Social media tools are being targeted by criminals to acquire coporate secrets.

Not long after airstrikes began in Libya earlier this month, certain attorneys at four U.S. law firms, known for having high-profile clients in the oil industry, each received a personally addressed e-mail message.

Each message carried an Adobe PDF attachment, purportedly an analyst report describing the impact of Libya’s uprising on oil futures. Each lawyer clicked on the attachment.

But the PDF was actually pre-set to deliver a quick-acting computer intrusion, says Chris Day, chief security architect at data security firm Terremark, who watched the attack unfold. Within a few seconds, the PC of each attorney who clicked on the attachment began sending a silent beacon to a command server controlled by the intruders.

Terremark alerted law enforcement, and the law firms were notified, cutting off yet another persistent intrusion — a distinctive type of hack that has quietly become a staple of the cyberunderground.

“We’re seeing criminal gangs using these tactics against commercial enterprises simply because they work so well,” says Day.

Such so-called spear-phishing attacks, which often enlist social-media tools to meticulously wedge into corporate networks, are increasingly used in computer thefts that pinpoint valuable corporate data, according to a report released today by IBM’s X-Force cybersecurity team.

“Cybercriminals have become more focused on quality of attacks, rather than quantity,” says Tom Cross, X-Force threat intelligence manager.

Elite cybercriminals are tapping into search engines and social networks to help them target specific employees for social-engineering trickery at a wide range of companies, professional firms and government agencies.

They wait patiently for an opportune moment to seed an infection, knowing they need only infect one well-placed PC to gain a foothold inside a company network. They then proceed to stealthily probe deeper over many months.

“It’s become very common for advanced groups to be in systems for a year or longer without being detected,” says Kim Peretti, forensics director at PricewaterhouseCoopers.

The booty of choice: intellectual property.

One enterprising gang recently put a twist into spear phishing by noticing that more than a few executives have a penchant for using Google Alert in connection with their names. Google’s free service will e-mail a Web link to the executive every time the search engine indexes a Web page containing a fresh news article mentioning the executive.

The intruders figured out how to inject an infection onto such Web pages at just the right moment, so the infection has a low chance of being detected and a high chance of appearing as part of a Google Alert arriving in the executive’s in-box, says Mickey Boodaei, CEO of security firm Trusteer. One way they do this is by putting up an infectious Web page that redirects to a legitimate Web page carrying a news article about the executive; the link between the bad and good sites is enabled just after Google indexing has occurred. “These targeted attacks are very powerful and should be taken very seriously,” Boodaei says.


Link:
http://www.usatoday.com/tech/news/2011-03-31-hacking-attacks-on-corporations.htm