Panda Security today announced the findings from its multi-year security assessment of business services for U.S. immigrants. These multiservice businesses, primarily used by U.S. immigrants to send money back to their home countries, also known as remittances, were analyzed by Panda Security and were found to be severely lacking in security measures and at extremely high risk for cybercriminal activity such as illegal interception of money wire transfers, as well as credit card and identity fraud. You can obtain a free copy of the entire report and findings from Panda Security's multi-year study by contacting CriticalAlert@us.pandasecurity.com.
According to U.S. Immigration Support, it is estimated that worldwide remittances amount to more than $126 billion and have become a considerable force in the economy of many countries. Last year alone, Mexico received more than $17 billion in remittances through U.S.-based workers, the highest of all countries. Since these offices cater to the immigrant population, they are primarily located in geographic regions that contain a high concentration of Hispanic workers. Panda Security's multi-year assessment focused on the greater Los Angeles, Calif. and Las Vegas, Nev. regions and encompassed an observation of over 300 locations and approximately 1500 computers, representing an estimated 0.45 percent of all multiservice businesses nationwide. Panda Security was granted access at each site and conducted assessments, interviews with the business owners, and an investigation of the network security measures in place within each operation.
The Findings and Threats
The results are alarming and deduce that these businesses, numbering approximately 66,000 in the U.S. alone, are at very high risk for cybercrime security breaches and theft. Surprisingly, the computers present in these offices are typically consumer grade Dell personal computers with very few enhancements or software additions. In repeated visits over the past two years, Panda Security consistently found that trial antivirus software on these machines had long since expired and any kind of proactive security measure was viewed as an unnecessary business expense. At least 30 percent of the 1,500 computers directly observed had outdated antivirus software and an alarming 60 percent were actively infected.
In addition, employees at these businesses are frequently minimum wage young adults who spend time chatting, using peer-to-peer networks and visiting chat sites on the very same computers that store sensitive data such as social security numbers, DMV records, tax records and credit card information. This combination of lack of maintenance, low security consciousness and end user behavior result in highly vulnerable systems that are very easy for cybercriminals to infiltrate.
Since approximately 80 percent of the machines studied are being used for remittances and money transfer to immigrants' home countries, analysis of the security assessments conducted over a two year period found that each network computer is at extremely high risk for cybercriminal activity. All of these risk exposures significantly increase the probability for criminals to successfully intercept authorized remittances to beneficiaries in Mexico via the following tactics:
"By targeting businesses geared towards immigrants' needs, cybercriminals are picking an easy target and taking advantage of computer systems that have little to no barriers to entry," said Carlos Zevallos, security evangelist and lead researcher of this project. "The lack of education on the part of these business owners coupled with the sheer vulnerability of their networks is creating the biggest potential in cybercriminal gain we've seen yet. If security measures aren't put in place immediately on these networks, we as a country could stand to lose millions of additional dollars due to cybercrime activity."
Preventing and Protecting
For all businesses geared towards U.S. immigrants whose systems are vulnerable to attack, Panda Security recommends the following protocol:
Panda Security is offering complimentary security consultation and certification for businesses in need of assistance. For businesses affected by these security problems (this includes check cashing and money transfer locations), please visit our Web site to receive assistance from the Panda Security Critical Situation Line. In addition businesses can scan and disinfect their PCs for free with Panda ActiveScan 2.0.