Security managers guarding bank account, credit and debit card data should take protective measures up a notch in 2012, new research suggests. Perhaps even two notches.
Data-stealing malicious software and Trojan viruses threatening data security climbed to new heights during the first half of 2011, the Anti-Phishing Working Group, a global coalition that tracks electronic crime, said Dec. 25.
The group identified specific increases in malware attacks designed to intercept confidential information such as credit card data, Social Security numbers and credentials to access financial websites, which one analyst says is troubling.
“Criminals are becoming very strategic about targeting small and medium-sized businesses to extract their financial details, as well as working harder to get ahold of consumers’ personal data,” Julie Conroy McNelley, a senior analyst with Aite Group, tells PaymentsSource.
Most banks and card issuers already are taking action to protect data at a high level, McNelley says. But in the face of rising threats, she suggests banks strengthen their efforts by adding “layers” of data-protection to systems wherever possible (
The incidence of data-stealing malware and generic Trojans during the first six months of the year hovered at 40% of all malware detected, up from 36% at the end of 2010, the Anti-Phishing Working Group’s analysis of cybercrime trends shows. Data-stealing malware and generic Trojans incidents spiked to 45% of all malware detected during April, exceeding the previous high of 44% in August 2010, the group said in a press release.
The release in March of the source code for the Zeus crime kit enabling downloads of “malicious binaries” designed to steal bank or payment card credentials contributed to the rise in overall malicious activity, Chris Astacio, manager of security research for Websense Inc., tells PaymentsSource in an email. San Diego-based Websense is one of several companies that contributes to analyzing coalition data.
Because of the Zeus crime-kit release, “the security threat to credit and debit cards is definitely on the rise,” Astacio says.
The use of spam messages to intercept confidential account information also rose in 2011, he says.
“One particularly dangerous and recent spam campaign tricked victims into infection by stating that an [automated clearinghouse] transfer sent to their account was rejected,” Astacio notes.
Victims were duped into opening and executing an attached malicious binary code and subsequently were exposed to a Trojan virus called SpyEye designed to grab banking or credit card credentials, Astacio says.
On the positive side, unique phishing reports during the first half of the year submitted to the coalition were down, to 26,402 from the all-time high of 40,621 in August 2009, the report said.
Egypt, which has risen as a source of malicious activity since last year, ranked in the top three among countries hosting phishing sites for four of the first six months of 2011, according to the report. The U.S. and Canada ranked first and second respectively.
What do you think about this? Send us your feedback.
