FT : Hackers Step Up Financial Sector Attacks

Thursday, April 16, 2009

Computer hackers stole more sensitive records last year than in the previous four combined, with ATM cards and PIN information growing in popularity as targets, according to a study released on Tuesday.  Organised criminal groups orchestrated nine in 10 of the most successful attacks, with 93% of the 285m records exposed coming from the financial sector.  Cybercriminals are boosting their investment on research and development, experts said, allowing them to take advantage as more people perform banking and other sensitive tasks online.  The analysis by Verizon of 90 of the worst breaches also showed information technology managers’ mistakes did far more damage than careless behaviour by rank and file employees who might lose a laptop or surf to an unsafe website.  “Companies tend to spend twice as much money on security aspects that have to do with end-users, but losses are 10,000 to 1 in the other direction in terms of records lost,” said Peter Tippett, vice-president at Verizon Business Security Solutions.  When companies do spend to secure central databases, Mr Tippett said, they tend to focus too narrowly.  Instead of testing their main repositories of sensitive material for vulnerability, as is common practice, managers would do better to conduct modest tests of everything connected to those repositories.

In a typical assault, a hacker uses default credentials or an improperly configured database to enter a corporate system, then install software to record keystrokes or allow future access.  Two other studies released on Tuesday show that even if consumers and low-level employees are not responsible for such giant breaches as those at TJX and RBS WorldPay, they too are being targeted more effectively.  Gartner reported that 5m US consumers lost money to “phishing” attacks in the 12 months through September, up 40% from the previous year.  The percentage of funds recovered by victims, meanwhile, dropped from 80% in 2005 to 56% in the most recent period.  Symantec, the largest security software provider, found that attacks on end users from web pages are the most popular means of intrusion, especially via legitimate sites that have been temporarily corrupted.  Experts found more new security holes in the Firefox web browser than in Microsoft’s Internet Explorer, and Apple took the longest time to fix new vulnerabilities in its Safari browser.

Reference : http://www.ft.com/cms/s/0/c9ffa4f6-2937-11de-bc5e-00144feabdc0.html

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: