Brian Krebs, the former Washington Post reporter now writing at KrebsonSecurity.org, has confirmed that cyber-criminals struck an Arkansas regional water utility and a New Jersey town recently moving money from the government accounts by online transfers. ...On March 4, organized crooks stole roughly $130,000 from North Garland County Regional Water District, a public, nonprofit utility in Hot Springs, Ark. Again, thieves somehow broke into the utility’s online bank account and set up unauthorized transfers to more than a dozen individuals around the country that were not affiliated with the district.The investigation continues and the public utility and bank have recovered about half of the losses. You can read the complete article at: http://www.krebsonsecurity.com/2010/03/organized-crooks-hit-nj-town-arizona-utility/#more-1918
Update: 3/30/10 I can't say it any better. "Online Thieves Take $205,000 Bite Out of Missouri Dental Practice." Brian drills down into the details (pun intended) at: http://www.krebsonsecurity.com/2010/03/online-thieves-take-205000-bite-out-of-missouri-dental-practice/
A public library in Florida, a school district in New York, a manufacturing firm in Texas, a water utility in Arkansas, and those are just a few recent cases. Keep in mind that commercial accounts are handled differently than consumer accounts. Brian reminds us, "Let me be clear: The advice was aimed not at consumers, but at small to mid-sized companies that may not have a full-time IT/security staff, and who rely on one or two people to handle their bank accounts and payroll online."
This type of online computer theft uses infected computers to make electronic transfers from uninsured commercial bank accounts. If a cyber-thief gains access to your login and password, the commercial account holder is on the hook - not the bank. The bank was following "your instructions." These crimes are happening from coast to coast, but you're not reading about the details in many daily newspapers or on national TV news programs. You can find more examples in Brian's earlier articles in the Washington Post at: http://voices.washingtonpost.com/securityfix/small_business_victims/
I haven't found any better articles regarding how small businesses, government agencies and non-profits can try to protect themselves than Brian's earlier articles on the topic. My suggestion is review all three of the articles and do what you think works best for your organization.
"Avoid Windows Malware: Bank on a Live CD," WashingtonPost.com, Oct. 12, 2009
http://voices.washingtonpost.com/securityfix/2009/10/avoid_windows_malware_bank_on.html
"E-Banking on a Locked Down (Non-Microsoft) PC," WashingtonPost.com, Oct. 12, 2009
http://voices.washingtonpost.com/securityfix/2009/10/e-banking_on_a_locked_down_non.html
"E-Banking on a Locked Down PC, Part II," WashingtonPost.com, Oct 20, 2009
http://voices.washingtonpost.com/securityfix/2009/10/e-banking_on_a_locked_down_pc.html
No comments:
Post a Comment