thinksecurityfirst.us

           | 
Newsflashes
Press release September 23 2009 Print E-mail

Think Security First Warns That Banking Trojans Could Be Silent Killer For Small Businesses

Sophisticated Cyber Attack Can Be Financially Devastating For Unprotected Small Firms, Say Experts

WALNUT CREEK CA., September 23, 2009 -  Think Security First, the national awareness and education program created to protect America’s small businesses from cybercrime and identity theft, today warned all small businesses to be alert to a growing and sophisticated cyber threat that could jeopardize the financial viability of businesses that fall victim.

Financial institutions and law enforcement in the United States and Europe recently warned of a spike in attacks on small businesses by organized cyber gangs using increasingly advanced malware. The attacks typically take the form of hijacking and then emptying the victim’s bank account, using logins and passwords stolen from the victim’s computer through the installation of sophisticated banking Trojans.

The thieves can quickly empty the victim’s business accounts before being discovered, leaving the victim business with little recourse. Because business accounts don’t have the same zero liability protection as consumer accounts, victims are rarely compensated by their banks.

The resulting loss could be too much for smaller businesses to recover from, which makes this attack one of the most serious and dangerous cyber threats ever faced by the small business community and one that requires immediate attention and vigilance on the part of small businesses.

“This is a game changer for small business security, and the most serious security threat in a decade,” warned Neal O’Farrell, founder of Think Security First and a 30-year veteran of the security industry. “Banker Trojans could be a silent killer for many small businesses because they’re hard to prevent, hard to detect, and can quickly empty the only funds a small business has access to.”

Recent reports show that nearly a third of small businesses don’t even have basic virus protection, and more than half don’t provide any security awareness training to employees. This presents an easy opportunity for Trojans and other exploits, according to Andy Purdy, the nation’s former Cyber Security Czar and now Co-Director of the International Cyber Center at George Mason University. “Smart security practices, strong malware protection, and constant user vigilance and awareness are key to avoiding cyber threats like this,” said Mr. Purdy. “The millions of small businesses that apparently don’t have these most basic of defenses could be leaving themselves, their employees, and their customers highly exposed.”

Professional cyber gangs are now targeting smaller businesses because they are one of the most fertile hunting grounds, according to Don Jackson, Director of Threat Intelligence for security firm SecureWorks and the security expert who discovered the original Zeus banking Trojan. “You’re not going to see it happen. And it will happen eventually,” said Mr. Jackson.

There are a number of steps Think Security First recommends small business owners should take immediately:

  • Scan all business and home computers, using either existing anti-virus software or using any of the free scanning services listed on our web site at www.thinksecurityfirst.us.
  • Layer every computer with the best virus and spyware protection available and update it constantly.
  • Patch your computer constantly and make sure your computer settings are configured to automatically download and install patches as soon as they become available.
  • Avoid opening email attachments or clicking on links in emails unless you’re able to verify the email is legitimate, and be careful about visiting web sites you’re not familiar with.
  • Teach all employees to be especially vigilant for phishing schemes and to watch out for unusual or personalized emails with attachments or links that are not familiar, and to be especially wary of Trojan-carrying spam.
  • Set up account alerts with your bank or credit union to notify you of any transactions or changes in account balances, and to prevent or alert you to unauthorized transfers.
  • Spread your funds between a number of accounts and limit the number of users on each account.
  • Change your account passwords regularly, make them tough to guess and protect them well.
  • Be vigilant when visiting your bank login page, especially for any changes to the login procedure or requests for additional information.
  • Back up your data daily, because many Trojans will disable a computer after the attack to hide their tracks and buy time.
  • Consider using just one computer for online banking, and make sure that computer is highly secure and is never used for email, surfing, online shopping or any other internet connected activity.

Think Security First has provided detailed information on its web site at www.thinksecurityfirst.us, including simple steps small business owners can take today to avoid being victimized.

The site also has links to free and safe services that will help you check for any Trojans already hiding on your computer.

About Think Security First

Think Security First is a non-profit campaign devoted to educating America’s small business owners about the need to make cyber security a business priority. Founded in 2003 in Walnut Creek California, the nation’s first Cyber Secure City, Think Security First provides free training, support, and counseling to small businesses on all aspects of cyber security and identity theft. Think Security First was founded by Neal O’Farrell, who has spent nearly thirty years as a small business owner and security advocate, and is sponsored by Microsoft, PayPal, F-Secure, SonicWALL, Mozy, and Panda Security. For more information visit www.thinksecurityfirst.us.
 
Print E-mail

Think Security First Warns That Banking Trojans Could Be Silent Killer For Small Businesses

Sophisticated Cyber Attack Can be Financially Devastating For Unprotected Small Firms, Say Experts

WALNUT CREEK CA., September 22, 2009 -  Think Security First, the national awareness and education program created to protect America’s small businesses from cybercrime and identity theft, today warned all small businesses to be alert to a growing and sophisticated cyber threat that could jeopardize the financial viability of businesses that fall victim.

Financial institutions and law enforcement in the United States and Europe recently warned of a spike in attacks on small businesses by organized cyber gangs using increasingly advanced malware. The attacks typically take the form of hijacking and then emptying the victim’s bank account, using logins and passwords stolen from the victim’s computer through the installation of sophisticated banking Trojans.

The thieves can quickly empty the victim’s business accounts before being discovered, leaving the victim business with little recourse. Because business accounts don’t have the same zero liability protection as consumer accounts, victims are rarely compensated by their banks.

The resulting loss could be too much for smaller businesses to recover from, which makes this attack one of the most serious and dangerous cyber threats ever faced by the small business community and one that requires immediate attention and vigilance on the part of small businesses.

“This is a game changer for small business security, and the most serious security threat in a decade,” warned Neal O’Farrell, founder of Think Security First and a 30-year veteran of the security industry. “Banker Trojans could be a silent killer for many small businesses because they’re hard to prevent, hard to detect, and can quickly empty the only funds a small business has access to.”

Recent reports show that nearly a third of small businesses don’t even have basic virus protection, and more than half don’t provide any security awareness training to employees. This presents an easy opportunity for Trojans and other exploits, according to Andy Purdy, the nation’s former Cyber Security Czar and now Co-Director of the International Cyber Center at George Mason University. “Smart security practices, strong malware protection, and constant user vigilance and awareness are key to avoiding cyber threats like this,” said Mr. Purdy. “The millions of small businesses that apparently don’t have these most basic of defenses could be leaving themselves, their employees, and their customers highly exposed.”

Professional cyber gangs are now targeting smaller businesses because they are one of the most fertile hunting grounds, according to Don Jackson, Director of Threat Intelligence for security firm SecureWorks and the security expert who discovered the original Zeus banking Trojan. “You’re not going to see it happen. And it will happen eventually,” said Mr. Jackson.

There are a number of steps Think Security First recommends small business owners should take immediately:

  • Scan all business and home computers, using either existing anti-virus software or using any of the free scanning services listed on our web site at www.thinksecurityfirst.us.
  • Layer every computer with the best virus and spyware protection available and update it constantly.
  • Patch your computer constantly and make sure your computer settings are configured to automatically download and install patches as soon as they become available.
  • Avoid opening email attachments or clicking on links in emails unless you’re able to verify the email is legitimate, and be careful about visiting web sites you’re not familiar with.
  • Teach all employees to be especially vigilant for phishing schemes and to watch out for unusual or personalized emails with attachments or links that are not familiar, and to be especially wary of Trojan-carrying spam.
  • Set up account alerts with your bank or credit union to notify you of any transactions or changes in account balances, and to prevent or alert you to unauthorized transfers.
  • Spread your funds between a number of accounts and limit the number of users on each account.
  • Change your account passwords regularly, make them tough to guess and protect them well.
  • Be vigilant when visiting your bank login page, especially for any changes to the login procedure or requests for additional information.
  • Back up your data daily, because many Trojans will disable a computer after the attack to hide their tracks and buy time.
  • Consider using just one computer for online banking, and make sure that computer is highly secure and is never used for email, surfing, online shopping or any other internet connected activity.

Think Security First has provided detailed information on its web site at www.thinksecurityfirst.us, including simple steps small business owners can take today to avoid being victimized.

The site also has links to free and safe services that will help you check for any Trojans already hiding on your computer.

About Think Security First

Think Security First is a non-profit campaign devoted to educating America’s small business owners about the need to make cyber security a business priority. Founded in 2003 in Walnut Creek California, the nation’s first Cyber Secure City, Think Security First provides free training, support, and counseling to small businesses on all aspects of cyber security and identity theft. Think Security First was founded by Neal O’Farrell, who has spent nearly thirty years as a small business owner and security advocate, and is sponsored by Microsoft, PayPal, F-Secure, SonicWALL, Mozy, and Panda Security. For more information visit www.thinksecurityfirst.us.
 
Yahoo, Hotmail, Gmail all vulnerable to password reset hack Print E-mail
Written by Neal OFarrell   
Yahoo Mail isn't the only Web-based mail service that could be duped into giving up someone else's account password, the tactic that some have argued was used to break into Gov. Sarah Palin's e-mail earlier this week.

Google Inc.'s Gmail, Microsoft Corp.'s Windows Live Hotmail and Yahoo Inc.'s Mail all rely on automated password reset mechanisms that can be abused by knowing a username associated with an account and an answer to a single security question, according to quick tests run by Computerworld. More from Network World.
 
Practice good online password security Print E-mail
Written by Neal OFarrell   
As you may have read by now, someone recently broke into a Yahoo e-mail account belonging to Republican Vice Presidential candidate Sarah Palin, and posted pictures and several of the messages found there online. Could the same thing happen to you?

Perhaps, and it's worth paying attention to your possible exposure. The break-in occurred with surprising ease--there were no complex hacker tricks involved in getting into Governor Palin's e-mail account. Here's how it happened, why you should be somewhat concerned, and what you can do about it. From Network World.
 
Report: 60 percent of businesses hit by cybercrime Print E-mail
Written by Neal OFarrell   
A recent Department of Justice survey indicated that nearly 60 percent of American businesses have detected one or more cyberattacks.

According to the Department of Justice's Bureau of Justice Statistics, in 2005 (the latest year studied), nearly 75 percent of businesses victimized by cybertheft said that insiders, such as employees, contractors or vendors working for the business, were responsible for the crimes. From SC Magazine.
 
More Articles...


Sponsored By

mslogo-1small.jpg

paypal_logo.gif
sonicwallblue.jpg
pandasecurity.jpg
header-mozy-logo.png
blog.jpg

News and Alerts

Small businesses still not getting the security message.

Forty-Four Percent of US SMBs Admit to Falling Victim to Cybercrime, According to Latest Panda Security Survey.

Trojans accounted for 70 percent of the new malware detected during the second quarter of 2009.

Beginning in September 2009, Think Security First will be issuing weekly Small Business Cyber Security Alerts a part of a campaign to raise security awareness. More to come.

You are here  : Home Newsflashes