logo

  •   Submit to to del.icio.us   Submit to to digg   submit to to reddit   submit to to StumbleUpon   submit to to Google   Submit to to Yahoo!

Category: news | Posted by Avatar Staff 90 days ago
Via: http://lists.jammed.com | Tags: isn financial crisis leaves bank branches open social engineering targeted attacks comments Discuss  






From: InfoSec News <alerts_at_private>




Date: Thu, 9 Oct 2008 03:01:29 -0500 (CDT)






http://www.darkreading.com/document.asp?doc_id=165537



By Kelly Jackson Higgins

Senior Editor

Dark Reading 

OCTOBER 8, 2008



Heightened concern over the growing financial crisis is making banks 

more vulnerable to targeted social engineering and spear-phishing 

attacks, researchers said this week.



Penetration testers who work with bank clients say the fragile state of 

the banking community is making it easier for them to dupe 

understandably anxious bank employees. Bank employees are overly eager 

or easily coerced into cooperating with “auditors,” or into clicking on 

links purportedly from the bank about its own financial welfare.



“It’s definitely easier now to do some of these client-side attacks [on 

banks] because people [bank employees] are paying a lot of attention to 

their internal emails about the [financial] status of the bank,” says 

Chris Nickerson, who performs so-called “red team” testing of physical 

and electronic security as well as social engineering weaknesses for 

banks and other organizations.



Nickerson says he’s seen an increase in his bank clients’ employees 

falling for these targeted or spear-phishing attacks in his testing. “It 

used to be around 60 to 70 percent, and now it’s a 70 percent” rate of 

users falling for the phony scams he conducts, says Nickerson, CEO of 

Lares Consulting.



And breaching a bank’s physical security is also easier now, according 

to Errata Security. In a social engineering ploy for a mid-sized bank 

last week, Errata CTO David Maynor was mistaken for a federal auditor 

and allowed access to the branch manager’s unoccupied office. He made 

off with a computer backup tape containing account transaction data.



[...]





__________________________________________________      

Register now for HITBSecConf2008 - Malaysia! With 

a new triple-track conference featuring 4 keynote 

speakers and over 35 international experts, this 

is the largest network security event in Asia and 

the Middle East! 

http://conference.hackinthebox.org/hitbsecconf2008kl/



Received on Thu Oct 09 2008 - 01:01:29 PDT
addto Add this link to... report Bury 


Comments Who Voted Related Links
Copyright 2005-2008 Best of Security