Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Info Thieves Take Aim at the Enterprise



 By: Matt Hines
2007-01-11
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Researchers are finding an increasing number of malware programs that appear to be designed specifically to steal valuable data from business users.

Among the long list of bills reintroduced with the opening of the U.S. Congress on Jan. 5 were two filed by Sen. Dianne Feinstein, D-Calif., aimed at forcing companies to better protect consumer information and publicly report any potential mishandlings.

However, according to a range of IT security researchers, businesses should be just as afraid of having their own valuable data stolen by hackers as they should be scared of losing customer records, because it appears malware writers are aggressively ramping up their efforts to create attacks meant to target corporate information.

While few virus examples have been publicly identified that exhibit this growing focus on stealing valuable business data, versus the many that have been unearthed that target consumers personally identifiable information, analysts say there is plenty of evidence that the trend is picking up momentum.

"Theres no doubt that this type of activity is becoming more popular; weve seen a lot more samples and kits, and real code, that is clearly designed to do things like grab files from local systems, to look for specific types of files used in business operations, and the valuable information in those files," said Dan Hubbard, vice president of security research at malware filtering specialists Websense, San Diego.

Resource Library:

Hubbard said that in addition to viruses designed to find business documents such as spreadsheets and manufacturing templates, Websense has also seen attacks aimed at companies in specific vertical markets, most notably the aerospace industry. Unlike many of the attacks designed to dupe consumers into handing over their personal details, a high proportion of the enterprise info theft programs display a level of complexity that belies deep professionalism on the part of those writing the threats.

"A lot of the code were seeing is very sophisticated; some use encryption to hide the stolen data as it is being sent out of the corporate network, others clearly target specific types of workers who have access to valuable data, such as product designers, and others are using unknown zero-day flaws in popular software programs to find a way in the door," said Hubbard.

Researchers at anti-virus specialist McAfee, in Santa Clara, Calif., said they recently observed a zero-day attack aimed at three specific users within one company. The level of granularity displayed in such an attack is something that may become the norm in the near future, said Dave Marcus, security research and communications manager for McAfee Avert Labs.

Read more here about "rogue anti-spyware" and the emergence of hackers looking to hold stolen corporate data up for ransom.

"There have been attacks aimed at businesses as long as there has been malware, but this was a precision surgical strike that was very professional and well-orchestrated," said Marcus. "Its hard to say if these types of attacks are growing in volume, but they are certainly growing in terms of sophistication.

Other security researchers said they have seen similar patterns emerging. While there is no indication that hackers are shifting their focus away from programs that target consumers, as the volume of those threats continues to grow, attacks that attempt to steal corporate passwords, such as the Infostealer.Ldpinch virus, first discovered in late 2003, are becoming a regular occurrence, versus being a flash in the pan, said Ron OBrien, senior security analyst with anti-virus vendor Sophos, in Burlington, Mass.

In addition to password theft attempts, researchers are predicting that hackers are aiming their sites at enterprises VOIP (voice over IP) systems to listen in on private conversations, and creating attacks that look for sensitive information passing through instant messaging applications, and even corporate data stored on more powerful mobile devices such as smart phones.

"Were still seeing these in fairly low volumes, but value of hacking your way into a corporate PC will ultimately be much higher to malware writers, as they can almost assuredly remove sensitive information that is worth something to the business, or an outsider," said OBrien. "I believe well see a lot more of these attacks that try to get onto corporate networks and phone home valuable business data."

In addition to stealing information, there are several different types of ransomware attacks that are emerging against businesses that seek to access and obscure information that is of value. The programs, which most often operate as virtual extortion schemes, sometimes encrypt sensitive information and threaten to keep it locked down until the hacker involved gets a payoff.

Ransomware artists have also begun playing on fears of non-compliance with consumer information handling laws, threatening to expose companies to the types of laws proposed by Feinstein and other members of Congress by forcing them to report breaches to customers, and in the press.

"Extortion is age-old stuff, but its becoming more dangerous in the sense that the ransomware is becoming far more complex," said Shane Coursen, senior tech consultant with Kaspersky, in Woburn, Mass. "In addition to being capable of finding more valuable data to corrupt, were seeing more sophisticated encryption that hides the data, and attempts to collect the ransom payments that try to keep the attackers better protected from law enforcement."

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.



  Reader Comments: Info Thieves Take Aim at the Enterprise
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Matt Hines
 


x}r㶲s\@♵MR-ƶ,8:U*$EReoВ/㩱%lh|GggD]ݴ1p͙M55|zg`HRsgޅ-34 @oRQP ĠxnwݶN`P'~ > \?g3U;Y|b(áh] ]( ѼeMGQR`N Cw*Nul9 Q6RV2/Fӽ8t[h  #k~|E=x:Q/M+l}~@kNmW ȓ׌ڭAx)B(!bB]߂KCI%߼q@ؓ&thmub'b#Q^]õ]&Z.R͌eCwt=PzOMҳBCLH6}~8IZQOK.m4ZIfOl+qtR8E[5'0m_k|uv3< 3~3 CoZe؄j% =y7`BaCJ&5\_-׉E&>5 ؗY͢@eʆ}{ʾVWR\W}`[BUzEÝ|k47~+UUew9*GA nkp[I^׵Sq9}r>?'7;A:W;YHL~#/@DJ V4MD&-āI^:GH5=(ǭ~Z%MR?4,fϷ3+i*H,GQD~6/NM㳣NlL,!V4*V]?#;ˠjqszr|qӹwIAұ,O/gs`HםBi۲ܾ,BKEka(7fhXӀ?$eR2-L9X@.@שS 07'h脺f-Mn "dLi|]Yw1P3Z$23}Pr &Sk~$GM ]sΚb.L2<|)=m̗W/b`(AK/g ڊ5t*転(if1;A0<^f&/_\D 1 p 3d{".ӰervZn֖͉*YX[u5jZlY?iYwθyn?^OH{⧋vzǫ$ # EHYf7-vI09긦ժ+YEe_U^q-Aqb2B c=&M:gvXY8`;}JwϧԴfPwӈ<: M/G˥yf1@ Lna 8V8; u#uә=U45(h`GI l"&q3)к`&oAY@[SaP#[ѽ:z?@6 =2/?>fCxwݐ,P}@=XS9;ݲeǀԜ:0$w2J}#>] #RRR$S]Pv9DB B!B0 HV(V쎄J9mW*LOD:Rt{B#RyM4aGe-n^ d3#Cdd0U Q򍜘e{4l` -z'$': 5$!.*BZzI۶ۿi |T&]\qαqB&k*H(Y3b-ysDr V֌M'WQV{)5_͸VTV3Q2C+L)Eۋ)i SX-8E/4-{e]Zr{Q^ӛA']օVP+=@yC lK/,:+c:*K_jiHH*E6@\Z1-c %㐘 0ZOpo{:{j@_ܰ큡K*+ &G&,mk VhVKtXf&`ܲ &P wS~8;[0P!k^͆Vv<]| ==r3CO\?CC|Omj+Co{LrCm0 G "˞C{_&]1VW=PZ`!?ՊRR4 q/#Y /m0ܑk}>bDugNPOK ˙'瀚:$ZCf'ᠦVĜ8riPzP* cWE.ϳ1UF>3 $hDc4e2f-4_\0-xcJD%h\Rj&34Z(@y{2$t`m\>(cpFl`^\|<ׇ BK K'"^a`EkǖYCǖbT۔І[P*'8AÒ?DBQcG}ܴ>?CU^oVRxw"ZTlcCjvXVk7;zfAq{ qF@>+z~qj ,2,~VAK>snA.}O>zN¢ ',h'^ː]-'LiG ã2R1P^Cs2]((:H3 |jVQ=/YQfca "g+0fjנj@[}l)tdx8)ѡ,Hr]TՑnR UtT#  X]QiRZ=-bhsֽm?O᧜Z1Ӂ P}̹5u4X\Y(``!> ~6F8b&aj4X[ ↪%}g{oR68F2<"C8\vl:ZFB -Қ8k*sԳлMklsGq3`S"mLtu_+'E&GlE6Xil q ivK|g~{q{?I jf?}T*JZӳ(*+H@:erz埍8jKC_ 车Li7JղAkJZ8~G;a>&ra&: G ɲ\' ׫UVگ]q.g( ,O$,t=ǣۻmpI75 ),3>&(=~f?Н :uaAvY?0+οH iïRX|xxy"u.Zlb4 LAIP 4t=$!&}ׇ́{5geUs^Fۧ(F@FusѺ~߹_>wQCr޹lK^'+֓!w"yKrBVë=uti)qfm2XG<2u\8$ D8 m̀@ c^9`B4c-MgSA0u0aVxy~nUkq  ナ:`AQ1@+JFtzW{mE& bT _RFI$Q#=-#WYI{Dg"G0^ί([ⷚoWȘIGD_q-5'=?U[k't>!94|YQ$K 21xc|.A-6ԾJ9 4SJd"8Q%;)~ڰ{, /D=:dSNM(ia-uyjdJ9#S"\ 6L P,OҴy=#lQ1 i(K"ih$lbTȆRoNwպ6<5ަm晿BƗHȣ ,-I+4$/CiA0;ǭHR#EhqeP>Xki)i[YUH+?vƇ!qbwyAH0GW倜b{~T߯Il;up=q"?h9#7:NjG/sy"O+:Q ,':]@_zϜGoIM21ɘKԍ A/sBk4GלO)|si9<3m~`'6"%(\s")Xf>VAkv,x\J|[<,'Mw[1CN'~.?@ 6W{$ N FP ߼=Foq>P]9Yz$AC~g}\0n;z{w6bOf07+۝l9niamơ8 J~l'Mt:DjE[c{wC9Ȫ̙S.{R؉~'g#3^q:-: &n_%3ތ<яKi^dΠt4s {!F.`0.s!T xBo~˸aW*]c{*{w}wo]VZtCqB1Vx/)&%ϓEL @OKtGY_BQKwv{Y!0N ئ7=12~OO=rmGX ?*4lo A[)=)$Ιx <v4.߮ B;FJX۴rUCauk§ ,'iƿWc#ޚU>9d 8-X g"zPֈR242 i6&:ҟ+.œQL;ϚżWH/uc %fJj1!4flZ\3@g9X7 3X8 <\3̈́ ͗)䉵E bPœVt8e3{ry`f‚cוPyxL,x`P 7mY$g jT`q0:nQmI'1KQvȃұ (3^-$&D^#M\`r\*iD3a8kg:&%@(Cx;J~أwZL-c}fcIŀA7liJwܹRSZKY𔠩J+voWH]JCymb9UXSo,0re?4~ ^!/3 u@=g缳{W,e4;Ğ&!C&%u1>(z8IX@ 1הzJ>Xyo $AL<,ڷh;6 ez6 ( vP⋯;Lov2E4ƏV3LhW d;M v^ADyG۟:%z.(+R.KU"}gRdSJGPR'NmLV(!KzQh]Y-ALjxaRV+4&a"<~@X{Dfl/x Fv#=M^MIRA*:co|\l^GYu.^d^]/2_W7d4G/XU^|{2PM& ןu [wo#rrETrh#M I $Y6M* 뢙O4z:O{ WiS22yd=9Kʓ0))wBcʩ*#[!G:@3&XY"<!'mXߔk/nv-xXbc,Wk7*#ER%,MumdƈhLacD4Z,hdڬW@clOk',9kg\lb^ىmyyyyyu||">_1)s[ )%ǀJ|Tԅ?<,w8.il|-|xK>ǧ |$q65T2a0BZ@mHKKN1D]r!d<'} 4Ch@%m0U7KQ:!{%ϥ(zrfue$̽$j Я^^Q9 n{CR{1tvni& w4Al` b*a|f\q Nb<3+p|֚/fC*|!*m;ejRQ-x11q?̑be69DI D ň-":|xyC9vFP F{Uƌݖz<HO! <~՛kOAu=+'!e^3RB$\E5] k08C;/w?/R+os\_]˃9z9z9z9z9zqVj9zWT^Sq!mǠh K ^Ԁ/a)g-)[>D֫ CJ~< ܰv{"~|Ҟz;0+Cz}a>`$T%1hhAz؊|4 Kjc/mMcqQ+4 <:K[q)&gz>dȚV~ɴI79k Qb?xK5:HW;6uJ?l0Fվ70:zŰcL8"eIS0Fk l?QX26A%ey3Ou{iQԨ1gfSYh9mxcj9Fwk5e_]͹O?P. ]ZˣXuV%d{1׭{[[cUAN2AGu poDR!դFKbGZk>Ao=zVŠx!Vy ?m+=uvX5n{u3YA4`}*[rZ$24^UP+)ZzʋzhNFu_ZהV/`eEX0K :A=(urs=,vT3!By_8 kH =W m5HX#巟NgNtʉЩ H WIkm2J%3?3\mDΝNsđ뛋uNc01,9)[d0̊|Ux[hhwQfg1q8sr;c{±\~`QQ̏XJ11K,+sYu?x#jϊ5q#PGtySZ3ZMqheu!0d5k)mL!E TЍB9Ϫ͒;IoP}sY?e=a ' 2u?|{qBJ=Lm~C#hM-ã|U:k|%wm[J/G?co7aT0|LK|xZ->G_ 6f^FGZQ)G)}o M-ӴiLROg\N _ _ݰ,VI m{d72[ $}?ZĮ,H1T) q}n@zhuew= dydP^[H{E=gx8N2 W8x (]A.; #x7tX$l9e1qA[:q0raqno8gkH0ג r)͔5ח=e_)aLDu2t083*%RucH <"m~g^q79mOR-i`Ikxm!ah\ߊqbZ ,װÞ1XG>u;WXj !1gOiX$_ϳW`AE,D "}fA=bAa~L­!R)Qw3R6EwP0SN\<7Yef xpx} 5tHM<2BL'kQ.閣FMQtV#ߛ~3,ȏ]5[Hmݜ(8&sz9I t!#K/HzNsڬ &Ȉ@`bJ])IdR|:PJ\gޕa)걪VR/?(;Ue"} =Mɕ@*ZȈq/w4 }:\ݹXh?5iv>;WNϻ7x( Zѷhlԭs=|ܽ|ڹl_]w.&hL湾xQ(X7KGYFufvʌTN-Ks!Yx9Kxu< /ELyx&0̟~D0/& ƕ^-211S:9nzZ>ZNA|vuQc̑:w >r:X)` чFQc bc>oI]hF&5+:r<)r_sʯz}q (SޅnN9Rz} झS~ O?9yNyY_9)4;'9пNN?ӹ)wrWh~y|v͋__^s E/>/r">G/s ?唟AYN?9P~S{3?9s w3]7]?͑/W@W9q_ sC?=/g=/g}~_֗C_S^9S>>oʁ~orڿi&ҺNrru S)JyC/*ȋkOy射<)߇yVU<^`kW9x 挿 {9;[?v'u CFW\=o /de75vkYAΰ۸/6^a/  ^敽$= xEB+gٔ@#X{#uO'NW6#ﹺ d^)WsU}Ӊ{Z?Ś/Yy<* u!=o*ND1KA1_w9ݧ,I5;H_êpqpjɁ@ @8z_Ew9en7FpK|` nsOkz>sxvY^]Y\;Yo%P.YCIsDgev' AѺ`*O WY-KaaP]χ>d4[`?Znamzםg4`/[烫6{̦d󰡲iʪ)N(Ѵ~PWEjnrh s)螩zħ_ NW+ 7\xќ8wƮ; P7maIP5ZUj;5" #:&Q5YUdN.jUeRL3DAyg l]{̾ZCO3CX)ḇ̺nk %.<tlU|Sy3 "`TS;I@9$Lo9Xj,.#v2QW!+<ŝ+f4X pov1R {{[2gډe:`XG$l` @C׽~rhr%\ktEEבE$&J1ZsJD!-?rCShu-< bsފjd!׶RA#>7q>+sonե}c‭«L}'!1Fc9%)^Ռ]#|/.Lkg_5 B3q< Y8T"?zGmÜz)LJ)@BoE)R%:TunwImgX|@ăx!$K0Dt.s,sD46ϒLT zZ;] v,8%^z'{io=G}c_VeńK!8F1HyU_OD.M%Cb9G$]! ""_S aoil/yHR}J0yN:mv8K)=tvwjy?-;waS)fGVFp)hFN<}u<٢uK ğ?X \ cwH V&KG1֪TU|>cx nj}p{c*e~9-S)0p,\ftO6A|gKo?/7(NAERb0yM&H}0uGĦrCR4mLepwRc%xdvד69qSg _((U@Dqg˫HvxGml<"^:uGW=Q'nGalh[d%+^F%!ҶT)V#ʥ.Sܟ?Ca҃fFo\_X (K# Lw~9N]RjãōGHǸ[ [ Iy>p <Щ1T\bգJʶ)E9b릍\ ѨipKTؖE'nd3^m'o$-'my#Q1W)?Il}X<޳sW=?5zl3Gi:9Y}#s!?²LjH2mf^^kti( aavXc-hw͙!׆)0ѕDM1Q6s޷`=dZ]x O!YdWP Y-f1!Dv$8)}o&vж?gTH0H6c?tCf *$w@˽ō]^g"a7:#/ah8`yb3Sq2JѬd;j g_yfOȅ^`\YG7^y{b`!˾tں>!M*`΢gί>!2T!6xvY`Eq{şuuU- Q{}΂`R)XI}"^ֳo 6A|>Ðy6xL -2VjwVVtƦI21qz륍.yQ'b"mR? ۔̡r&s.c MWc\)֦O*L +&|&R2ֱeRZ`l/Z6w?v3-