Oct 21, 2010 12:40 GMT  ·  By
IC3 advises businesses on how to protect themselves against corporate account takeover
   IC3 advises businesses on how to protect themselves against corporate account takeover

Following an unprecedented rise in cybercriminal activity targeting small and medium sized businesses, municipalities, schools and other organizations, the IC3 has released a detailed advisory with information about preventing, detecting and responding to corporate account takeover incidents.

The document [pdf] was drafted by the FBI, the United States Secret Service, the Internet Crime Complaint Center (IC3) and the Financial Services Information Sharing and Analysis Center (FS-ISAC).

The advisory starts by explaining the methods used by cybercrimianals to target organizations and gain access to their bank accounts.

These include sending phishing or infected emails to senior executives and other key employees, often posing as notifications from known institutions or services.

Advices regarding protecting against such attacks range from educating workers about security practices, to enhancing the security of the organization's computer network and strengthening internal banking protocols.

For example, the document recommends that online banking operations be performed from dedicated computers only.

This means that those systems should not be used for browsing, emailing, social networking or other unrelated activities.

Furthermore, deploying all security updates for the operating system, as well as installed applications is mandatory, not to mention running a comprehensive and up-to-date anti-malware solution.

The advisory also recommends enabling Data Execution Prevention (DEP) in Windows, blocking AutoRun and disabling JavaScript support in Adobe Reader, a common attack vector in corporate environments.

As far as banking security is concerned, the law enforcement officials recommend enforcing a strict policy where two different persons using two separate computers are needed to authorize wire or ACH transfers.

In this way, even if one of them is compromised, the attackers won't be able to abuse the newly gained access.

In addition, discussing early prevention services like SMS notifications, call backs, or daily transfer limits, with the bank, is strongly encouraged.

"The information contained in this advisory is intended to provide basic guidance and resources for businesses to learn about the evolving threats and to establish security processes specific to their needs.

"However, it is very important to note that as the cyber criminals change their techniques, businesses must continue to improve their knowledge of and security posture against these attacks," the document stresses.