Content

Trojan army invades Europe and the U.S.

Trojan-based attacks will take over from email phishing in the U.S. and Europe as trojans become more sophisticated and harder to stop, according to a new report.

The research by the Information Security Forum (ISF) also warned over the increasing use of 'moles' placed in organizations to gain access to prize customers.

The survey of 260 ISF members that shows that over a third of members have been affected by phishing attacks. Over 30 percent of these have experienced more than 20 attacks.

The ISF report provided a detailed five-point strategy to tackle the threat of phishing attacks. But while two-factor or even three-factor authentication is seen as a strong preventative measure, the report said that savings from direct fraud alone do not currently justify the expenditure. It added that companies should consider other factors such as damage to reputation, regulatory intervention or loss of competitive advantage.

The report also pointed to better education of customers about phishing and identity theft as being a more immediate requirement. According to the report, this should be supported by a strong anti-phishing policy, continuous internet monitoring to identify phishing activity and better internal protection. In particular, with criminal gangs planting and grooming company 'moles', the need to secure customer databases from internal attack is becoming increasingly important.

Andrew Wilson of the Information Security Forum said phishing gangs are starting to turn their attentions away from the U.S. And other English-speaking countries.

"We believe that email phishing will move away from English-speaking regions to Asia, China and the Middle East, to be replaced by a surge in sophisticated and well-organized trojan attacks," said Wilson.

"Often, the first time an organization knows that it is under attack is when customers notice money missing from their accounts, so it will become vital to put early warning mechanisms in place. These can include closely monitoring customer complaints and feedback for signs of attack, regular checking of web sites for the unauthorized use of logos and brand names and open-source intelligence gathering for indications of planned attacks."

Wilson added that improving user awareness of internet risks is "key to fighting online fraud, but in a manner that does not risk losing customer-confidence in e-commerce and online banking."

Last week, SC Magazine reported on phishers targeting hapless AOL users in an attempt to steal personal information and credit card details.

www.securityforum.org

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.