Hackers are changing tactics, with e-mails identifying with the Olympics but hiding malicious Trojans that elude most antivirus programs. Where hackers formerly favored Microsoft Word documents, now they are turning to other Microsoft file types that are not so easily detected. And such targeted attacks are up 600 percent over 12 months.
As the leader in hosting, Rackspace creates solutions built to fit your needs. Our sole mission is to keep your infrastructure up and running so you and your company can stay focused on growth. Our managed hosting solutions allow you to retain full control of your OS and application infrastructures.
The run-up to the Beijing Olympics has been anything but smooth, with global protests marring the festivities. While police battle the protestors and athletes battle each other, CIOs are engaged in another battle: with hackers using the Olympics as a guise for digital attacks.Security experts at MessageLabs, which scans e-mail messages for hostile content and provides Web security services, have found more than a dozen Olympic-themed attacks over the past six months, targeting different industries with Trojan attachments that could allow the attacker to conduct corporate espionage. These e-mail attacks have realistic and legitimate-sounding names, such as The Beijing 2008 Torch Relay, and purport to be from the International Olympic Committee in some cases, although most originate in Asia. New Attack Vectors It’s not new to say that e-mail attacks contain Trojans. What’s new is the latest shift to delivering a malicious payload without being detected by antivirus programs, said Mark Sunner, chief security analyst at MessageLabs. “The file that was infected with the Trojan was an Access database (.mdb) file,” Sunner said. “Throughout the time MessageLabs has been intercepting targeted Trojans, almost all of them have been inside Microsoft Word documents using the vulnerabilities within those file types.”But as those vulnerabilities have been fixed, the attackers have exhausted their options with Word documents and have moved on to new types of Microsoft files. Sunner said exploits within these file types are much less likely to be detected by traditional antivirus engines.The evidence shows that the attacks were successful. While MessageLabs won’t say who the target was, Sunner told us that “the social engineering in this attack has been so precise that the target passed the malicious e-mail on to others. It marks the first time that such an outcome was intended by the attackers.” Hacker 3.0 Targeted attacks such as this are on the increase. “On average, for March, MessageLabs intercepted these kinds of attacks at a rate of 70 per day, up from 10 per day this time last year,” according to Sunner, “and one per day the year before that. As a threat vector, the concept of targeted attacks has increased at a rate of 600 percent over the past 12 months.”While the tactics used are new, what’s also a trend is the goal of the attack. Sunner said that, in general, the malware landscape involves “volume threats” well understood in the security industry and typically intercepted. But the Olympic attacks highlight a trend that MessageLabs refers to as “Hacker 3.0.””The emerging targeted attacks are more unseen, and this is where Hacker 3.0 gets involved,” Sunner told us. “Hacker 3.0 is the data thief, and much more insidious. He or she is not concerned with the day-to-day volume threats with the intent of spamming. Hacker 3.0 creates a much more engineered attack targeting a single company or individual within that company. The intent is more personal and more destructive.”Antivirus programs are likely to be insufficient in warding off these personalized attacks. A mail-screening service will help, Sunner said. Safe computing principles should also be reinforced, with emphasis on not opening or downloading attachments that are not work-related. |