4 more security threats your company needs to know about

Security

by Jimmy Nicholls| 28 April 2014

IT manager? Care about security? Read this.

Last week we introduced you to the first five of the security breaches identified by Verizon in their data breach report. Now we will take you through the remaining four, including which industries are affected and what you can do to protect yourself against them.

6) Crimeware

Industries affected: Public, information, utilities and manufacturing

Crimeware is Verizon's word to describe malware other than that intended for point-of-sale attacks or espionage. Like those attacks, organised crime is central to these, with the motives either directly or indirectly financial. Increasingly such breaches were sold as a service last year, such was there success.

The report outlines two noteworthy pieces of malware: Zeus (also Zbot) and Nitol. The former should be familiar to security experts, having existed for several years. Despite an FBI investigation and over a hundred arrests, this Trojan horse has mutated over several iterations and is still used worldwide to steal money from bank accounts.

Nitol, on the other hand, remains confined to Asia, granting the user backdoor access and causing infected systems to engage in DDoS attacks.

What to do: Zeus frequently exploits out of date web browsers, giving all the more reason to patch them. Verizon also advise users to disable Java when it is not being used. IT managers may wish to consider using two-factor authentication, which requires users to two pieces of information or equipment in order to access a system (such as a bank card and PIN code at a cash point).

Zeus is not merely a Greek god; he is also a Trojan virus. Divided loyalties.

7) Card skimmers

Industries affected: Finance and retail

Card skimming, unlike point-of-sale attacks, involves the payment device being physically tampered with, mostly at cash points and petrol stations. Criminals can now buy sleek devices that clip into card readers to scan the magnetic strip, and even collect the data via a Bluetooth connection or SIM card, according to Verizon.

Three-quarters of the time third parties such as police or customers were responsible for detecting the fraud, and criminals using skimmers frequently came from Bulgaria (38% of the time), Romania (18%) or Armenia (18%).

What to do: Modern ATMs are designed to be resistant to tampering, but Verizon say vendors can use more basic methods such as stickers placed over doors to alert them to when something is wrong. For customers covering a PIN and checking to see if adjacent machines are consistent is advised.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

755 people like this.
0 people follow this.

Security Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.