Following an unprecedented rise in cybercriminal activity targeting small- and medium-sized businesses, municipalities, schools, and other organizations, the IC3 has released a detailed advisory with information about preventing, detecting and responding to corporate account takeover incidents. The document was drafted by the FBI, the United States Secret Service, the Internet Crime Complaint Center (IC3) and the Financial Services Information Sharing and Analysis Center (FS-ISAC). The advisory starts by explaining the methods used by cybercriminals to target organizations and gain access to their bank accounts. These include sending phishing or infected emails to senior executives and other key employees, often posing as notifications from known institutions or services. Advices regarding protecting against such attacks range from educating workers about security practices, to enhancing the security of the organization’s computer network and strengthening internal banking protocols. For example, the document recommends that online banking operations be performed from dedicated computers only. This means that those systems should not be used for browsing, emailing, social networking or other unrelated activities. Furthermore, deploying all security updates for the operating system, as well as installed applications is mandatory, not to mention running a comprehensive and up-to-date anti-malware solution. The advisory also recommends enabling Data Execution Prevention (DEP) in Windows, blocking AutoRun and disabling JavaScript support in Adobe Reader, a common attack vector in corporate environments. As far as banking security is concerned, the law enforcement officials recommend enforcing a strict policy where two different persons using two separate computers are needed to authorize wire or ACH transfers.

Cybercriminals are targeting the financial accounts of small and midsize businesses (SMBs), fraudulently transferring money directly from their accounts, the FBI warned October 20. In a fraud alert issued October 20, the FBI said “corporate account takeover” attacks use malware to steal passwords and other credentials from senior executives at SMBs and then use those credentials to empty the companies’ coffers. “To obtain access to financial accounts, cyber criminals target employees—often senior executives or accounting, HR personnel, and business partners—and cause the targeted individual to spread [malware], which in turn steals their personal information and log-in credentials,” the FBI says in its full report. “Once the account is compromised, the cyber criminal is able to electronically steal money from business accounts,” the report explains. “Cyber criminals also use various attack methods to exploit check archiving and verification services that enable them to issue counterfeit checks, impersonate the customer over the phone to arrange funds transfers, mimic legitimate communication from the financial institution to verify transactions, create unauthorized wire transfers and ACH payments, or initiate other changes to the account.” In addition to targeting account information, attackers also seek to gain customer lists and other proprietary information, often using the same malware-spreading techniques, the report says. The FBI first began warning enterprises about corporate account takeovers in 2006, but they are rising in numbers because cybercriminals have found them rather easy to perpetrate—especially when it comes to SMBs that do not have a dedicated IT security staff, the report says. The rewards are great—often surpassing hundreds of thousands of dollars—and the risk is low.

Tweet your observations to Security Magazine at