The financial sector has long been heavily targeted by cybercriminals. Over the years, the number of attacks that involved extortion, social engineering, and credential-stealing malware has surged rapidly. This means that financial institutions should strive to familiarize themselves with the threats and the agents behind them. Here are seven new threats and tactics, techniques, and procedures that security professionals should know about.

Extortion
Distributed denial of service (DDoS) attacks, which are typically delivered from massive botnets of zombie computers or internet of things (IoT) devices, have been used to bring down banking networks. This occurs when a targeted server or system is overwhelmed by multiple compromised networks. It’s essentially like a traffic jam clogging up the highway, preventing regular traffic from arriving at its intended destination.

Some cybercriminals are relentless with DDoS attacks and follow them up with cyberextortion, demanding payment in return for release from costly downtime. Banks cannot defend against these attacks alone, so they rapidly share information among themselves through organizations such as FS-ISAC4 and rely upon the ability of their internet service provider to handle and redirect massive quantities of traffic.

Social media attacks
This happens when fraudsters use fake profiles to gather information for social engineering purposes. Thankfully, with new regulations such as the General Data Protection Regulation (GDPR), big companies like Facebook and Twitter have significantly enhanced their security and privacy policy with regards to their data handling practices. The unprecedented reach of social media is something companies cannot afford to ignore because of the possible implications a data breach can have on businesses.

Spear phishing
Spear phishing is an attack where cybercriminals send out targeted emails ostensibly from a known or trusted sender in order to trick the recipient into giving out confidential information. Over the years, hackers have upped their game and cast a bigger net, targeting unwitting employees to wire money. This attack is called business email compromise (BEC), where a fraudster will purport to be a CEO or CFO and request for large money transfers to bogus accounts.

Point-of-sale (PoS) malware
PoS malware targets PoS terminals to steal customer payment (especially credit card) data from retail checkout systems. Cybercriminals use a memory scraper that operates by instantly detecting unencrypted type 2 credit card data, which is then sent to the attacker’s computer to be sold on underground sites.

ATM malware
GreenDispenser is an ATM-specific malware that infects ATMs and allows criminals to extract large sums of money while avoiding detection. Recently, reverse ATM attacks have also emerged. Here, PoS terminals are compromised and money mules reverse transactions after money is withdrawn or sent to another bank account. In October 2015, issuers were mandated to shift to EMV or Chip-and-PIN system to address the weakness of the previous payment system.

Credential theft
Dridex, a well-known credential-stealing software, is a banking Trojan that is generally distributed through phishing emails. It infects computers, steal credentials, and obtain money from victims’ bank accounts.

Other sophisticated threats
Various data breach methods can be combined to extract data on a bigger scale. Targeting multiple geographies and sectors at once, this method normally involves an organized crime syndicate or someone with a highly sophisticated setup. For example, the group Carbanak primarily targeted financial institutions by infiltrating internal networks and installing software that would drain ATMs of cash.

Additionally, with the rise of cryptocurrency, cybercriminals are utilizing cryptojacking, a method that involves the secret use of devices to mine cryptocurrency.

The creation of defensive measures requires extensive knowledge of the lurking threats, and our team of experts is up to date on the latest security information. If you have any questions, feel free to contact us to find out more about TTPs and other weapons in the hacker’s toolbox.

The post Cyberthreats and the finance sector appeared first on TechSolutions, Inc..

If genie lamps were out of stock before you could place an order for one, the next best thing to manage and grow your small- and medium-sized business lies in CRM. Short for customer relationship management, a real difference is possible, with the right software of course. With the numerous options out there, finding the most suitable one is like walking into a maze without a flashlight or GPS. We spared you the trouble and rounded up the best CRM software options for 2016:

Since every business differs in terms of size, there is no one-size-fits-all when it comes to CRM. Thus, varying corporate sizes require unique CRM software that best addresses requirements. We’ll be taking a look at ideal CRM software options for the following categories: businesses in general, very small businesses and ones that are free.

Best CRM Software for Small Businesses: Salesforce

Salesforce has long been considered one of the top-tier CRM solutions, mainly due to its cloud-based nature coupled with full-featured capabilities that cater to businesses of every size. Typically, Salesforce is synonymous with larger enterprises, but that doesn’t mean small- and medium-sized businesses are denied the same perks. Enter Salesforce’s small business edition: with it, SMBs can utilize the robust set of CRM tools at an affordable rate.

Salesforce Small Business Solutions offer packages that are tailor-made for small businesses. With it you’ll be able to fully utilize all that Salesforce has to offer. In order for your company to really thrive, your CRM should be equipped with features such as lead generation, contact and opportunity management, sales forecasting, workflow automation as well as collaborative tools — all of which can be found in Salesforce. Also, the software is cloud-based, meaning that you can access data and files anywhere at anytime via mobile devices.

Best CRM Software for Very Small Businesses: Insightly

Underneath its simple and navigable facade lies a CRM software that is abundant with capabilities, all of which fit the bill for microbusinesses. Aside from the fact that it has the vital components small businesses really look for in CRM software, it’s also highly scalable to accommodate the growth of your company. Furthermore, Insightly is currently one of the more affordable CRM solutions on the market; there’s even a free version if you wish to test the waters. There are also paid plans available at a fraction of the price when compared with other CRM software solutions.

Even with the free version or paid plans that start at $12, Insightly doesn’t compromise utility with affordability. It comes equipped with all the vital CRM capabilities any microbusiness would need. This includes detailed sales reports, opportunity, contact and project management as well. It’s also scalable to meet the needs of your business as it grows. To top it all off, it’s a cloud-based CRM software allowing you to access data anywhere at anytime via Internet-enabled mobile devices.

Best Free CRM Software: Zoho CRM

Not having to pay for Zoho doesn’t necessarily mean it won’t deliver the necessary capabilities required from CRM software. Zoho CRM provides your business with all the core functions it needs. Moreover, it allows you to onboard up ten users for free. Courtesy of Zoho CRM’s mobile app, you’ll be able be access data regardless of time or location. Here are some of the other features that the free version of Zoho CRM has to offer:

• 360-view – all the vital information is stored and displayed, allowing you to make the best business decisions. This includes contacts, sale cycles, pipelines, and discover trends. It also helps you identify opportunities.
• Automation – spend less time dealing with mundane tasks by automating tasks such as lead generation, contact management, calendars and even call logs.
• Collaboration – Zoho CRM doubles as a social media platform integrating with Twitter and Facebook to link contacts to their social media accounts. This allows you to see their updates as well as the interactions you’ve had on social media right from your dashboard.
• Analytics – you can track sales as well as measure both business and employee performance via a range of reporting capabilities.
• Security – with Zoho CRM, you are given full control over who can do what with the software. Besides creating individual user profiles, you can assign roles and even restrict access.

Unlike farms, the main component to a company’s growth isn’t fertilizer and sunshine. Instead, it’s competent CRM software that allows your business to reach its full potential. If you have any questions on customer relationship management software, feel free to get in touch with us. We’re more than happy to not only provide answers but also be part of your success.

The post Best CRM Software Options for 2016 appeared first on TechSolutions, Inc..

The financial services industry has long been a heavily targeted sector by cyber criminals. The number of attacks that involved extortion, social-engineering and credential-stealing malware surged in 2015. This means that these institutions should strive to familiarize themselves with the threats and the agents behind them. Here are 7 new threats and tactics, techniques and procedures (TTP’s) that security professionals should know about.

Extortion

The cyber criminal Armada Collective gained notoriety for being the first to utilize distributed denial-of-service (DDoS) attacks. This occurs when multiple systems flood a targeted system to temporarily or completely disrupt service. They evolved the idea further and started to extort Bitcoins from victims who were initially notified of their vulnerability. If they didn’t comply with the ransom demands of the criminals, they would flood their systems until the victim’s network would shut down completely.

Social media attacks

This involved criminals using fake profiles to gather information for social engineering purposes. Fortunately, both Facebook and Twitter began to proactively monitoring for suspicious activity and started notifying users if they had been targeted by the end of 2015. However, you should still have your guard up when someone you don’t know, or even a friend or colleague, starts asking you suspicious questions.

Spear phishing

Phishers thrive off familiarity. They send out emails that seem to come from a business or someone that you know asking for credit card/bank account numbers. In 2015, phishers went to the next level and began whaling. This normally involved spoofing executives’ emails (often CEO’s) to dupe the finance departments to transfer large sums of money to fraudulent accounts.

Point-of-sale malware

POS malware is written to steal customer payment (especially credit card) data from retail checkout systems. They are a type of memory scraper that operates by instantly detecting unencrypted type 2 credit card data and is then sent to the attacker’s computer to be sold on underground sites.

ATM malware

GreenDispenser is an ATM-specific malware that infects ATM’s and allows criminals to extract large sums of money while avoiding detection. Recently reverse ATM attacks have also emerged, this is when compromised POS terminals and money mules to reverse transactions after money being withdrawn or sent to another bank account.

Credential theft

Dridex, a well known credential-stealing software, is a multifunctional malware package that leverages obfuscated macros in Microsoft Office and extensible markup language files to infect systems. The goal is to infect computers, steal credentials, and obtain money from victims’ bank accounts. It operates primarily as a banking Trojan where it is generally distributed through phishing email messages.

Other sophisticated threats

Various TTP’s can be combined to extracted data on a bigger scale. Targeting multiple geographies and sectors at once, this method normally involves an organized crime syndicate or someone with a highly sophisticated setup. For example, the group Carbanak primarily targeted financial institutions by infiltrating internal networks and installing software that would drain ATM’s of cash.

The creation of defensive measures requires extensive knowledge of the lurking threats and our team of experts is up-to-date on the latest security information. If you have any questions, feel free to contact us to find out more about TTP’s and other weapons in the hacker’s toolbox.

The post Cyber threats and the finance sector appeared first on TechSolutions, Inc..