[Dataloss] [Fwd: Bank Technology News Intelligencer: Warn Your Execs: Whalers Targeting Bank CEOs ]
Arshad Noor
arshad.noor at strongauth.com
Thu Jun 5 16:56:24 UTC 2008
Fascinating attack at a number of levels:
1) The attacker installs a new Trusted Root CA certificate on the
victims' computer;
2) Steals Client-Certificates (and presumably, Private Keys stored
in files) in addition to stored passwords and account information;
3) Targets only CxOs;
Attackers appear to be moving at warp-speed in exploiting weaknesses
in technology and business processes, while corporations are still
stuck trying to get into third - perhaps even second - gear despite
real solutions staring them in the face. Pathetic.
Arshad Noor
StrongAuth, Inc.
------------------------------------------------------------------------
<http://www.americanbanker.com/btn_article.html?id=20080604332OVKTM&email=y>
Security researchers at SecureWorks are warning about the latest spear
phish-now more catchily-called whaling, because of the big-fish nature
of its targets-that is targeting CEOs and other senior financial
services executives.
More information about the Dataloss
mailing list