Cybercriminals breach payroll services firm, go after customers’ computers

What’s happening: After breaking into the computer systems of a payroll processing company, cybercriminals sent emails to the company’s customers. Users who clicked on a link in the email had their computers taken over by the attacker resulting in the theft of their user-ids and passwords. According to the Post, the malware used to break […]

Cybercriminals rob not-for-profit healthcare providers

What’s happening: Several not-for-profit health care providers have been hit with the same kind of online bank fraud that’s affecting businesses and schools. Banks are resisting returning the stolen money claiming they follow “commercially reasonable practices.” What it means: Every organization must assume that they will come under attack and prepare accordingly. As our post […]

Cybercriminals use fake IRS emails to steal online banking credentials

What’s happening: U.S.-CERT has issued an alert stating: “attacks arrive via an unsolicited email message and may contain a subject line of ‘Notice of Underreported Income.’ These messages may contain a link or attachment. If users click on this link or open the attachment, they may be infected with malicious code” designed to steal bank […]

Security of Online Banking Threatened by Defeat of Two-Factor Authentication

What’s happening: Cybercriminals have learned how to steal money from business bank accounts even when bank security controls include second-factor authentication. What it means: Most banks and businesses believe online banking is safe when protected with what’s known as 2nd-factor [or multi-factor] authentication. While second-factor authentication is a step-up over single-factor, it is still not […]

Company sues bank after $588,000 stolen by cyberthieves

What’s happening: Another corporate victim of cybertheft goes public; sues bank over sophisticated online bank heist What it means: This is our 9th posting on online bank theft in the last month. It illustrates how the world of cybercrime has changed. Cybercriminals are targeting small and medium-size organizations, hacking into their computer systems and stealing […]

Cyberthieves using Twitter to sell fake antivirus software

What’s happening: Cyberthieves are taking advantage of security weaknesses in Twitter to take sell them fake antivirus software What it means: The Twitter situation corroborates IBM’s recent study of web security in which they wrote: The result is “an unprecedented state of Web insecurity as Web client, server and content threats converge to create an […]

Adding Insult to Injury, Cybercrime Victims May Be Faced with Expensive “Breach Notification” Costs

What’s happening: Cyberthieves stealing money from corporate bank accounts are also trigerring “breach disclosure” laws What it means: At least 44 states plus the District of Columbia have “breach disclosure” laws requiring businesses and other organizations to notify consumers when they have reason to believe that private consumer information has been compromised. According to insurance […]

Like Generals, in Battle Against Cybercrime IT Staff Are Fighting Yesterday’s War

What’s happening: A new study from the respected SANS Institute finds that as IT departments have become better at defending against yesteday’s cyberthreats, cybercriminals have moved on to a new generation of ever-more sophisticated attacks. What it means: Sensitive corporate information — including access to the corporate coffers — is not being adequately protected.The security-software […]

Cyber Crooks Target Public & Private Schools

What’s happening: It’s not just businesses that are losing money to cybercriminals. This post shows that schools are also at risk. We can conclude, by inference, that not-for-profits are being hit as well. The news just hasn’t surfaced. What it means: Every small and medium size organization is at financial risk from cybercrime. What to […]

Cyber Thieves Steal $447,000 From Wrecking Firm

What’s happening: News continues to surface of businesses being hit by cybercriminals. This story is particularly bad in that the company and the bank had strong technology in-place (multifactor authentication) designed to prevent this kind of attack. Unfortunately, an employee missed a clear danger signal. What it means: Cybercriminals can get by the best technology […]