SpyEye targets security blindspots

Last updated: 21 March 2014

According to this article from USA Today last week, cyber-attacks are set to increase over the remainder of this year due to the widespread availability of a new SpyEye hacker toolkit. The software allows hackers or cybercriminals to control a network of up to thousands of botnets, which can then be used for spamming, DDOS (Distributed Denial of Service) attacks, fraud and all manner of other illegal activities.

This new threat makes it all the more crucial that both consumers and businesses run up-to-date versions of anti-malware/anti-virus software and scan their machines regularly to ensure that they are not infected.  However, this will not counter all the danger presented by this sophisticated toolkit.

One of the ways hackers gain access to computers is through weak passwords, which then allow cybercriminals to use that machine to carry out attacks. As we and many others have discussed recently, there are simple ways for individuals to increase the strength of their passwords. But for corporate computers, even stronger authentication is a must for the protection of the network. As we have seen in recent months, there have been many breaches which have a direct financial impact and also threaten the reputation of a corporate brand. This new threat presents a significant threat to company credibility if computers on their network are compromised and then used for illegal activity. Companies do not want their systems or machines to be used as part of an attack.

The SpyEye issue also raises new questions for financial institutions about how they authenticate online banking customers. As we have said in the past, there is a need for banks to implement stronger authentication processes on behalf of their customers, and the fact that SpyEye makes obtaining passwords even easier than before is further proof that two-factor authentication should be a minimum requirement for accessing any online banking portals. Until this is implemented by every major bank, or made mandatory by the FFIEC, then the users of such software will still be able to identify easy targets for their criminal activity.

Leave a Reply

Your email address will not be published. Required fields are marked *