http://www.darkreading.com/document.asp?doc_id=165537 By Kelly Jackson Higgins Senior Editor Dark Reading OCTOBER 8, 2008 Heightened concern over the growing financial crisis is making banks more vulnerable to targeted social engineering and spear-phishing attacks, researchers said this week. Penetration testers who work with bank clients say the fragile state of the banking community is making it easier for them to dupe understandably anxious bank employees. Bank employees are overly eager or easily coerced into cooperating with “auditors,” or into clicking on links purportedly from the bank about its own financial welfare. “It’s definitely easier now to do some of these client-side attacks [on banks] because people [bank employees] are paying a lot of attention to their internal emails about the [financial] status of the bank,” says Chris Nickerson, who performs so-called “red team” testing of physical and electronic security as well as social engineering weaknesses for banks and other organizations. Nickerson says he’s seen an increase in his bank clients’ employees falling for these targeted or spear-phishing attacks in his testing. “It used to be around 60 to 70 percent, and now it’s a 70 percent” rate of users falling for the phony scams he conducts, says Nickerson, CEO of Lares Consulting. And breaching a bank’s physical security is also easier now, according to Errata Security. In a social engineering ploy for a mid-sized bank last week, Errata CTO David Maynor was mistaken for a federal auditor and allowed access to the branch manager’s unoccupied office. He made off with a computer backup tape containing account transaction data. [...] __________________________________________________ Register now for HITBSecConf2008 - Malaysia! With a new triple-track conference featuring 4 keynote speakers and over 35 international experts, this is the largest network security event in Asia and the Middle East! http://conference.hackinthebox.org/hitbsecconf2008kl/Received on Thu Oct 09 2008 - 01:01:29 PDT
This archive was generated by hypermail 2.2.0 : Thu Oct 09 2008 - 01:12:05 PDT