News

E-Mail Attackers Target Corporate Execs

During a two-hour period on June 24, something unusual and a bit worrying turned up in e-mail security firm MessageLabs Inc.'s filters: 514 messages tailored to senior executives of corporate clients that contained malicious programs designed to steal sensitive company data.

On Sept. 12 and 13 it happened again, but this time the firm captured 1,100 messages in a 16-hour wave. The messages, which included executives' names and titles, were from a purported employment service and offered attachments supposedly containing information on potential job candidates.

The attachments were Microsoft Word documents -- a common file type erroneously believed to be safe by most computer users -- that if not intercepted would have deposited Trojan horses, or malicious programs disguised as benign ones, onto targeted computers.

The two e-mail bursts point to a new and sophisticated take on an old-style attack with troubling implications for corporations, MessageLabs says.

In the past, most e-mail attacks of this kind have been comparably simple "phishing" scams sent to masses of consumers with the goal of inducing them to part with their financial-account information. A small number of targeted attacks have been seen by security firms, but they typically targeted individuals in government or the military.

These new attacks, however, suggested a fairly low-tech e-mail scheme could begin to create a high-class problem for significant numbers companies, one in which valuable data are at risk and foolproof technical defenses are challenging.

MessageLabs says that it has been intercepting targeted e-mail attacks on corporate clients for at least three years but that the numbers began to track up significantly only over the last year. The firm was catching one message a day as of the end of 2006. That number rose to about 10 a day by May and then jumped dramatically with the June and September attacks. Both of those incidents targeted executives in a wide range of industries.

"All of a sudden somebody new hit the scene," said Mark Sunner, MessageLabs' chief security analyst. Who that was isn't clear because technical tricks disguised the e-mails' origin, he said. But it's likely the person or group responsible came from the digital underground centered in Eastern Europe, where malicious-program writers and organized crime have long worked hand-in-hand online to steal and sell data for use in fraud schemes.

The newcomers appear to be after corporate secrets, he said. They have sought, specifically, to infiltrate the computers of chief executives, chief financial officers, chief technology officers and other senior managers -- and on occasion their assistants. And the Trojan horses were primarily designed to help the attacker gather Microsoft Office files from the "My Documents" directory of infiltrated PCs.

The people targeted "are the custodians of the company's secrets," Sunner said, and have computers full of juicy spreadsheets, financial reports, merger details and trade secrets.

"Why would somebody be targeting a CEO?" asks Scott O'Neal, chief of the Federal Bureau of Investigation's cyber-intrusion section. "It may be to steal intellectual property, it may be corporate espionage, it may be to get into the database."

Attacks of this kind have become much simpler, O'Neal said. "The how-to tutorials out there are getting better and better. And people need less and less technical skills." But unfortunately, few are reported to law enforcement because companies fear an investigation will disrupt their businesses and result in unwanted publicity. Such fears are unfounded, he said. The agency is careful not to be disruptive and maintains strict confidentiality.

In the recent attacks seen by MessageLabs, the attackers tried to improve the chances executives would open the Trojan-laced attachments by referencing bogus business matters and including personal details, such as name and title, which suggests the attackers spent time researching their targets.

Featured

  • Microsoft Starting To Roll Out New Excel Connected Data Types

    Microsoft on Thursday announced some Excel and Power BI enhancements that add "connected data types" on top of the standard strings and numbers options.

  • Windows 10 Users Getting New Process for Finding Optional Driver Updates

    Accessing Windows 10 drivers classified as "optional updates" will be more of a manual seek-and-install type of experience, starting on Nov. 5, 2020, Microsoft explained in a Wednesday announcement.

  • Microsoft Changes Privacy Platform Name to SmartNoise

    Microsoft Research has changed the name of its "differential privacy" platform from "WhiteNoise" to "SmartNoise," according to a Wednesday announcement.

  • Why Restarting a Failed SCVMM Job Might Be a Bad Idea

    Occasionally, restarting a failed System Center Virtual Machine Manager job can leave your virtualization infrastructure in an unknown state. Here's how to avoid that.

comments powered by Disqus