New Threats, New Solutions: Combatting Cyber Attacks
Small to medium-sized financial institutions need to reevaluate their own security controls.
Institutions need to understand this attack, and use this opportunity to conduct “what if” training. This is also a good opportunity to reevaluate their own security controls, particularly employee security awareness training, and other emerging technical controls such as out-of-band authentication and secure DNS.
How Cyber Attacks Happen
Simply put, the attack uses a combination of SPAM and phishing emails, keystroke loggers, and remote access software to capture a financial institution employee’s authentication credentials. A successful attack results in an employee’s PC being taken control of by the criminal. The criminal then uses the employee’s authority to initiate and approve wires, potentially even overriding built-in transaction limits and other administrative controls.
It is important to understand these are not “proof-of-concept” attacks, but are actually occurring, and have resulted in attempted transfers ranging from $400,000 to $900,000.
... Read full story on Bank Systems & Technology
Post a comment to the original version of this story on Bank Systems & Technology