News

E-Mail Attackers Target Corporate Execs

During a two-hour period on June 24, something unusual and a bit worrying turned up in e-mail security firm MessageLabs Inc.'s filters: 514 messages tailored to senior executives of corporate clients that contained malicious programs designed to steal sensitive company data.

On Sept. 12 and 13 it happened again, but this time the firm captured 1,100 messages in a 16-hour wave. The messages, which included executives' names and titles, were from a purported employment service and offered attachments supposedly containing information on potential job candidates.

The attachments were Microsoft Word documents -- a common file type erroneously believed to be safe by most computer users -- that if not intercepted would have deposited Trojan horses, or malicious programs disguised as benign ones, onto targeted computers.

The two e-mail bursts point to a new and sophisticated take on an old-style attack with troubling implications for corporations, MessageLabs says.

In the past, most e-mail attacks of this kind have been comparably simple "phishing" scams sent to masses of consumers with the goal of inducing them to part with their financial-account information. A small number of targeted attacks have been seen by security firms, but they typically targeted individuals in government or the military.

These new attacks, however, suggested a fairly low-tech e-mail scheme could begin to create a high-class problem for significant numbers companies, one in which valuable data are at risk and foolproof technical defenses are challenging.

MessageLabs says that it has been intercepting targeted e-mail attacks on corporate clients for at least three years but that the numbers began to track up significantly only over the last year. The firm was catching one message a day as of the end of 2006. That number rose to about 10 a day by May and then jumped dramatically with the June and September attacks. Both of those incidents targeted executives in a wide range of industries.

"All of a sudden somebody new hit the scene," said Mark Sunner, MessageLabs' chief security analyst. Who that was isn't clear because technical tricks disguised the e-mails' origin, he said. But it's likely the person or group responsible came from the digital underground centered in Eastern Europe, where malicious-program writers and organized crime have long worked hand-in-hand online to steal and sell data for use in fraud schemes.

The newcomers appear to be after corporate secrets, he said. They have sought, specifically, to infiltrate the computers of chief executives, chief financial officers, chief technology officers and other senior managers -- and on occasion their assistants. And the Trojan horses were primarily designed to help the attacker gather Microsoft Office files from the "My Documents" directory of infiltrated PCs.

The people targeted "are the custodians of the company's secrets," Sunner said, and have computers full of juicy spreadsheets, financial reports, merger details and trade secrets.

"Why would somebody be targeting a CEO?" asks Scott O'Neal, chief of the Federal Bureau of Investigation's cyber-intrusion section. "It may be to steal intellectual property, it may be corporate espionage, it may be to get into the database."

Attacks of this kind have become much simpler, O'Neal said. "The how-to tutorials out there are getting better and better. And people need less and less technical skills." But unfortunately, few are reported to law enforcement because companies fear an investigation will disrupt their businesses and result in unwanted publicity. Such fears are unfounded, he said. The agency is careful not to be disruptive and maintains strict confidentiality.

In the recent attacks seen by MessageLabs, the attackers tried to improve the chances executives would open the Trojan-laced attachments by referencing bogus business matters and including personal details, such as name and title, which suggests the attackers spent time researching their targets.

Featured

  • Cloud Services Starting To Overtake On-Prem Database Management Systems

    Database management system (DBMS) growth is happening more on the cloud services side than on the traditional "on-premises" side, according to a report by Gartner Inc.

  • How To Replace an Aging Domain Controller

    If the hardware behind your domain controllers has become outdated, here's a step-by-step guide to performing a hardware refresh.

  • Azure Backup for SQL Server 2008 Available at Preview Stage

    Microsoft added the option of using the Azure Backup service to provide recovery support for SQL Server 2008 and SQL Server 2008 R2 when those workloads are hosted on Azure virtual machines.

  • Microsoft Suggests Disabling Old Protocols with Exchange Server 2019

    Exchange Server 2019 with Cumulative Update 2 (CU2) can help organizations rid themselves of old authentication protocols, which constitute a potential security risk.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.