Makes purchase of Cyber Liability insurance a No-brainer
Security analysts anticipate a surge in SpyEye attacks. “Every level of criminal, from the lowest to the highest rungs, can now use one of the deadliest Swiss Army knife hacking toolkits in the world,” say Sean Bodmer, senior threat intelligence analyst at Damballa, a network security firm.
What’s at stake
Using SpyEye, a criminal can issue commands to networks of thousands of bots. SpyEye-run botnets have proved to be unstoppable. Criminals use them to deliver spam scams, conduct hacktivist attacks and booby-trap legitimate websites with infections that create more bots. What’s more, SpyEye may be best known for enabling thieves to orchestrate the systematic siphoning of cash from the online banking accounts of consumers and small organizations. Trusteer, a transactions security firm, has documented SpyEye-orchestrated banking account heists in action while it:
- waits for the account holders to log into their online banking accounts;
- collects the user’s balance figure and determines whether the account is ripe for theft;
- invisibly initiates money transfers;
- transfers funds into a mule account set up and controlled by the thief to receive cash transfers;
- erases any evidence of fraudulent transfers;
- adds the stolen amounts back to the official account balances as if nothing is amiss.
Skilled hackers quickly created simple programs to access full versions of SpyEye and began selling them for about $100, according to Bodmer. The emergence of this new, cheap spy software could be the tipping point that finally convinces most small businesses with websites of the need to purchase Cyber Liability insurance.
Source: Spy Eye hacker toolkit to lead surge in cyber attacks, USA Today, August 22, 2011,