Re: ALERT: Targeted attacks on institutional online banking

[Doug Pearson <dodpears () REN-ISAC NET>]

Dear all,

Sending a follow-up note to let folks know that we updated the "Targeted
attacks on institutional online banking" alert with the following:

+ In the CIO/BO section: "5. Make committed and purposeful use of
banking transaction initiator/approver roles. Most banks offer
sophisticated role-based controls, but it's up to the institution to put
them to effective use."

+ In the tech section: "+ Initiators and approvers should have distinct
dedicated machines (see #5 in CIO/BO letter)."

And in both sections, an updated link for the Neustar document: "The
Irretrievable Losses of Malware-Enabled ACH and Wire Fraud:
http://www.neustar.biz/content/download/778/4341/ACH_White_Paper.pdf

Due to content, the alert e-mail gets caught in many filters. If you
didn't receive the message, we suggest you view the alert at:
http://www.ren-isac.net/alerts.html


Regards,

Doug Pearson
Technical Director, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630