December 08th, 2008

more

January 06th, 2009

more

more

more

more

more

more

more

more

December 28th, 2005

New breed of cyberattack takes aim at sensitive data

A new breed of targeted digital attack designed to filch sensitive data from computers at businesses and government agencies has emerged as the latest cyberthreat, tech security experts say.

Organized crime groups in Eastern Europe and Asia are behind the attacks, which spy on the PCs of employees with access to highly sensitive data so they can rip off bank account numbers, credit card numbers and other information, says Phillip Zakas, CEO of computer-security firm Intelli7.

The targeted e-mails — launched through e-mail attachments containing malicious code — often appear to come from business associates and are hard to spot, he says. When opened, the attachment installs a small program on the victim's PC that downloads more malicious code and copies sensitive data.

'These new attacks are corporate espionage,' says Patrick Hinojosa, chief technology officer at Panda Software, which is releasing products next month designed to detect targeted attacks. Symantec and McAfee also are incorporating new features in their security products to spot targeted attacks.

In Israel, corporate spies this year implanted malicious code on the PCs of executives to swipe information. I.M.C., a high-tech company that supplies the military, and Hot, a major cable-television concern, were among the victims, Israeli prosecutors say.

Meanwhile, in November and December, e-mail containing suspicious code was sent to seven research-and-development employees at a U.S. transportation company, says e-mail security firm MessageLabs, which discovered the attempted attacks.

The twist in attacks illustrates efforts by crooks to get at information through key insiders rather than scattershot with thousands of e-mails, says Neil MacDonald, security analyst at Gartner.

Cybercrooks have narrowed their targets because of the effectiveness of computer-security software and hardware in tracing broader virus attacks. There have been 12 significant virus attacks in 2005, compared with 46 in 2004, according to McAfee.

'People are a lot more aware about computer security,' says Joe Telafici, director of malware research at McAfee. 'There is less of an opportunity for the bad guys.'

Larger attacks are typically designed to spread spam and viruses across large numbers of people. 'Most companies think they're OK because their security systems block large-scale attacks,' says Alex Shipp, who designs e-mail security products at MessageLabs. 'But they may have already been hit by narrow attacks and don't know it.'

Hard data are hard to come by, but MessageLabs says it came across 15 targeted attacks in November, compared with 15 the previous two months. 'Tracking this stuff is like counting icebergs: The bulk are underwater,' MacDonald says. He estimates the potential financial damage caused by targeted attacks will grow five times faster than a typical, widespread virus attack.

---

DONATION: Keylogger.org is an independent research project supported by a team of enthusiasts. If you find this project useful or would like to help foster its continued development please consider making a donation using PayPal`s online secure payment service.

A PayPal account is not required. All major credit cards are accepted (MasterCard/Eurocard, Visa/Delta/Electron, American Express, Switch/Maestro, Solo). Simply click the button below.

Any amount would be useful and appreciated!

Thanks in advance for your support!