The Latest Malware Threats and How to Respond

Malware developers never rest — it’s a 24/7, global industry dedicated to stealing funds from the bank accounts of unsuspecting companies and individuals. One of the latest malware threats is GozNym, a hybrid malware that infiltrates computers as a “Trojan horse,” infects browsers, waits for the user to do online banking and steals credentials. GozNym is thought to be backed by organized crime.

Unsuspecting business computer users can unleash malware in various ways: by opening email attachments that release a virus, clicking on a link that leads to a malicious website, or inadvertently “un-patching” a computer of the software fixes that are designed to keep bugs out. Even email from a trusted sender should be viewed with a certain amount of skepticism if something seems amiss, as sender accounts can be hacked and hijacked for nefarious purposes.

Best Practices

To protect your organization against malware threats, especially those affecting your financial transactions, consider these best practices:

• Educate employees – It’s important to keep employees aware of the latest threats. Malware can be in links or attached to photos, PDF files and Microsoft documents, and emails from unknown parties may be “phishing” to gain information or access to sensitive data. If an employee does not recognize the sender, the file and attachments should not be opened. Remind employees that secure websites have a browser address that begins with “https” instead of “http.”
• Download Trusteer Rapport – Fifth Third Bank clients can download Trusteer Rapport security software for free from the bank’s website at https://banking.53.com/privacy-security/trusteer-rapport.html. This endpoint detection and response technology works with your existing anti-virus and firewall software to detect malware intrusions, and quickly maps and hunts down the threat — all while protecting the computer’s browser and sensitive information.
• Patch on a timely basis – Patches are software updates that help reduce a computer’s vulnerability to malware. Many employees don’t take the time to do software updates, which leaves their computers susceptible to attack. Establishing software update policies and automating the process of patches can go a long way toward staving off malicious attacks.
• Dual controls for payments – Payments fraud risk can be significantly reduced by initiating dual controls that require a second reviewer and approver for financial transactions. This two-step approach separates the responsibilities of payment initiation from payment approval and can be established for both online payments and checks.
• Strengthen authentication procedures – Many companies add layers of security for access to bank services and strengthen their authentication procedures, such as requiring PINs or answers to challenge questions in addition to login passwords. These procedures can significantly reduce the risk of unauthorized access to accounts and data.
• Change passwords often – Set your company’s systems to require periodic re-setting of passwords. This practice thwarts fraudsters who collect sensitive information via malware and then wait to use it.
• Limit device use – Many companies prohibit financial transactions from being conducted on an employee’s own personal computer or tablet, which may have greater exposure to malware and spyware.