Many small and midsize businesses have fallen victim to a recent deluge of phishing attacks.
The spike in attacks - which Symantec Corp. called an "unprecedented jump" - took place in the past two weeks, when phishers sent out a large number of spam emails containing 'polymorphic malware,' or malicious programs that change their appearance to avoid detection, Brian Krebs reported Monday at krebsonsecurity.com.
Many of the emails impersonate Nacha, the electronic payments association. The thieves' targets included the accounting firm of Oncology Services of North Alabama, which lost $120,000, Krebs wrote. Krebs said he suspects that other clients of the firm, which the healthcare provider declined to name, may also have been struck by the same thieves.
Although businesses have a responsibility to protect their banking credentials, "most banks have significant room for improvement in securing the authentication space for their customers," Krebs wrote.
And even the most security-conscious businesses can still find their defenses lacking.
"As I've noted in past stories, all of the victims I've interviewed were running anti-virus software," Krebs wrote, and these programs rarely had the ability to defend against the malware used in the attacks until it was too late.