Experts: Users Not to Blame for Security Breaches

Recently, IBM Security researchers took the lid off an active campaign using a variant of the Dyre banking malware. So far, the malware has swiped over $1 million from its enterprise victims.

Dubbed The Dyre Wolf, IBM senior threat researcher John Kuhn said the variant shows a EUbrazen twistEU from past Dyre malware strains because it adds sophisticated social engineering tactics that could circumvent two-factor authentication.

EUFrom an initial infection via the Upatre malware through a spear-phishing email to a distributed denial-of-service (DDoS) attack, the criminals carrying out this latest string of attacks are using numerous sophisticated techniques,EU Kuhn explained in an IBM security intelligence article. EUHowever, social engineering and the resulting banking credentials theft is the focus of this new campaign and is ultimately what is used to illicitly transfer money from victimsEU accounts.EU

A Non-Tech Savvy Audience

So whoEUs to blame? The user or the enterprise? Philip Lieberman, president of identity management software developer Lieberman Software, told us the attack was very well targeted and hit a generally non-tech savvy audience outside the United States.

EUUnfortunately the same advice goes about not clicking on links or opening attachments when you are not expecting them. The statistics are generally in favor of the attackers in this and most other cases that will reward them handsomely for their efforts,EU Lieberman said. EUI expect that attacks will pick up outside the USA as criminals exploit the generally poor security of EMEA-based individuals and companies that are hamstrung by their governments' regressive privacy policies that protect criminals.EU

IT Needs To Innovate

So, then, is it the end userEUs fault for clicking? We turned to Richard Blech, CEO of digital security solutions firm Secure Channels, to get his thoughts. He told us if the definition of technology is the application of scientific knowledge for practical purposes, especially in...

Comments are closed.