Gone are the days when the worst you could say about hackers
was that they damaged files or slowed network response. Recent developments
show that serious hackers are using their talents to making money in a big
way—putting their skills to work for criminal groups.


According to e-mail security vendor MessageLabs’ 2005
Annual Security Report
, phishing attacks have more than doubled since 2004.
However, for the foreseeable future, the major threat facing security
professionals is a new kind of
narrowly targeted attack
on government agencies and companies.

According to a recent article on The
Financial Times Web site
, these attacks often travel via Word documents. Once
on the company’s network, the Trojan payload they carry proceeds to quietly
gather and forward data, doing nothing to draw attention to its presence and
remaining active and—from the criminal’s viewpoint—productive as long as

This is quite a major change from the cyber-vandalism of the
past, when hackers would design a virus to spread as quickly and widely as
possible, and then brag about their exploits and even build taunting messages
into their malware, boldly announcing their presence to unlucky victims. But
this new breed of attacks is highly targeted, and the unlucky victim is often a
single department of one company or government agency.

In case you haven’t caught on yet, these attacks are
extremely dangerous because there’s virtually no way to protect against them. The
industry will need to develop a new technology, probably something based on artificial
intelligence, to counter this new threat.

Traditional virus and Trojan attacks are mass attacks that quickly
show up in anti-virus company labs for analysis. Within a week of the initial
appearance, everyone has the new malware signature in updates, and anyone with
active antivirus software should have adequate protection. Larger companies that
more frequently update their antivirus software eradicate any existing
infection even more quickly.

Now, contrast that with a highly targeted attack, which hackers
may only send to a few e-mail addresses, perhaps in the drafting or accounting
department of a single company. As long as it’s reasonably well-designed, how
would anyone know this attack has occurred at all? Because such an approach
isn’t a mass attack, antivirus companies won’t develop and disseminate antivirus
signatures for it in their usual updates, and the attack will more than likely
remain under the radar.

This isn’t just some theoretical threat that MessageLabs
thinks could possibly occur in the future. According to its report, the
vendor’s filters have spotted an average of three similarly targeted attacks
per week over the past year. In fact, an attack of this nature occurred in
March 2005, when Scotland Yard discovered that someone was using
targeted spyware in an attempt to extract about $300 million
from the London
office of Japanese banking giant Sumitomo Mitsui.

Final word

As expected, many companies are ignoring this threat, believing
they’re not a target—a dangerous assumption. However, if your company has
anything of interest or value to anyone, you may be a target.

Attack bots are widely available at a relatively low cost (e.g.,
$500 to $1,000), and it would be very cost-effective for any criminal to hire a
hacker to conduct an attack. After all, stealing one valid credit card number
would pay for the software.

Also watch for…

Symantec now provides a real-time
security threat meter
. Covering e-mail, surfing, IM, and file sharing, its new
service provides a current report on the general state of Internet threat
levels (not a measure of the risk based on a particular machine configuration).
This can be useful for those who need to allocate security resources on a daily
basis. For example, knowing that IM threats are high and e-mail threats are low
would let you concentrate more resources on the worst threat vectors.

Miss a column?

Check out the IT Locksmith Archive,
and catch up on the most recent editions of John McCormick’s column.

Want to stay on top of
the latest security updates? Automatically
sign up for our free IT Locksmith newsletter
, delivered each Tuesday!

John McCormick is a
security consultant and well-known author in the field of IT, with more than
17,000 published articles. He has written the IT Locksmith column for
TechRepublic for more than four years.