Cybercriminals Turn Their Attention to the Corporate World

By Deborah Gage  |  Posted 2006-04-25 Print this article Print

Banks and financial services companies are obvious targets, but new study shows materials, manufacturing, pharmaceutical and health-care companies are major targets for phishers.

Banks and financial services companies are the favorite targets for Trojan (malware) and software probes, according to a report released in March by two security vendors, Counterpane, and Message Labs.

Nearly 40% of Trojan attacks and 30% of probes in 2005 were aimed at the banking industry, although other industries were not spared. Materials and manufacturing attracted 22% of Trojans, and pharmaceuticals and health care more than 20% of probes.

The pharmaceutical and health-care industry was also the prime target for spyware infections, at 50%, as well as system exploits—attempts to attack via a software flaw such as a buffer overflow. Insurance and real estate ran neck-and-neck with pharmaceuticals in this latter category, with each attracting about a quarter of system exploits.

The report shows a broader trend to attack businesses for financial gain, the vendors said.

At the RSA Security Show in February, Alex Shipp, a technologist at MessageLabs, said he was seeing one or two attacks each week of only 10 to 100 e-mails, sent to pharmaceutical companies, government organizations, law firms or other high-end users.

Most messages contained information-gathering Trojans embedded in Word documents, which were not blocked by corporate e-mail systems.

MessageLabs scans a billion e-mails a week, but Shipp said the small attacks were his biggest worry. "I believe they're data-stealing," he said. "[They are sent to] a highly qualified list of targets."

Targeted attacks are the biggest security threat for Boeing, said Jeannette Jarvis, a security systems product manager at the company who also spoke at the RSA show. According to Jarvis, Boeing has seen an 11,000% increase in "badware" blocked at its network gateway since 2002. The company, for example, sees attacks from China that carry keyloggers looking for CAD/CAM drawings.

Boeing tells its employees, Jarvis said, to study a Web site from the vendor MailFrontier—which has issued a "Field Guide to Phishing"—so they can learn to tell the difference between a legitimate site and a phishing site.

Senior Writer
Based in Silicon Valley, Debbie was a founding member of Ziff Davis Media's Sm@rt Partner, where she developed investigative projects and wrote a column on start-ups. She has covered the high-tech industry since 1994 and has also worked for Minnesota Public Radio, covering state politics. She has written freelance op-ed pieces on public education for the San Jose Mercury News, and has also won several national awards for her work co-producing a documentary. She has a B.A. from Minnesota State University.


Submit a Comment

Loading Comments...
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.