Banks: Hackers Get More Aggressive in Attacking Customer Accounts
Annual FS-ISAC survey of banks shows average loss of $777,064
A survey of large financial institutions shows they faced more attacks by hackers to take over customer banking accounts last year than in the two previous years, and about a third of these attacks succeeded.
The total number of attacks to try and break in and transfer money out of hacked customer accounts was up to 314 over the course of 2011, according to the Financial Services Information Sharing and Analysis Center (FS-ISAC), which released findings of its survey of 95 financial institutions and five service providers. That's an increase from 87 attacks against bank accounts in 2009 and 239 in 2010.
FS-ISAC is the group that coordinates on security issues with the Department of Homeland Security. The survey was conducted by the American Bankers Association.
The actual dollar losses taken by the financial institutions last year was $777,064, down from a high of $3.12 million in 2010. Dollar loss for customers was $489,672 in 2011, as compared with $1.16 million in 2010.
Banks responding to the survey said they were beefing up defenses against account takeovers through customer education, more use of multi-factor authentication, and shutting down customers' online access to a commercial system once anomalous behavior is detected
Banks responding to the survey said they were beefing up defenses against account takeovers through customer education, more use of multi-factor authentication, and shutting down customers' online access to a commercial system once anomalous behavior is detected.
Increasingly, banks are extending strong authentication to their customers to prevent successful takeovers of accounts by hackers, whose strategy is often to use malware to take control of the computer of someone authorized to make payments or other high-dollar transfers related to corporate accounts.
These authentication methods can take many forms. United Bank & Trust, located in Ann Arbor, Mich., for instance, increased security for customers through a method that automatically phones the customer making an online funds transfer to verify the details about the transaction before it's actually executed.
Called PhoneFactor, this authentication method is now used for what the bank regards as high-risk transactions, says Marsha Whitehouse, vice president of treasury management at United Bank & Trust. This would ordinarily be associated with an individual authorized to make ACH or fund transfers via a corporate account. Through an automated process, PhoneFactor immediately places a phone call to verify details about the transaction request. Whitehouse says, "It improves security."
Since Monday, close to 1,000 workers at an IBM factory in China have been protesting the proposed acquisition, fearing they may lose their jobs if the deal goes through.
Incident responders have no good way of distinguishing inconsequential malware from highly damaging malware. They spend way too much time and resources chasing red herrings while truly malicious activity slips past.
According to AppRiver's unscientific survey of IT security professionals, the ethics and legality of NSA activities is simply not part of the day-to-day concern when it comes to defending against malware and cyber attacks.
Having lots of Wi-Fi networks packed into a condominium or apartment building can hurt everyone's wireless performance, but Stanford University researchers say they've found a way to turn crowding into an advantage.