Security Expert Warns That Banking Trojans Could Be Silent Killer For Small Businesses

Share Article

Sophisticated Cyber Attack Can be Financially Devastating For Unprotected Small Firms

Think Security First, the national awareness and education program created to protect America's small businesses from cybercrime and identity theft, today warned all small businesses to be alert to a growing and sophisticated cyber threat that could jeopardize the financial viability of businesses that fall victim.

Financial institutions and law enforcement in the United States and Europe recently warned of a spike in attacks on small businesses by organized cyber gangs using increasingly advanced malware. The attacks typically take the form of hijacking and then emptying the victim's bank account, using logins and passwords stolen from the victim's computer through the installation of sophisticated banking Trojans.

The thieves can quickly empty the victim's business accounts before being discovered, leaving the victim business with little recourse. Because business accounts don't have the same zero liability protection as consumer accounts, victims are rarely compensated by their banks.

The resulting loss could be too much for smaller businesses to recover from, which makes this attack one of the most serious and dangerous cyber threats ever faced by the small business community and one that requires immediate attention and vigilance on the part of small businesses.

"This is a game changer for small business security, and the most serious security threat in a decade," warned Neal O'Farrell, founder of Think Security First and a 30-year veteran of the security industry. "Banker Trojans could be a silent killer for many small businesses because they're hard to prevent, hard to detect, and can quickly empty the only funds a small business has access to."

Recent reports show that nearly a third of small businesses don't even have basic virus protection, and more than half don't provide any security awareness training to employees. This presents an easy opportunity for Trojans and other exploits, according to Andy Purdy, the nation's former Cyber Security Czar and now Co-Director of the International Cyber Center at George Mason University. "Smart security practices, strong malware protection, and constant user vigilance and awareness are key to avoiding cyber threats like this," said Mr. Purdy. "The millions of small businesses that apparently don't have these most basic of defenses could be leaving themselves, their employees, and their customers highly exposed."

Professional cyber gangs are now targeting smaller businesses because they are one of the most fertile hunting grounds, according to Don Jackson, Director of Threat Intelligence for security firm SecureWorks and the security expert who discovered the original Zeus banking Trojan. "You're not going to see it happen. And it will happen eventually," said Mr. Jackson.

There are a number of steps Think Security First recommends small business owners should take immediately:

  •     Scan all business and home computers, using either existing anti-virus software or using any of the free scanning services listed on our web site at
  •     Layer every computer with the best virus and spyware protection available and update it constantly.
  •     Patch your computer constantly and make sure your computer settings are configured to automatically download and install patches as soon as they become available.
  •     Avoid opening email attachments or clicking on links in emails unless you're able to verify the email is legitimate, and be careful about visiting web sites you're not familiar with.
  •     Teach all employees to be especially vigilant for phishing schemes and to watch out for unusual or personalized emails with attachments or links that are not familiar, and to be especially wary of Trojan-carrying spam.
  •     Set up account alerts with your bank or credit union to notify you of any transactions or changes in account balances, and to prevent or alert you to unauthorized transfers.
  •     Spread your funds between a number of accounts and limit the number of users on each account.
  •     Change your account passwords regularly, make them tough to guess and protect them well.
  •     Be vigilant when visiting your bank login page, especially for any changes to the login procedure or requests for additional information.
  •     Back up your data daily, because many Trojans will disable a computer after the attack to hide their tracks and buy time.
  •     Consider using just one computer for online banking, and make sure that computer is highly secure and is never used for email, surfing, online shopping or any other internet connected activity.

Think Security First has provided detailed information on its web site at, including simple steps small business owners can take today to avoid being victimized.

The site also has links to free and safe services that will help you check for any Trojans already hiding on your computer.

About Think Security First

Think Security First is a non-profit campaign devoted to educating America's small business owners about the need to make cyber security a business priority. Founded in 2003 in Walnut Creek California, the nation's first Cyber Secure City, Think Security First provides free training, support, and counseling to small businesses on all aspects of cyber security and identity theft. Think Security First was founded by Neal O'Farrell, who has spent nearly thirty years as a small business owner and security advocate, and is sponsored by Microsoft, PayPal, F-Secure, SonicWALL, Mozy, and Panda Security. For more information visit


Share article on social media or email:

View article via:

Pdf Print

Contact Author

Neal OFarrell
Visit website