What’s happening: After breaking into the computer systems of a payroll processing company, cybercriminals sent emails to the company’s customers. Users who clicked on a link in the email had their computers taken over by the attacker resulting in the theft of their user-ids and passwords. According to the Post, the malware used to break into the payroll processing company is poorly detected by most anti-virus products.
What it means: First the top-echelon of cybercriminals has become very focused and targeted. While random attacks are still common, companies are increasingly coming under targeted attack. Second, we continue to see malware that’s able to slip through anti-virus products. Third, phishing attacks are also becoming very targeted; emails used in this attack were addressed to recipients by name and included portions of their passwords.
What to do: This is another example of what we’ve already written. Senior management must proactively manage security of sensitive information through policies, awareness training, oversight of the IT security management function, etc. They should also strongly consider replacing their current ant-virus / anti-spyware product with an intrusion detection / prevention solution. Users must follow the mantra of an earlier blog: “Trust no one.”
From Brian Krebs; Washington Post: Hackers Breach Payroll Giant, Target Customers
Hackers last week apparently used stolen account information from a New Jersey company that provides online payroll services to target the firm’s customers in a scheme to steal passwords and other information.