The world’s largest financial institutions have experienced a surge in the number of security attacks over the past year, specifically from external sources.

E-Brief News reports that the Deloitte Global Security Survey revealed that 78% of respondents confirmed a security breach from outside the organisation while 49% experienced at least one internal breach. Analysts warn that the severity of the security breaches signals a new reality for the global financial industry. The international financial services sector is taking the threat seriously and has begun implementing measures to fend-off these threats. Scoop reports the most common attacks the global financial industries experienced over the past 12 months were designed to extort money. Phishing and pharming accounted for more than half (51%) of external attacks, closely followed by spyware/malware attacks (48%). Insider fraud (28%) and leakage of customer data (18%) were cited by respondents among the top three most common internal breaches. CNET News reports that hackers are using sophisticated ransomware, which is malicious code, to hijack a company's user files, encrypt them and then demand payment in exchange for the decryption key. Kaspersky Labs said the encryption algorithms used by cybercriminals are becoming increasingly complicated and foxing antivirus companies. 'There's a potential situation where antivirus companies won't be able to decrypt the files,' said David Emm, senior technology consultant at Kaspersky. 'Within a corporation, the IT department normally backs up files. The danger is where attacks are launched at smaller businesses (without IT departments) and individuals.' The Star reports that hi-tech fraudsters have hacked into dozens of SA companies and made off with more than R30m. 'What we are seeing is a Mr Big, who is a hardcore criminal employing skilled IT people who develop (hacking) codes that can be used against organisations,' said American IT expert Richard Archdeacon, who visited SA recently.
Full Scoop report
Full CNET News report
Full report in The Star


In other developments, criminal gangs are beginning to exploit the Internet telephone network to steal bank account and credit card details. According to a Times Online report, the fraud has been dubbed 'vishing' because it is similar in technique to phishing, the scam that uses bogus e-mails and Web sites to elicit bank details from unsuspecting Internet users. The fraudsters are using cheap telephone calls through VoIP to tell members of the public that credit card or bank details have been used illegally. The recipients are urged to call a bogus number to have their details updated. A computer-generated voice tells the caller to enter their card details and security information. By doing so, the fraudsters receive all the information they need to empty the caller’s account. When security experts first learned of vishing, they all but expected that the voice on the other end would have an Eastern European accent because so many scams are linked back to Eastern European countries. One of the more recent vishing e-mails targeted the Santa Barbara Bank & Trust Inc. VOIP News reports that the reason why there is not an Eastern European voice on the other end is that the scam creators probably used Festival, a speech synthesis module available with Asterisk.
Full Times Online report
Full VOIP News report