HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 11 MINUTES AGO.
You are here: Home / Data Security / Bank Web Sites on Alert After Attacks
Banks on High Alert After Cyber Attacks
Banks on High Alert After Cyber Attacks
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
SEPTEMBER
20
2012



The Financial Services Information Sharing and Analysis Center has raised its cyber threat levels to "high" this week after several financial institutions -- including titans Bank of America and JP Morgan Chase -- fell victim to intermittent Web site outages.

"Issues of concern include the recent credible intelligence regarding the potential for [Distributed Denial of Service] and other cyber attacks against financial institutions," the group said on its Web site. "Additionally, Relevant Products/Services is aware of targeted attacks via active exploitation of a zero-day remote code execution vulnerability in Internet Explorer."

Microsoft has issued a quick fix for the IE flaw and plans to issue a full patch on Friday. Meanwhile, Bank of America said its Web site was back up and running normally. Chase.com appeared to be up and running as of the time of this writing.

Hardening Browsers

We turned to Bill Morrow, CEO of Quarri Technologies, to get his take on some of the fallout from the IE zero-day flaw. He told us the latest IE bug is an exploit that allows a Web site -- malicious or compromised -- to download and execute arbitrary code to the end user. He also pointed to the incident as evidence that endpoints today still remain afterthoughts in the security landscape.

"While Microsoft works on a patch for this new bug, industry experts are suggesting that users install new software and/or reconfigure network browser settings," Morrow said. "While the right idea in theory, in reality there is a high probability that many end users wouldn't perform the necessary mitigation or configuration steps to stop the attack."

Beyond the immediate issue with IE, Morrow also noted that the incident is yet another example of enterprise Web applications being at the mercy of the end user's skills at being a security administrator.

"To minimize their exposure to malware, it is critical for organizations to provide and enforce the use of a secure, hardened browser session to protect their most sensitive information and prevent unauthorized use and replication of confidential data," Morrow said.

Aggressive Cyber Criminals Rising

We also asked Chris Petersen, CTO of LogRhythm, for his take on the incident. He told us the latest security headline is a reminder of the increasing aggressiveness of cyber criminals.

"This aggressiveness combined with browser-based vulnerabilities like the one recently announced by Microsoft IE pose a real challenge to banks," Petersen said. "Targeted spear-phishing campaigns have a very high success rate and help cyber criminals easily bypass bank firewalls."

From his research, zero-day attacks are increasingly bypassing point security solutions designed to protect online banking Web sites. To defend against these advanced threats coming from multiple vectors, he said, banks should adopt a posture of continuous and automated analysis across all internal network and system activity to recognize abnormal and concerning behavior.

"For banks and most organizations, the unfortunate reality is that if targeted, they will most likely be breached," Petersen said. "The question then becomes how capable and quickly can the breach be detected, contained, and eventually eradicated."

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN DATA SECURITY

NETWORK SECURITY SPOTLIGHT
As potential legal liabilities for the company behind Ashley Madison, a dating site for married people, continue to mount, Noel Biderman, the firm's co-founder and CEO has stepped down.

ENTERPRISE HARDWARE SPOTLIGHT
Is Windows 10 killing the PC market? Something is going on. IDC predicts worldwide PC shipments will fall 8.7 percent in 2015 -- and shipments aren’t expected to stabilize until 2017.

NEWSFACTOR.COM
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2015 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.