Computing Homepage
 

Computing HelpDesk Hours:

Phone: 540-568-3555
Mon-Thu: 8:00am - 9:00pm
Friday: 8:00am - 5:00pm
Saturday: Closed
Sunday: 3:00pm - 9:00pm
(during class session)

Exceptions:

November 23-24, 2009:
Open 8am-5pm

November 25, 2009:
Open 8am-Noon

November 26-27:
Closed



Attacks Against Those with Bank Access

Attacks are targeting people with access to online business bank accounts.

The following regards those who have electronic access to JMU accounts that can perform electronic funds transfers.

There have been several public and private reports of growing numbers of unauthorized electronic funds transfers involving small business accounts including those belonging to schools.

In some cases, criminals will send specially crafted email messages to targeted people thought to have such accounts. The messages are crafted to look like business messages and the attachments and links are claimed to be business documents.

Criminals gain access to the accounts in one of two ways:

  1. By infecting account holders' computers:

    2. The messages will contain attachments that will infect the computer if the attachment is opened or web links that will infect the computer if the computer is not *meticulously* maintained and operated or if a resulting web download is accepted.

  2. By creating fake financial web sites and tricking account holders to visit those sites and provide their passwords.

The activity has prompted warnings by several financial services companies. Both the NACHA and FS-ISAC reportedly sent warnings to their members. The FDIC issued a special alert on August 26th:

http://www.fdic.gov/news/news/SpecialAlert/2009/sa09147.html

Risk reduction measures:

  1. Two party approval process for transfers performed from separate computers.
  2. Computers used to initiate transfers be dedicated to that purpose, not be used for email or general web browsing, and have access only to the financial sites where the transactions are performed.
  3. Two factor authentication to the financial sites. Note however that there have been public and private reports that some criminals are using custom malware and waiting until the legitimate user authenticates to the financial institution using a two factor device and then hijacking the session to   perform the unauthorized transfer.
  4. Standard computer maintenance and operating practices including regular user accounts. These are probably insufficient for high value financial targets and other methods shown above should be used, particularly #2.
  5. It is strongly recommended that users of high value accounts NEVER visit those accounts based on information in email or any other unsolicited electronic messaging including telephone. Only visit the web site using a previously used, known good address and always from a known, trusted, well maintained and conservatively operated computer.

Cost of risk reduction measures should be weighed against potential losses due to computer infection and account compromises. Computers used to access accounts capable of transferring large sums should seriously be considered for implementation of risk reduction measure #2 above.

The following news reports were all triggered by the alerts issued by the financial services sector. Some are follow up stories.

European Cyber-Gangs Target Small U.S. Firms, Group Says
http://www.washingtonpost.com/wp-dyn/content/article/2009/08/24/AR2009082402272.html

Cyber Crooks Target Public & Private Schools
http://voices.washingtonpost.com/securityfix/2009/09/cyber_mob_targets_public_priva.html

Cybercrooks increasingly target small business
http://www.computerworld.com/s/article/9137112/Cybercrooks_increasingly_target_small_business_accounts

FDIC Warns of Online Fraud Against Banks, Small Businesses
http://www.bankinfosecurity.com/articles.php?art_id=1732

More:

http://voices.washingtonpost.com/securityfix/2009/09/more_business_banking_victims.html

http://voices.washingtonpost.com/securityfix/2009/09/cyber_theives_steal_447000_fro.html

http://voices.washingtonpost.com/securityfix/2009/09/clamping_down_on_clampi.html

http://www.fsisac.com/about/

http://www.nacha.org/About/default.htm