BANKERSONLINE.COM MAIN PAGE             Print Friendly Version!    Email This Article!    Discuss NOW!
April 29, 2011

Welcome to Tech Talk!
In this edition, Tech Talk Editors George Milner and Teri Wesley write about a big-time breach, emphasis on encryption, focus on phishing, and more!

Our selections from this week's tech news:
  • Malware sends millions to China
  • Sony loses against hackers
  • Head honcho to go after glitch
  • Stronger password security? Check!
  • Emails for sale
  • Still not getting the message
  • Hooked on phishing
  • SpyEye seeking surfers
  • Hiding data in plain sight
  • Shredding: paper to PCs
  • Risky corporate bedfellows
  • Banks become friends
  • Patches, updates and alerts
  • and on the lighter side...
  • Get the details below.

    Payment Card Industry Data Security Policy Template
    On the lighter side ...
    Change is coming to the customers of this bank. Any change they want. Really.
    Malware sends millions to China
    Cybercriminals have compromised the online banking credentials of small-to-medium sized U.S. businesses in at least twenty incidents and initiated wire transfers to Chinese economic and trade companies. Using the ever-popular banking malware ZeuS and Spybot, the attackers transfer amounts ranging from $50,000 up to nearly $1 million each incident. To date, actual victim losses are $11 million and total attempted fraud amounts to approximately $20 million. Threatpost has the details and a link to the FBI's alert. Kapersky Lab Malware researcher Vicente Diaz discusses the bank trojan malware epidemic at Threatpost.

    Sony loses against hackers
    Sony believes that "anything you can imagine, you can make real." We're guessing they didn't imagine becoming the target of a massive data breach to their online gaming network. But it's real. Personal data, including birth dates and possibly credit card details, of up to 77 million PlayStation users may have been exposed by hackers that gained access to the online gaming network between April 17 and April 19. Sony is scrambling to get their network back up and running, provide updates to users and respond to lawsuits as gamers are advised to change their passwords, put a credit alert on their payment accounts and beware of phishing attacks likely to follow the breach. Sony has released its assurance to users that credit card data stored in their network was encrypted but just how encrypted was it? Sophos has more on this developing story.

    Head honcho to go after glitch
    Mizuho Bank, one of three Japanese megabanks, is part of the second-largest financial services company in Japan. As if the battered country isn't already dealing with enough, a computer glitch last month left millions of bank customers without access to their funds when the bank's system was flooded with donations in the wake of the earthquake and tsunami. Mizuho Bank was not able to fully recover from the damage caused by the massive shutdown. Bank president Satoru Nishibori is resigning his position as head of Mizuho and Mizuho Financial Group President and CEO Takashi Tsukamoto is under fire as well, reports Reuters. Do you have a disaster recovery plan in place in the event your system experiences a major glitch?

    Stronger password security? Check!
    In the wake of multiple data breaches and the recent attack against Sony's PlayStation network, encryption methods are under scrutiny. We've written numerous articles on the need for better, more secure passwords to protect users' personal and financial data. Researchers have answered the call to devise a method for more secure passwords that make a hacker's job tougher but provides users the ability to maintain passwords they can easily remember. The researchers have developed encrypted p-CAPTCHAs, or password-CAPTCHAs, which splits a long and secure password into two components. The first component is memorized by the user while a Java applet does the rest by transforming the second portion into a CAPTCHA image. PC World has the details.

    Emails for sale
    With the spike in phishing attacks targeting banking credentials, there's a good probability that many of your customers' email addresses are somewhere out in cyberspace for the taking. Scammers have myriad sources to obtain email lists ranging from botnet programs, underground cybercrime forums, and open-air markets selling millions of email addresses for as little as a penny for each 1,000 emails. Krebs on Security has more on how scammers get their hands on email addresses. Constant reminders to your customers - and staff - to be vigilant about carefully screening emails and to question any email that appears to be from your bank requesting personal information can go a long way in reducing phishing attacks.

    Still not getting the message
    How many times have we warned you and you warned your staff and customers about the pitfalls and risks of inappropriate or careless use of email? A recent survey of corporate email users revealed that 1 in 10 had unintentionally leaked sensitive corporate data via email. Further, in companies with more than 100 employees, more than 73 percent of the respondents admitted to emailing information in violation of regulatory compliance and over 45 percent noted that an email they sent was forwarded to other recipients that weren't supposed to see it! Get more alarming results at InfoWorld and then reinforce your institution's email policy with your staff - again.

    As we were going to press with this issue, another data loss incident has been reported as the result of an email accidentally sent to "several hundred" affiliates by a New York Yankees ticket sales representative containing a spreadsheet with the personal details of over 21,000 Yankees ticket holders. Sophos has the details.

    Hooked on phishing
    A growing number of data thieves are casting out their phishing hooks around the world. According to Anti-Phishing Working Group's (APWG) bi-annual Global Phishing Survey 2H2010, 67,677 phishing attacks were reported during the first half of 2010 - an increase of nearly 20,000 over last year's 48,244 reported attacks. APWG contributes the increased number to attacks targeting China, noting 12,282 targeted attacks on Chinese institutions in the reported period. CIO has the details.

    SpyEye seeking surfers
    Web surfers are the latest target of the SpyEye bank trojan. The newest variation of the malicious malware has been found with the option for new "form grabbing" capabilities against Google Chrome and Opera users. Until now Chrome and Opera were believed to be less of a target for cyber crooks due to the smaller number of users surfing with the less-popular browsers, reports Krebs on Security. If any of your systems are running these browsers, make sure you have the latest updates and patches.

    Hiding data in plain sight
    Encryption is one viable option for protecting sensitive data on your systems. A group of academic researchers in the U.S. and Pakistan have gone a step further and developed an application that hides the presence of that data. The new steganography (the science of hiding information) system works by breaking a file into multiple fragments and scattering the individual pieces throughout the hard drive. Get more details at Threatpost.

    Shredding: from paper to PCs
    The best method to destroy confidential papers and documents is the use of a paper shredder. But what about the sensitive data that often remains on discarded mobile devices, printers and computer hard drives despite attempts to wipe the drives? German firm JBF has the ultimate solution - a computer shredding machine, literally. Steel PC towers, routers, hard drives and other peripherals are fed through the JBF 70/74 and chewed up into tiny metallic bits. Threatpost has a video of the industrial shredder in action.

    Risky corporate bedfellows
    When securing your corporation or institution's network, don't lose sight of the forest that surrounds your own "trees." The security - or insecurity - of the systems used by your customers or third-party vendors can ultimately come back to you. Cybercriminals are masters of trickery and your retail and corporate online banking customers are popular targets. Networkworld explores how corporations and banks are taking steps to protect their networks from inbound attacks via outside branches.

    Banks become friends
    Facebook, Twitter, LinkedIn and other social media sites are the "in" place to be - personally and professionally. With the growing number of consumers and businesses using social media to make connections and do business, the financial services industry is embracing the best of what social networking has to offer. Banks are increasing customer engagement with online discussion forums, advertising products and services and tuning in to what customers are saying about their institution on social media sites. Networkworld has more. Is your bank on your customers' friends list?

    Patches, Updates and Alerts...
    Subscribe to Tech Talk and BOL Tech Advisories

      In the Banker Store
    CD ROM Training
    "Social Engineering"
    What the Red Flag Regulations Missed
    FACTA: Responding to Identity Theft (Video)
    Video Training
    Responding to Identity Theft
    CD ROM Training
    The Network Security Headache
    Is There an Easy Remedy?
      Archived Articles on Technology and eBanking
    You have access to archived Tech Talk pages and Tech Alerts on BankersOnline's
    Technology & eBanking Archive page.
    Plus, you'll find the latest technology and eBanking articles and guru Q&As there, too. You'll find many more related articles in our InfoVault.
      Support the vendors who support BOL!
    Through their advertising and sponsorships on BOL and BOL Vendor Connect, companies offering banking products and services help to make this site possible. When you're looking for a supplier, give your business to companies who support Find them now in Our Sponsors and BOL Vendor Connect.