Digital Video Recorder Infects Bank, Customers
When it comes to network security, overlooking even the smallest detail can be costly.
One credit union learned that lesson the hard way after its network was compromised by something seemingly benign: a digital video recorder (DVR).
The credit union, whose name was not disclosed, was so oblivious to security threats that it posted a warning to customers on its site to let them know they might be targeted by cybercriminals, unaware that its own network was the one infecting clients with a banking Trojan the entire time.
NorseCorp, a St. Louis-based security intelligence firm hired by the credit union, informed the credit union that its system was the one infecting customers, opening up security backdoors and making it possible for criminals to target them.
Stiansen said the infected DVR, an item of seemingly little significance when it comes to network security, had no firewall protection and was likely overlooked by the bank's IT department when it came to shoring up security.
In this particular case, the credit union was infecting its customers with a variant of the Zeus banking Trojan.
Using corrupted websites or email messages, Zeus infects machines and waits for customers to enter their banking login credentials in order to commit theft.
This latest security breach is indicative of the challenges security teams and consumers face as all aspects of our life become increasingly networked and reliant on computers.
"It's scary, but that's the state of technology today," Stiansen said.
Follow Ben on Twitter @benkwx.