[ISN] Financial Crisis Leaves Bank Branches Open to Social Engineering, Targeted Attacks

From: InfoSec News <alerts_at_private>
Date: Thu, 9 Oct 2008 03:01:29 -0500 (CDT)

By Kelly Jackson Higgins
Senior Editor
Dark Reading 
OCTOBER 8, 2008

Heightened concern over the growing financial crisis is making banks 
more vulnerable to targeted social engineering and spear-phishing 
attacks, researchers said this week.

Penetration testers who work with bank clients say the fragile state of 
the banking community is making it easier for them to dupe 
understandably anxious bank employees. Bank employees are overly eager 
or easily coerced into cooperating with “auditors,” or into clicking on 
links purportedly from the bank about its own financial welfare.

“It’s definitely easier now to do some of these client-side attacks [on 
banks] because people [bank employees] are paying a lot of attention to 
their internal emails about the [financial] status of the bank,” says 
Chris Nickerson, who performs so-called “red team” testing of physical 
and electronic security as well as social engineering weaknesses for 
banks and other organizations.

Nickerson says he’s seen an increase in his bank clients’ employees 
falling for these targeted or spear-phishing attacks in his testing. “It 
used to be around 60 to 70 percent, and now it’s a 70 percent” rate of 
users falling for the phony scams he conducts, says Nickerson, CEO of 
Lares Consulting.

And breaching a bank’s physical security is also easier now, according 
to Errata Security. In a social engineering ploy for a mid-sized bank 
last week, Errata CTO David Maynor was mistaken for a federal auditor 
and allowed access to the branch manager’s unoccupied office. He made 
off with a computer backup tape containing account transaction data.


Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
Received on Thu Oct 09 2008 - 01:01:29 PDT

This archive was generated by hypermail 2.2.0 : Thu Oct 09 2008 - 01:12:05 PDT