5 Cyber Threats Coming at You in 2014
When he sifted the data on cyber-attacks on financial institutions, Charles Burckmyer, president at Sage Data Security in Portland, Maine, came up with a terrifying factoid. In 2012 there was a 52% chance that any given large financial institution reported a cyber breach, said Burckmyer who indicated that, if anything, numbers for 2013 will be higher still.
Credit unions are in the crosshairs of an enemy that knows no geographic boundaries, in many instances is beyond the reach of US law enforcement, and which is equipped with smart minds and powerful computing technology, both aimed at emptying the coffers of financial institutions.
Cloud computing is a top worry for Chad Burney, chief information officer at GTE Financial, a $1.6 billion credit union in Tampa, Fla. Burney conceded that the appeal of cloud – where data is housed offsite, in remote servers, typically owned and maintained by third-party storage companies - is real.
It delivers cost savings and cloud usually also means all data is accessible by all authorized devices, no matter where they are, because in cloud computing information typically is device independent.
George Tubin, spokesman for Trusteer, explained that in this gambit the criminal – be he in Kiev or Shanghai or Mumbai or New Jersey – briefly seizes control of the target’s computer and uses it to log into the victim’s own accounts, where big payouts are ordered up.
Spear-phishing continues to menace financial institutions, said Scott Goldman, CEO of TextPower, a developer of SMS innovations. He added that, daily, most employees see multiple targeted phishing emails, many masquerading as missives from their boss or their boss’s boss (the so-called spear-phishing variety because they are more pinpointed than the mass-mailed generic phishing mails). And it is not easy to ignore an email that shouts “Urgent: Immediate Action Required” and which purports to be from a higher-up.
Click on the link in that email and many bad things can happen, from a malware download to the victim’s device through conning the victim into giving up his/her log-in credentials.
SMS Interceptions Growing. Another Trusteer warning, this one throws into question exactly how long credit unions can look to two-factor authentication built around SMS as a good fraud- prevention tool.
According to Tubin, Trusteer has seen a growing number of cases – so far mainly in Europe, he admits – where cyber criminals infect a smartphone (typically an Android) with malware that forwards incoming SMS to the thieves.
The big issue: If sensitive credit union data is on the phone or tablet, how can it be secured in the event the device is lost or stolen? Ditto, how can it be protected in the event malware gains access to the device?
DDoS – Distributed Denial of Service – won recurrent headlines throughout 2013 and, said Burckmyer at Sage Data Security, “DDoS has become a perennial. “That is, do not assume this threat has passed because there has been quiet for a few months.