Cybercriminals Turn Their Attention to the Corporate World

By Deborah Gage Print this article Print

Banks and financial services companies are obvious targets, but new study shows materials, manufacturing, pharmaceutical and health-care companies are major targets for phishers.

Banks and financial services companies are the favorite targets for Trojan (malware) and software probes, according to a report released in March by two security vendors, Counterpane, and Message Labs.

Nearly 40% of Trojan attacks and 30% of probes in 2005 were aimed at the banking industry, although other industries were not spared. Materials and manufacturing attracted 22% of Trojans, and pharmaceuticals and health care more than 20% of probes.

The pharmaceutical and health-care industry was also the prime target for spyware infections, at 50%, as well as system exploits—attempts to attack via a software flaw such as a buffer overflow. Insurance and real estate ran neck-and-neck with pharmaceuticals in this latter category, with each attracting about a quarter of system exploits.

The report shows a broader trend to attack businesses for financial gain, the vendors said.

At the RSA Security Show in February, Alex Shipp, a technologist at MessageLabs, said he was seeing one or two attacks each week of only 10 to 100 e-mails, sent to pharmaceutical companies, government organizations, law firms or other high-end users.

Most messages contained information-gathering Trojans embedded in Word documents, which were not blocked by corporate e-mail systems.

MessageLabs scans a billion e-mails a week, but Shipp said the small attacks were his biggest worry. "I believe they're data-stealing," he said. "[They are sent to] a highly qualified list of targets."

Targeted attacks are the biggest security threat for Boeing, said Jeannette Jarvis, a security systems product manager at the company who also spoke at the RSA show. According to Jarvis, Boeing has seen an 11,000% increase in "badware" blocked at its network gateway since 2002. The company, for example, sees attacks from China that carry keyloggers looking for CAD/CAM drawings.

Boeing tells its employees, Jarvis said, to study a Web site from the vendor MailFrontier—which has issued a "Field Guide to Phishing"—so they can learn to tell the difference between a legitimate site and a phishing site.

This article was originally published on 2006-04-25
Senior Writer
Based in Silicon Valley, Debbie was a founding member of Ziff Davis Media's Sm@rt Partner, where she developed investigative projects and wrote a column on start-ups. She has covered the high-tech industry since 1994 and has also worked for Minnesota Public Radio, covering state politics. She has written freelance op-ed pieces on public education for the San Jose Mercury News, and has also won several national awards for her work co-producing a documentary. She has a B.A. from Minnesota State University.

eWeek eWeek

Have the latest technology news and resources emailed to you everyday.