Probably the biggest information security news today is the Wall Street Journal report claiming that the FBI is investiaging a data security breach that targeted Citigroup’s Citibank subsidiary.

The WSJ claims the attack was detected over the summer of 2009, but Citigroup’s managing director of security and investigative services claims that there was no breach of Citi’s systems and that there were no losses. He also denied that the FBI was working on a case involving Citigroup and “tens of millions of losses.”

The Wall Street Journal article asserts that the alleged hack may have been perpetrated by the “Russian Business Network” cyber gang.

WSJ is a subscription service, so some content is subscriber only, but you may be able to read the full article at the following URL:’s_Most_Popular

It’ll be interesting to see how this story develops. Whether or not an actual Russian cyber gang masterminded hack and subsequent losses at Citibank, banks and other financial institutions are (for obvious reasons) prime targets for cyber attacks. And online banking customers are similarly targeted by attacks (such as phishing attempts and blended threats), many of which use spam email as the primary or initial attack vector.

The reports of this supposed attack at Citi reminded me of an excellent resource that I’ve been wanting to share with Proofpoint Email Security Blog readers: Bank Info Security is an outstanding online publication that covers all types of security risks faced by financial institutions including email and web security, botnets, ATM fraud and a lot more.

This publication is always an eye-opening read and is an invaluable resource even to IT security types in any industry. Well worth checking out! For example, one of the most interesting articles recently is:

Top 8 Security Threats of 2010

Financial Institutions Face Risks from Organized Crime, SQL Injection and Other Major Attacks
December 21, 2009 – Linda McGlasson, Managing Editor

Bank Info Security lists the top risks as:

  1. Organized crime targeting financial institutions
    2. Assaults on authentication
    3. Increasing varieties of malware and increasing infection rates of PCs
    4. The return of telephone-based fraud
    5. Increased threats from insiders
    6. Mobile banking attacks
    7. Attacks that leverage Web 2.0 and popular social media sites
    8. SQL injection attacks (this is the type of attack that seems to have caused the infamous breach at Heartland Payment Systems)

As you can see, most of these threats are things that IT security professionals in any industry should know about, so do add Bank Info Security to your list of “must read” IT publications.

For consumers scared witless by all of the many ways their data can be compromised, it’s worth reiterating here Proofpoint’s “Seven Simple Rules for Staying Safe Online” during the busy holiday season, or any time of year. My previous blog post has tips for keeping safe. Check it out at the link below: