Press Release
Release Date:
December 19, 2005
Cyveillance Eliminates New "Spear Phishing" Attack Against Credit Union Employees
Immediate verification and eradication of threat protects
credit unions nationwide
ARLINGTON, Virginia, December 19, 2005 – Cyveillance, the leading provider of online risk monitoring and management solutions, today announced the verification of a new “spear phishing” attack targeted towards financial institutions and credit union executives. The attack was identified by the Credit Union Information Security Professionals Association (CUISPA) and the site was taken down in under 5 hours utilizing the Cyveillance closed-loop anti-phishing solution.
"Spear phishing" refers to a targeted attack to a specific profile; in this case, a deceptive email was directed to credit union executives. The message, appearing to be a legitimate business request from another financial services professional, lures the victim to a website that would automatically and transparently download malicious software to the victim's computer.
“Our association is dedicated to improving information security practices for credit unions through cooperation. This new hacker threat targeted at financial institutions caused great concern and required instant action,” said Kelly Dowell, executive director of CUISPA. “With the assistance of Cyveillance we were able to verify this new and deceptive attack and immediately eliminate it to protect the credit union community.”
A link in the email brings the recipient to a web site, which then downloads a Trojan virus "Bloodhound.Exploit.54.” as defined by Symantec. The recipient unknowingly activates a program designed to exploit a flaw in Microsoft Internet Explorer. By exploiting the flaw, the attacker steals the log-on privileges of the user and can then use the machine to perform a denial-of-service attack or execute other malicious code remotely. Usually this occurs without any knowledge on the part of the victim.
“Over this past year, we are seeing more targeted attacks that profile a specific group with tailored scams designed to inflict great harm to the recipients, and we expect that the threats will continue to become more sophisticated and more frequent,” said James Brooks, senior product manager for Cyveillance. “Education and awareness are critical components to protecting employees and company assets against the evolving threats on the Internet.”
Cyveillance and CUISPA urge the industry to continue to responsibly alert the community of suspicious activity for increased education, awareness and protection.
About CUISPA
CUISPA is an association of credit union IT professionals dedicated to improving information security practices through cooperation. CUISPA is creating valuable resources for its members and the CU industry to improve the effectiveness, efficiency and affordability of managing IT security and compliance risks.
About Cyveillance
Cyveillance provides online risk monitoring and management solutions to Global 2000 organizations. The company comprehensively monitors the Internet using patented technology to deliver early warning of risks to information, infrastructure and individuals. Armed with this actionable intelligence and Cyveillance’s immediate corrective response capability, chief security officers can proactively protect their company’s reputation, revenues and customer trust. Cyveillance counts over half of the Fortune 50 and three quarters of the top Fortune 500 companies in the financial services, pharmaceutical, energy, and technology industries as clients.