GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View flipbook of this issue

Care to Share?


Table of Contents

Lead Story

What's changed, what's stayed the same since 2003?

News

Industry Update

Infographic counters MPC 'swipe fee' claims

New cyber threat targets SMBs

Reservations about EMV security, timeline surface

Vatican looks outside EU for card solution

Features

Debit in 2013: Life after Durbin

Ryan Feeley
First Annapolis Consulting

Are you ready to put your clients first?

Research Rundown

Mobile payments global forecast

ISOMetrics:
The CBO's outlook through 2023

Striking that communication balance

Selling Prepaid

Prepaid in brief

TSYS to don program manager mantle

Synergy between ATMs, prepaid established

Views

Payment alternatives, like microbrews, are good

Brandes Elitch
CrossCheck Inc.

Education

Street SmartsSM:
Are leave behinds integral to the sales process?

Jeff Fortney
Clearent LLC

15 tips to boost merchant level sales

Peggy Bekavac Olson
Strategic Marketing

PCI programs: From spring cleaning to a full remodel

Chris Taylor
SecurityMetrics

Should ISOs have an AML policy?

Adam Atlas
Attorney at Law

Company Profile

ABTEK Financial

New Products

Reshaping the restaurant POS

Bevo
Benseron Information Technologies Inc.

Customer authentication in 30 seconds

Netverify Mobile
Jumio Inc.

Inspiration

Navigating the tradeshow circuit

Departments

Readers Speak

2013 events calendar

Resource Guide

Datebook

A Bigger Thing

The Green Sheet Online Edition

March 11, 2013  •  Issue 13:03:01

previous next

New cyber threat targets SMBs

Security awareness training firm KnowBe4 warned of a new security threat to small and mid-sized businesses (SMBs). The threat, called Advanced Persistent Threat, or APT, is usually initiated via spear-phishing attacks orchestrated by teams of fraudsters, according to KnowBe4. The attack targets company executives who have access to businesses' most sensitive and secure information. KnowBe4 said APTs are typically sponsored by governments that have the capabilities and intent to persistently target specific entities.

KnowBe4 founder and Chief Executive Officer Stu Sjouwerman explained how the attacks work. Fraudsters target a business and hone in on key employees, then research and harvest data about those individuals, including emails, pictures and financial records.

Sjouwerman said the APT then carries out its attack by sending the target an email from a seemingly recognized source. The email contains an attachment. When the attachment is opened, the computer is infected with malware that allows fraudsters to gain undetected access to the organization's computer system. Sjouwerman noted that victims may remain unaware of the virus for years because of the subtle nature of the attack.

Phishing in growth mode

In an August 2012 blog post on the website of RSA Security Solutions, the Security Division of EMC Corp., RSA documented the global rise of phishing attacks in the first half (1H) of 2012. Compared with fraud statistics from the second half (2H) of 2011, RSA said businesses experienced 19 percent more phishing attacks in the January to June 2012 timeframe, with attacks heavily targeting organizations in the United Kingdom, the United States and Canada.

The blog post, entitled "Phishing in Season: A Look at Online Fraud in 2012," said the number of 1H2012 phishing attacks averaged 32,581 a month, and represented the fourth straight increase in the number of attacks recorded since 2H2010. The estimated global fraud losses from phishing attacks in 1H2012 surpassed $687 million, up 32 percent from 1H2011, RSA stated.

Human emotion is the reason phishing attacks persist and, in fact, continue to grow. "What makes phishing so successful is its social engineering component which drives the schemes used by cybercriminals today to manipulate online users into disclosing private information," said the post. "In social psychology, one of the routes to persuasion is designed to get a person to purposefully not think - but rather react emotionally and react immediately." RSA noted that the most successful phishing scams play upon common human motivators and emotions through:

Red flag warnings

SMBs are being victimized by APT attacks because they are not taking proactive measures to prevent attacks, according to Sjouwerman. One measure is for SMBs to train employees on how to detect potential phishing attacks. The security firm said various fields in emails can provide red flags of potential attacks, such as:

KnowBe4 offers SMBs the Kevin Mitnick Security Awareness Training online program, which includes case studies, live demonstration videos and short tests. Mitnick, who heads Mitnick Security Consulting LLC, is notorious for hacking exploits perpetrated in the early 1990s.

For additional news stories, please visit www.greensheet.com and click on "Read the Entire Story" in the center column below the latest news story excerpt. This will take you to the full text of that story, followed by all other news stories posted online.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

USAePay | Impact Paysystems | Electronic Merchant Systems | Inovio