The attacks from cybercriminals are now occurring in the online stock and equity trading world. Instead of simply emptying out compromised brokerage accounts, cybercriminals apparently are refining their attacks and striking at broader and more lofty goals: the trust mechanisms of business equity valuations with publicly traded stocks and equities.
George Hulme, InformationWeek contributing writer reports on his initial findings sourced from a Belgian news article on their investigation of a 2007 attack which was declassified recently:
- “…authorities said there were 20 Belgian victims who were infected, and the cyber-thieves used those accounts to manipulate share prices and profit about 100,000 Euros…
- In addition, the security mistakes made here don't appear to be the fault of the banks, rather the fault of the stock traders themselves: somehow their systems got infected with these bots and were then permitted to execute the rogue trades.
- The insidious fact is, as technology stands today, these types of attacks can affect anyone. All it takes is visiting an infected blog or news Web site and it is possible for attackers to inject the malware on end user systems. It's not yet been made public how the stock traders became infected – but infected web sites frequented by traders, or highly targeted phishing e-mails with the attack software attached are reasonable assumptions.”
What to do: Harden the target
According to the FBI and FDIC, locking down one system or using a dedicated system for your online account access improves your odds against malware driven cybercrime. Harden the target.
If you don’t already use a special system which has physical access restricted already, then at the minimum:
- Ensure that the system account you use for access does not have system administrative rights which could allow behind the scenes malware installation or ‘click psychology’.
- Try using multiple browsers, with one browser for ‘fun’ and rich internet experience and another configured only as ‘bare bones’ with completely locked down security. This should include no plug-ins enabled. [Update: See US-CERT for steps on locking down your bare-bones browser.]
- Ensure your AV protection is maximized and runs the deepest scan level possible and that updates are regularly scheduled and more frequently scheduled – for consumers this would be every fifteen minutes. [ESET users click here for details]
- Restrict physical access. Avoid using one which your teenagers can surf social networks with. Believe it or not, most of my Digital Native and malware-savvy friends who become infected simply have the common denominator of teenage kids who click links like small children use sugar on cereal – at any time possible.
- Dudes, buy our stuff. Without ESET protecting every single system on your home or business network you’re just not at the top of the food chain. :)
How to Lock Down ESET Systems Against Browser-based Malware:
In no particular order, here are the key steps to consider:
- Password protect your NOD32 settings. Malware now has the ability to access and disrupt your AV scanning capabilities. While there is protection against this in NOD32 v4, the next step to take is to assign a password to your AV solution so that it cannot be ‘cracked’ and disabled by any other applications. Click here for a Knowledge Base walk-through.
- Lock down your dedicated system to only be able to access a few sites. ESET Smart Security users can configure their systems to do this. Click here for a Knowledge Base walk-through.
- Use the firewall. ESET Smart Security includes a Personal firewall to protect your outgoing and incoming communication. Click here for a Knowledge Base walk-through. [Thanks Matt!]
- Enable all of the settings within your on-demand scans. Make sure every single ‘potentially unwanted/unsafe application’ (PUA) is ousted off of your soon to be sanitized and protected system. Click here for a Knowledge Base walk-through.
- Regularly perform an On-demand computer scan. In addition to the real-time file system protection your ESET security product offers, running an On-demand computer scan is an essential component of your security routine, particularly if you are a high-risk user or suspect that your computer is infected. Click here for a Knowledge Base walk-through.
- Change your update setting to more frequently check ESET’s signatures. Instead of the default sixty minute setting, use fifteen minutes or less. Click here for a Knowledge Base walk-through.
Of course, your mileage may vary and standard disclaimers apply since cybercriminals are far from stupid; they read our blog articles as well. :) I take no chances, so consider these steps to a highly restricted system the ‘Paranoid Mode’ of ESET Smart Security. Disclaimer: as with everything security related, consider this information to be open source for the criminals to read as well as yourselves. I make no guarantees that someone won’t figure out a way to defeat this.
CFTOs Call to Action:
As Chief Family Technical Officer, what are your steps you take to prevent online account access? Share the wealth and help us harden the target further
Securing Our eCity Contributing Writer
Author ESET Research, We Live Security