Software's Sublimation by Alex Goldman (bio )

Data's diffusion throughout business and into the cloud

Alex Goldman Blog | ADTRAN's new VoIP channel ecosystem »

Criminal organizations focus attacks

By Alex Goldman on March 26, 2009 5:02 PM

Organized crime is now able to target individual enterprises and to exploit weaknesses in any partner, Web site or application, well-known or obscure. Criminals are exploiting the dispersed nature of today's supply chains -- as well as social media and other online applications that may be able to traverse the enterprise firewall unscanned -- in order to target enterprises in a more granular manner than ever before. The news comes as even the most sophisticated of users are deemed vulnerable to the latest attack methods. InternetNews.com reported earlier this year that attackers are snaring even knowledgable victims by using legitimate Web sites and well-known social media.

Enterprises should be aware that these sophisticated attacks can be aimed at one business at a time. Paul Wood, senior analyst at Symantec's hosted e-mail security provider Messagelabs, said that criminals conduct reconnaissance before launching targeted attacks at specific businesses. "Some attacks rely on information about ourselves that we put on the Internet," he said. Criminals are looking for information as basic as what applications are used by their target, but the more they know about the target, the more weaknesses they can find.

For example, criminals might use knowledge of the supply chain to their advantage. "They target a weak link the supply chain. Perhaps a multinational is well defended but one of its suppliers is not well defended. We have seen things like that attempted," Wood said.

Enterprises need to be cautious in their online interactions with every organization. Even those that make no profits can be a target. Educational institutions, which are more open than enterprises, often posting their employees' names, e-mail addresses, and job titles on the Internet, are vulnerable. "Particularly vulnerable targets are educational institutions," wrote David Skoll, president and CEO of e-mail filtering company Roaring Penguin Software, to InternetNews.com. "Universities are a particularly attractive target because they tend to have not-very-locked-down IT policies, and also lots of bandwidth."

Attacks can be aimed at specific individuals in a company, or at every employee. "We've seen spam sent only to corporate CEOs," said Nilesh Bandhari, product manager at Cisco's security appliance subsidiary Ironport Systems. "We also see the exact same message sent to a couple of hundred people at the same organization."

"We're looking at maybe one or two individuals targeted with these attacks," said Wood. "We don't know what's behind it but we make sure that the organization is aware that we're blocking it for them so they can investigate."

The Internet contains more information about employees than ever before. "In the new medium of Web 2.0, particularly social networking and micro blogging, we do not see the same trust relationships that you have in the workplace," said Wood. "You might share interests but never meet but become part of someone's personal network. They could become targets because the bad guys can use them to gain access to your network of contacts and then send messages from you that pass the trust test on recipients. For example, they could pretend to be someone trapped in another country and in need of assistance."

As my former colleague Richard Adkhari wrote in his blog, friending everyone is a dangerous thing.

Collaboration tools can also be exploited. "The increased availability of multimedia sharing, including calendars, documents, and spreadsheets, makes it easier for the bad guys," said MessageLabs' Wood.

Permalink | Comments (0) | TrackBacks (0) | Share