Many SMBs are unaware that hackers are finding online banking transactions to be profitable and easy targets for cyber-attacks because of several weaknesses in the security systems not only of both organizations, but also in the authentication protocols between them.
In a recent attack, cyber-thieves managed to get away with $63,000 after they exploited vulnerabilities in the online payroll system of a small business with its bank.
First, the crooks managed to infiltrate the company’s system through a piece of malware called the Zeus Trojan. This gave them access to the company’s data, including the password and username used in transacting with the company’s bank. The thieves then created several new ghost employees and created payroll accounts for them, which they sent to the bank and authenticated using the company controller’s username and password. And to cover their tracks, the hackers erased the confirmation emails regarding the transaction.
This incident highlights the need for better security systems in both the business and their bank – as security experts cite online banking transactions as one of the favorite targets of cyber-criminals. Cyber-attacks such as this one exploit weaknesses in many existing systems that rely on very simple and automated authentication procedures to confirm transactions.
A direct threat to your business finances is not something to be taken lightly. You not only need to review your current online banking system, but also the current security protocols you have installed, since hackers and cyber-criminals are constantly updating Trojans and other malware to adapt to changing IT protection systems.
We encourage you to have us take a look at the systems you have in place to determine if you are at risk for attacks like these. Please do not hesitate to contact us and we will be happy to draw up custom security solutions that address your specific needs.
References: Sold a Lemon in Internet Banking Cybercrooks Drive Away With $63,000 from Car Dealership
Published with permission from TechAdvisory.org. Source.
Comments