2005 12:00 PM ET
Recommended
(0)
Digg
Share/Email

Computing South Africa - JOHANNESBURG -- At a security briefing held last week, Standard Bank of South Africa outlined the steps it intends to take toward ensuring safer Internet banking, and highlighted what it believes will be threats facing the online community going forward.
Standard Bank technology engineering director Herman Singh says that malicious hacking has become a serious threat. "Virus creation has increased by 1,300% over the last months (from 445 in June 2002 to 7,360 in December 2004, according to Symantec) with viruses frequently being used as vehicles for attacks, as opposed to being an end in themselves," he notes.
He also says that spyware attacks have increased by 50% in 18 months, and, more alarmingly, Symantec's figures show that phishing attacks increased in number by 290% between August and December 2004.
The criminal syndicates behind phishing attacks have also grown increasingly more sophisticated. A May 15 attack saw the syndicate recruit runners in South Africa (via e-mail sent from South Korea) under the auspices of a genuine business opportunity, whose accounts would be used to launder money gained from the attack.
The spam containing the spoofed message from Standard Bank was then sent from a Brazilian IP address to South Africa and directed local users to a Russian Web site, where they were asked to fill in their details.
Using the details garnered on the Russian site, the attackers instituted fraudulent transactions from New York, and then attempted to transfer the illegally gained funds into the runner's account, for the runner to send, via wireless transfer, to Russia.
While all eyes were on the phishing attempt, the syndicate also released a Trojan horse that set about harvesting account information and sending it on to the Russian site.
Fortunately, security systems have become equally more sophisticated, and Singh says that no customers lost any money in the attack. Working with specialist security firm, Cyota, the bank was able to shut down eight domains being used by the syndicate, effectively neutralizing the attack.
It was also able to freeze the runner's account the minute the first deposit was made, block the relevant ports to prevent any more people from accessing the sites (through UUNet, IS and Telkom -- SA's first-tier ISPs), and contact the Scorpions (anticorruption and organized crime unit) once the money-laundering attempt became obvious.
The bank managed to do all this by 3 P.M local time on May 19 (the attack was launched at midnight). The runner was taken into custody on May 20.
Threats are escalating, however, Singh says. Pharming, for


Reprinted with permission from

Computing South Africa
This article was originally published by Computing South Africa. Story copyright 2006 Computing South Africa. All rights reserved.

Recommend Digg Twitter ShareThis
Email Print Send Feedback Reprints

Additional Resources

Xerox
Win a color printer!
By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!
Microsoft
Upgrade to Internet Explorer 8 today.
Save time and mitigate security risk. Deploy it now.
Sybase
NEXT-GENERATION MOBILITY PLATFORMS
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.

White Papers & Webcasts

How Controlling Access to Privileged Accounts Can Keep Insider Threat from Hurting Your Bottom Line
This white paper explores insider attacks and insider risk, and shows how to control them by controlling and monitoring access. The paper describes...  

Usability Is Everything
Learn what sets Workday's HR and Payroll solutions apart from the competition....

Military Uses Bit9 Parity to Defend Against New Generation Attacks
When a military organization faced an exercise, in which there was an attempt to breach and infect the network, they decided to use...  

The Value of Real SaaS at Workday
Cost savings, speed to value, and innovation brought to the enterprise by Workday's software-as-a-service solutions for HR and Payroll....

Eliminate Spam, Gain Productivity
In this exclusive whitepaper, learn all about the dangers of spam and the cost to your business....  

SaaS at Flextronics, Inc.
Dave Smoley, CIO of Flextronics, discusses the real value of software-as-a-service and why he chose Workday for his HR solution....

Accelerate SSL Encrypted Applications
The amount of SSL traffic is growing in the enterprise. Because it is encrypted, it cannot be properly controlled and accelerated. Blue Coat...  

Why Compliance Pays
This OnDemand webcast explores the relationship that firms with best compliance records have higher revenue, greater customer retention, lower financial losses from data...

ESG Lab Field Audit
Many companies have successfully implemented Riverbed WAN optimization solutions within their Cisco networks. This ESG Lab Field Audit document explores the success that...  

Agile Enterprise Content Management (ECM) for Rapid ROI
Find out how combining ECM and BPM will help adress issues about content rich business processes....

All White Papers | All Webcasts

Computerworld Reports

An Interactive eBook: Enterprise Security

The Business Case for Server Virtualization

Computerworld Technology Briefing: Intelligent Users Use Business Intelligence

All Computerworld Reports
 

Symantec Report on the Underground Economy
The Symantec Report on the Underground Economy examines activity on underground economy servers observed by Symantec between July 1st, 2007 and June 30th, 2008. It includes analysis and discussion of the goods and services advertised, advertisers participating in the economy, the servers and channels that host the trading, and a snapshot of piracy activity observed.
Download this white paper 
Data Loss Risks During Downsizing
With the dramatic increase in lost jobs, companies should be aware of the possibility that these employees may be walking off with their sensitive and confidential data. An independent study done by the Ponemon Institute surveyed employees leaving their jobs and taking company data with them. This type of data loss problem may be putting companies at risk for a potential data breach. This study will help you to understand what employees are doing with the data on the laptops their employers provided them.
Download this white paper 
3 Steps to Protect Confidential Data on Laptops
Learn how to avoid being part of the one-third of security breaches that occur due to laptop theft. This report outlines specific steps to help you secure confidential data and minimize the impact of data loss resulting from stolen or missing laptops.
Download this white paper 
Managing Spend on Information Security and Audit for Better Results
The benchmarks conducted by the IT Policy Compliance Group show almost all organizations have financial incentives exceeding 100 percent to make improvements to reduce financial risk from data loss, downtime and regulatory audit. This report includes findings covering the principal operational outcomes being experienced by organizations, financial risks, losses and returns, and the practices making the most difference to control risks, reduce costs, and improve results.
Download this Report! 
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.