Friday, August 31, 2012

1 MILLION accounts leaked in megahack on banks, websites

A cache of over one MILLION user account records was leaked by hacker collective Team GhostShell in a huge data dump over the weekend.

Image source: Imperva
Targeting banks, consulting firms, government agencies, and manufacturing firms, the team extracted usernames, passwords, credit histories, and other files and documents from 100 different websites. Much of the data was pulled from the targets' databases and content management systems, some of which contained more than 30,000 records each.

Imperva analysis indicates that the breaches were executed mostly using the SQLmap tool, a common SQL injection method used by hackers.

The importance of staying on top of your CU's security system and closing up vulnerabilities can't be stressed enough. Get more info about the megahack here.

Wednesday, August 29, 2012

How National Australia Bank Uses Cloud Computing to Cut Costs and Shrink Its Carbon Footprint

How much money, energy, and time get drained by your CU's current systems and processes?

Image source: freeaussiestock.com / CC BY 3.0
More and more financial institutions around the globe are finding that revising their energy policies and shifting toward "green IT" practices are key in optimizing resource management.

Spanning everything from IT to travel fleet, the energy reduction program adopted by the $782 billion-asset bank and Open Data Center Alliance member National Australia Bank (NAB) exemplifies the significant cost-savings and environmental benefits made possible by data virtualization through scalability, increased efficiency, and resource conservation.

Time for a data center overhaul for your CU? Read the BTN interview with NAB's Dennis McGee to learn about this large and complex institution's approach to green IT.

Monday, August 27, 2012

Convenience is Key for Bank Consumers: Report

When it comes to day-to-day banking, convenience is where it's at for your members, as found in a recent poll of 1,231 U.S. consumers conducted by Angus Reid Public Opinion in conjunction with TD Bank.

Image source: denn / CC BY-SA 2.0
This should come as no shock, especially in today's rapidly evolving technological world. The poll also found that online banking is the most frequent banking activity engaged in by consumers, with those surveyed reporting that they go online to manage their finances at an average of five times each month.

Also not surprisingly, "easy online banking" was the top response in terms of the most important factor for basic checking accounts.

What else is important to your members? Check out the results of the poll and hear it from them.

Friday, August 24, 2012

Zeus Variant Targets U.S. Accounts

The FBI has issued a warning to financial institutions about a new wave of ransomware which freezes and hijacks endpoint computer operating systems and attempts to extort funds from users while simultaneously working in the background to also rob their account data.

Image source: Article
Powered by the Zeus malware variant Citadel and the drive-by virus Reveton, these "targeted and convincing" attacks generate messages - often under the guise of the FBI - notifying users of their "illegal" Internet activity and demand that they pay fines in order to regain control of their computers. Meanwhile keyloggers are launched to steal online account credentials and other financial information.

Enhancing back-end fraud-prevention systems and processes so that malware is blocked from taking over your members' accounts even if their endpoints do become infected is critical, as is quick detection and removal.

The best defense, however, is educating your members. Given the lack of familiarity with ransom attacks, users in the U.S. have proven to be easy targets. Find out what both your CU and your members need to know.

Wednesday, August 22, 2012

Man-in-the-Mobile Attacks Target the Bank Accounts of Android Users

Android users in Portugal, Spain, the Netherlands, and Germany have been plagued by man-in-the-mobile (MITMO) attacks which enable cybercriminals to gain access to victims' banking data and make fraudulent transfers.

Image source: Photozou / CC BY 2.1
Powered by malwares such as Tatanga and SpyEye (SPITMO), these attacks start off as web injections via Windows users' PCs and come under the guise of notices from the victims' financial institutions instructing them to install a security application onto their mobile phones. If installed onto a device that runs on Google's operating system, the app gives the attacker access to all SMS traffic, including banking transaction authorization codes.

With Android devices accounting for most of the smartphone market in these countries, the Android platform is the obvious target and you must ask how many of your CU's members are also Android users. On the upside, there are preventative technologies out there, such as Guardtime's keyless data integrity validation service which shows when a MITMO attack has occurred and can help your CU intercept the attacker.

Learn more about how to spot these attacks.

Monday, August 20, 2012

Technology change agents make e-discovery better or worse

Change agents in technology, including social networking, cloud computing, and bringing your own devices to work, are changing how we do business and communicate, and impacts how organizations need to approach e-discovery.

Image source: imsmartin
With so much data and so many different data sources and destinations to keep track of, companies are struggling to keep up with security, forensics, and e-discovery.

Proper e-discovery is driven by proper forensics, which is fed by proper security management. These three functional turfs are converging at breakneck speed, and vendor offerings are starting to merge.

Read the full article to learn what the merging of these three trends means for your credit union.

A portion of this article reprinted with permission from ALM's Legal Technology News. Further duplication is prohibited.

Friday, August 17, 2012

Understanding the risks of different types of Mobile Banking transactions...

While leaving responsibility for personal mobile banking security solely in the hands of financial institutions is a poor strategy, your CU needs to do its part. Is yours?

Image source: gadgetdude / CC BY 2.0
There are a number of different mobile banking techniques, and with each comes a specific set of security rationale. Both your CU and its members need to understand the various possible attack scenarios against mobile banking systems and what can be done to minimize risk.

Security controls built into smartphone operating systems are now thought to be stronger than those built into desktop computers; however mobile device malware threats are growing rapidly. Your members can easily undermine mobile banking security and thus actively monitoring the health of their devices can help them to protect their data.

Read the article and learn about the various types of mobile banking transactions and their associated risks.

Wednesday, August 15, 2012

Criminals push malware by 'losing' USB sticks in parking lots

Finders keepers...or so it seems that's what a cybercriminal was counting on in order to hack into DSM's corporate network.

Image source: Article
Employees of the Dutch branch of the multinational chemical company recently found several USB sticks on the ground in the company parking lot which appeared to be lost by their original owner. When DSM's IT department examined the sticks, they were found to be loaded with malware set to autorun on company computers and harvest employee login credentials.

Did a cybercriminal drop these infected USB sticks in the company parking lot in hopes that unsuspecting employees would find and use them?

Don't let cybercriminals outsmart your CU's personnel. Read the full article for more details.

Monday, August 13, 2012

Phishing the financial and banking seas

Thanks to the emergence of mobile devices, social networks, and new technologies such as Near Field Communications, the attack surface area against financial institutions has expanded at an explosive rate, providing cybercriminals more opportunities than ever to go "fishing" at your CU's expense.

Image source: Hitchster / CC BY 2.0
The top threats are payment card fraud, cheque fraud, phishing/vishing, account takeover, and third-party point-of-sale skimming, with about 80% of such incidents experienced by banking customers and an exponential escalation of malware attacks targeting financial transactions. Many large financial institutions are confident in their security measures and preparedness against the modern threat landscape, but recent history suggests otherwise.

Yet the painfully long list of increased security breaches within the past year is only the tip of the iceberg. As pointed out by U.S. Vice Admiral J. Mike McConnel (Rtd), "if you can just contaminate the data in one large bank, you could cause global banking to collapse."

Is your CU one of these overconfident institutions? Take a look at this Malta Independent report for a reality check...

Friday, August 10, 2012

Apple acquisition of AuthenTec fuels speculation on mobile payments debut

Does Apple's acquisition of fingerprint security firm AuthenTec mean that Apple is on its way into the mobile payments arena?

Image source: PDI
There is much anticipation that the next version of the iPhone will include mobile payment services, given that AuthenTec's fingerprint-scanning technology is used for authentication in mobile payment-processing - not to mention the fact that Apple competitors have already launched or are getting ready to launch mobile payment offerings.

Google Wallet has already been released, and Microsoft plans to roll out a wallet feature in its up-and-coming Windows Mobile 8 operating system towards the end of 2012. But with Microsoft, Apple, and Google "at loggerheads" and pushing their own agendas, will room have to be made for more than one type of mobile wallet?

See what Ovum Telecoms' principal analyst Tony Cripps suggests your CU can expect to transpire in the near future.

Thursday, August 9, 2012

RSA 2012 CYBERCRIME TRENDS REPORT: The Current State of Cybercrime and What to Expect in 2012

With 232 computers being infected by malware every minute, it doesn't seem like cybercrime slowing down. But is your CU's security program keeping up?

Image source: PDI
2011 brought new awareness to cybercrime worldwide, and in response, the RSA Anti-Fraud Command Center (AFCC) has issued an EMC-sponsored white paper with a list of the top six trends we can expect to see throughout 2012.

Not only are advanced threats increasing, but so is the sophistication level of attacks. As cybercriminals continue to find new ways to exploit stolen data, hactivism-related attacks meanwhile are also on the rise.

Download the RSA AFCC report and learn how your CU can better prepare for the new wave of threats.

Wednesday, August 8, 2012

Worldwide IT Outsourcing Services Spending To Surpass $251B In 2012: Gartner

A new Gartner report predicts that worldwide spending on outsourced IT services (ITO) will reach $251.7 billion in 2012, a 2.1 percent increase from the $246.6 billion spent on ITO in 2011.

Image source: Article
The cloud computing services market, which is part of the cloud-based infrastructure as a service (IaaS) segment, is the fastest-growing segment of ITO, with an estimated growth of 48.7 percent in 2012 to $5.0 billion, up from $3.4 billion in 2011. Meanwhile the application outsourcing (AO) segment is expected to reach $40.7 billion, a two-point increase from the $39.9 billion spent on AO in 2011, and data center outsourcing's (DCO) 34.5 percent representation of the entire ITO market in 2011 is expected to drop by one point in 2012.

In spite of current business slowdowns, Gartner forecasts that the ITO market in the emerging Asia/Pacific region will represent the highest growth of all regions.

What impact will the evolving ITO market have on your CU? Read the article and get more insights from the Gartner research team.

Friday, August 3, 2012

Beyond Dropbox: Security is only part of the cloud's problem

Cloud computing = security breaches + data theft/loss + service disruptions...choose your vendors wisely!

Image source: TechNewsPedia
A bit discouraging for CUs seeking data management solutions. Yet this is the message we keep hearing over and over; it's no wonder that there are still a lot of businesses that aren't about to just dump their precious data into the cyber snake pit also known as the Cloud. The potential security breach that's now got cloud storage provider Dropbox in the hot seat again with its 50 million users is merely another addition to the never-ending list of wakeup calls about how precarious an environment the Cloud can be.

As this article points out, nailing down proper security is only half the battle. The other part of the equation for a safe cloud environment is availability. Cloud collaboration service provider ftopia's usage of Amazon S3 cloud infrastructure, for instance, mirrors data across multiple physical locations - critical for cloud storage, as it backs up the data and ensures that the service is always up and running.

On the security front, extra points go to ftopia for its self-validating data integrity feature powered by Guardtime which enables users to determine whether data has been compromised - something to think about in light of Dropbox's current situation.

Know what you're signing up for before you give up your data. Read networking technology analyst Dave Greenfield's take on reaching a higher level of confidence in cloud computing.

Thursday, August 2, 2012

Black Hat is Over, But SQL Injection Attacks Persist

Privacy Rights Clearinghouse reported that 312 million data records have been lost since 2005 and 83% of hacking-related data breaches were executed via SQL injection attacks.

Image source: imsmartin
In a period of six months, UK-based secure cloud hosting company FireHost reported a huge 69% jump in SQL injection attacks. It tracks these numbers based on the hundreds of thousands of total attacks it blocks on behalf of its cloud hosting clients.

Consider the stance from cloud hosting providers. If they can detect and block an attack against one website residing on their network, then they can collect this information over time, building knowledge that can be used to protect the entire hosted community.

For the most part, SQL injection attacks are automated and website owners may be blissfully unaware that their data could actively be at risk. Sites continue to lose customer data to digital thieves. Is your CU one of them? Read the article to learn more.