An article on WashingtonPost.com explains how a security flaw in Powerpoint has enabled hackers to infiltrate companies and retrieve vital information in a specific espionage case. It seems that the criminals using this hole in Microsoft PowerPoint wait until Microsoft have just released their security updates, and this is becoming a trend. In the wake of new updates they launch their attacks knowing full well that updates have not dealt with the flaw they have identified !
Andreas Marx of AV-Test.org notes that hackers appear to be surfacing with new exploits just days after Microsoft's monthly Patch Tuesday cycle has passed, possibly to have more time to exploit vulnerable systems before Redmond issues its next round of updates.
Attacks like this and phishing techniques are well thought-out and often extremely complex operations that require skills that even some of the top computer companies would rather have in-house than having to battle against them. A recent MITM (Man in the Middle) attack against Citibank, rather Citibank customers, used an extremely sophisticated system that could easily fool savvy IT folks ! This attack is also explained in detail in washingtonpost.com's Security Fix section.
Banks are now faced with traditional scams and the new extremely sophisticated cyber-scams like the above phishing techniques.
It's a good idea to remember that banks will (should) never request your pin code over the internet and checking the domain name is a good idea. In the above example the domain name used was "citibank.com.tufel-club.ru" and not "citibank.com".
Leave a Reply