BreachExchange mailing list archives
Cyber threats to bank accounts on the rise: Report
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 24 Dec 2013 20:18:02 -0700
http://www.cnbc.com/id/101290351 On the same day that news broke that 40 million customer account records were stolen from retail giant Target, the regulator of the nation's largest financial institutions warned that customers' financial information is increasingly under assault in their banks as well. On Thursday, the Office of the Comptroller of the Currency on Thursday, in its Semiannual Risk Perspective, warned that "Cyber-threats continue to increase in sophistication and frequency." The agency noted, "Known impacts include … identity theft, fraud, and theft of intellectual property." The report found that one new tactic employed by hackers is to target a bank's home page with a so-called "denial of service" attack, in which thousands of hacked computers try to log on to the website simultaneously, thereby disabling it for regular customers' use. While security experts are distracted by the DOS attack, the report found, the hackers go after their real target by, for instance, draining customer accounts through fraudulent wire transfers. "It's an increasing problem," agreed Richard F. Cross, a former vice president and director of bank security at Bank of New York, now a private consultant. "You have to assume that the crooks are always one step ahead of what the financial community is doing to protect itself." The OCC cautioned that small banks appear to be more frequent targets of hackers, because criminals perceive them as being less likely to have strong security measures in place. Cross said that in his experience, that tends to be true. "The problem usually is with small community banks," he said. "I hate to say it, but sometimes they don't want to spend the money." Protection doesn't come cheap, the OCC found. While the tools necessary to reduce the risk of a cyber attack are "readily available," according to the report, "the costs and resources needed to manage the risks continue to increase." Banks that are at increased risk, the agency said, are early adopters of new technologies, and banks that hire third parties to provide certain information technology-related services, both of which create additional risks that are difficult to measure and to manage. The good news for consumers is that they can do a lot to protect themselves. Most cases of identity theft and bank fraud begin with the customer making the mistake of providing personal information, willingly or unwillingly, to crooks—although they often won't know it until later. One of the most common methods is through "phishing"—a technique in which an official-looking email is sent to a bank customer either directly soliciting account information or carrying a hidden computer virus that will give hackers access to the customer's computer. Cross cautioned that consumers can't rely solely on banks to protect them—and have to be aware of everything they do while online. "If an email comes in and it looks even a wee bit suspicious, you have to ignore it," he said. "But people are busy. They see an email and they click on it, then it's too late."
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- Cyber threats to bank accounts on the rise: Report Audrey McNeil (Dec 27)