“It's not a fair fight,” said online security expert Brian Krebs at Mid-Atlantic Corporate's first IT and Security conference about the “asymmetry in sophistication” of savvy cyber criminals and their guileless victims.
“Financial institutions need to be doing more to educate their customers,” Krebs said.
That was the top-line message of Krebs' speech at the recent event, where he focused on the so-called Zeus Trojan malicious code – typically it infects a computer via email or a visit to an apparently innocuous website – that lets cyber criminals seize control of a victim computer.
In the worst case, the criminals – using the victim computer and its usual Internet Protocol address – can loot the account. All the computer “fingerprints” point back to the user.
An upshot: growing tensions between customers and financial institutions, said Krebs, a onetime Washington Post staff reporter who now operates his own blog.
“If this happens to a consumer, it's the bank's problem. If this happens to a business, it's the business's problem. This is causing all kinds of strife,” Krebs said later in an interview.
Krebs added that he knew of at least two financial institutions whose own internal computers had been infected by the Zeus Trojan.
“This is a problem that just keeps on,” said Krebs, who explained that the Trojan has gone through various permutations to dodge detection by security software.
Prime targets today, he elaborated, are small businesses, school districts, title and escrow companies, homeowners associations and law firms. Wherever there are large sums of money and possibly little security, Zeus-wielding criminals are sniffing around, Krebs suggested.
His best advice to users who want safety from Zeus: use one computer only for online banking. Nothing else. “No email, no Facebook, no porn, nothing else,” said Krebs.
But bottom line: “Institutions need to be telling their business customers in particular about the threats and what they need to stay alert to.”
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
