Panda Security Reports Most Studied Remittance PCs Infected, Exposed
Panda Security, an international IT security provider, said those activities include credit card and identity fraud as well as illegal interception of wire transfers.
The company said in a new report that it was given access to study computers over a two-year period at more than 300 locations in the Los Angeles and Las Vegas areas. The study also involved interviewing owners of the businesses, representing about 0.45% of the estimated 66,000 of such multi-service businesses nationwide.
It found that about 80% of the computers at the studied sites were used for remittances and that at least 30% of the 1,500 computers directly observed had outdated antivirus software and that 60% were actively infected.
"The lack of education on the part of these business owners coupled with the sheer vulnerability of their networks is creating the biggest potential in cybercriminal gain we've seen yet. If security measures aren't put in place immediately on these networks, we as a country could stand to lose millions of additional dollars due to cybercrime activity." said Carlos Zevallos, lead researcher for the Panda Security project.
Most of the computers were standard commercial computers and typically had outdated anti-virus trial software installed.
"Any kind of proactive security measure was viewed as an unnecessary business expense," Panda Security said in its new report.
As a result, a hacker could easily install a Trojan keylogger on such an exposed computer through various channels, and capture screen information or details directly from the browser session.
Compounding the problem, the firm said, is that "employees at these businesses are frequently minimum-wage earning, young adults who spend time chatting, using peer-to-peer networks and visiting chat sites on the very same computers that store sensitive data such as Social Security numbers, DMV records, tax records and credit card information.
"This combination of lack of maintenance, low security consciousness and end-user behavior results in highly vulnerable systems that are very easy for cybercriminals to infiltrate."
In response, Panda Security said it is offering complimentary security consultation and certification, along with a free scanning and disinfecting service for PCs. The company's Web site is www.panda