Authentication attacks are on the rise. This is evidenced by the recent attacks on JP Morgan Chase. Researchers at Proofpoint have dubbed this attack on JP Morgan Chase as “Smash & Grab”. Not only did the phishing pages requesting credentials (old stuff!), they were actively delivering an exploit kit (RIG)to the visitors (if their scan identifies vulnerabilities in MS Internet Explorer, Silvelight or Adobe Flash). Submitting the credentials (duh?) to the phishing site would also result in a fake Java update that is actually banking malware (the Dyre banking trojan that attempts to steal banking credentials). How’s that for a triple whammy?
Humans, it turns out, are still the weakest link in the security chain. How do organizations deal with this type of a risk? Effective security awareness and training, in addition to other technology based solutions like multi-factor (or at least two) authentication, out-of-band- communications etc.
Contact us if you need help in developing and implementing an effective security program.