Beware of Targeted Attacks
In the past, hackers designed viruses and worms or infiltrate networks to gain notoriety among their peers. Those days are long gone. Malicious software now secretly infiltrates computers with the intent to steal information for financial gain. These attacks often target a specific company or a group of people with something in common.
Specially-crafted Trojan horse programs now get sent to specific victims in spam email messages, in the hope that a gullible recipient will open the attachment without thinking. Because this software does not obviously impair the computer, many recipients never make an effort to check for any security threats.
Some of these Trojan horse programs get used in "spy-phishing," a scam meant to steal specific information submitted to a particular legitimate Web site. Once inside the victim's computer, the Trojan horse program hibernates until someone using the computer opens the target Web site. At that moment, the Trojan horse program awakes, records the information that the victim submits, and then sends that information to a waiting data thief.
"The main difference between targeted attacks and mass attacks is in the preparation prior to the attack," says Jamz Yaneza, a senior threat analyst at Trend Micro. "Mass attacks seldom involve any pre-conceived target due to the uncontrollable nature of the 'trade tools.' Targeted attacks, however, involve a smaller pool of victims, with the aim of possibly larger benefits due to prolonged presence of the threat. The most prevalent are often cloaked attacks using 'sender spoofing' to fool potential new victims into letting down their guard."
Because victims of this kind of theft often never know who stole their data or how, these crimes will inevitably become more common.
"We're likely to see more spy-phishing and targeted attacks using methods similar to phishing techniques," adds Yaneza. "We also expect more targeted attacks on a smaller scale, which can help attackers receive direct information and stay undetected for a longer time. Both kinds are dangerous, because they target confidential information as opposed to the plain destruction that characterized attacks in the past."
