A deluge of precisely targeted spam designed to harvest intellectual property from companies worldwide was launched on 26 June, security experts have revealed.
More than 500 e-mails were intercepted in a few hours by MessageLabs, a security firm which filters e-mail for around six million inboxes. The company would normally intercept an average of just 10 targeted e-mail attacks a day.
The e-mails were addressed to named senior executives, including their job titles, in companies which own high-value intellectual property.
In some cases, e-mails were even sent to named executives’ spouses or dependents in an attempt to compromise home computers.
“This is an attack in an entirely different league to generic virus or spam threats,” said Mark Sunner, chief security analyst at MessageLabs.
The e-mails had an attached Microsoft Word document containing embedded executable code.
When opened, the executable would activate a Trojan component to compromise the victim’s computer, enabling a remote party to download information.
Of the 500 e-mails intercepted by MessageLabs, 11% of the intended recipients were chief executives. Chief information officers accounted for 7% and chief financial officers 6%.
But the largest number, 29%, was aimed at chief investment officers, a role which would handle commercially sensitive information that could affect share prices, such as details of mergers and acquisitions.
This bias has led some security experts to speculate that the attack was related to stock market pump-and-dump spam activity which showed a considerable spike at the same time.
Targeted e-mail attacks have historically been launched against individuals in governments or very large organisations in government-related businesses, such as defence.
But the recent e-mail ‘smart bomb’ was aimed at a wider audience, including smaller companies in the pharmaceutical and aerospace industries.
This could be an attempt by criminal gangs to obtain intellectual property which they can sell to competitors.
But another theory is that the attack was a deliberate attempt, possibly by a country, to steal intellectual property as a short-cut for boosting home-grown businesses, or simply an attempt to destabilise unpopular regimes in developed nations.
Earlier this year, the Russian Federation was suspected of using botnets assembled by criminal gangs to launch cyber-attacks on Estonia.
Whereas the Estonia attacks were huge denial-of-service blitzes designed to knock over web servers by sheer brute force, targeted e-mail attacks can elude detection by conventional antivirus software and spam filters because conventional software is built to detect known malware code.
If the malware code is hand-crafted the security software will not perceive it as a threat, nor will it be economically viable for security firms to issue patches for such one-off threats.
The tools with which targeted e-mail attacks can be launched are now easily obtainable, according to Sunner.
A bespoke Trojan can be bought for $200 and upgraded for a further $50 if it fails to get through security software. A payment of $2,000 buys the equivalent of ‘technical support’ from one of the Trojan writers.
Personal details can be gleaned from social and business networking sites such as Facebook and Linked In which contain details of executives’ job titles, the scope of their job function, previous careers and even family information.
Subscribers 0
Fans 0
Followers 0
Followers