Malware and the tools used by cybercriminals are evolving at an alarming rate. These days, customers are targeted more often than the financial institutions they deal with, mainly because individuals have fewer high-end security resources at their disposal.
However, the companies themselves are not going unmolested. According to a ZDNet article, a recent report showed that one major U.S. bank detected and removed more than 20 different malware families in a 12-month period, including Trojans like Zeus and SpyEye, which have been used with increasing frequency in the financial industry.
"Were these targeted attacks, or good old fashioned massive spamvertised campaigns?" wrote Dancho Danchev, author of the article. "Based on the fact that the host was infected with such a wide variety of crimeware, it appears that the host has been compromised by multiple cybercriminals/gangs of cybercriminals, who managed to trick the user behind this host, over and over again, resulting in the messy situation."
Late last month, the Federal Bureau of Investigation (FBI) issued an advisory in a joint effort with the Financial Services Information Sharing and Analysis Center and the Internet Crime Complaint Center. In that alert, they offered a series of recommendations for companies in the financial sector.
Among the FBI's suggestions were regular reviews of anti-malware defenses, intrusion detection and incident response procedures, as well as monitoring of spikes in website traffic for indications of Denial of Service Attacks. Another key area the report focused on is monitoring for system and transaction anomalies and modifying "rules" or security settings to create automatic alerts should suspicious activity be detected.
When it comes to organizations that individuals trust with their financial security, these issues cannot be taken lightly. Run-of-the-mill anti-malware software solutions don't get the job done because they cannot evolve at the same pace as the weapons in the arsenals of cybercriminals.
Managed IT support, where network defenses and IT best practices are observed around the clock, is the most efficient way for these companies to safely conduct business day-in and day-out.