Tuesday, June 14, 2011

Spear Phishing Is A Potential Threat To Financial Institutions

Cyber security of banking and financial institutions has become very important these days. Recently the Citicorp confirmed the occurrence of cyber attack upon its bank’s network. In India as well ATM frauds, credit card frauds, online banking frauds, etc have increased a lot.

However, of all these cyber crimes, phishing is the most dangerous one for banking customers. If it is a case of spear phishing, it becomes deadly as the targeted person is specifically targeted for this purpose. The attack tactics are also specifically designed for the attack purposes.

The spear phishing cases appear so genuine that even tech savvy people are fooled into divulging sensitive information. Recently Reserve Bank of India (RBI) constituted a working group on information security that gave many good cyber security recommendations. However, the implementation of these recommendations has still not been achieved.

This gives lots of space for cyber crimes like spear phishing. Recent break-ins at high-profile targets like the International Monetary Fund (IMF) demonstrate just how proficient hackers have become at spear phishing.

Today's spear phishing is not only more prevalent but also much more technically proficient. They're not going for a password, anymore, they're getting people to install malware on their computers.

According to the reports the IMF suspected that a phishing attack against one of its workers planted malware on a machine, which was then presumably used to scout the network for data to steal. But the IMF incident was only the most recent in a series of specialized attacks this year aimed at targets from the Oak Ridge National Laboratory and the French foreign ministry to Google's Gmail.

Recent cyber attacks on multinational firms and institutions, from Google and Citigroup to the International Monetary Fund, have raised fears that governments and the private sector are ill-prepared to beat off hackers. The latest high-profile target was the U.S. Senate's website, which was hacked over the weekend.

However, as far as India is concerned, it has neither a good cyber security strategy nor a strong cyber law. Even cyber crisis management plan of India is practically missing. Indian banks must urgently revamp their cyber security so that interests of bank customers can be safeguarded.

No comments:

Post a Comment