Attackers Initiate Target-based Attacks To Steal Confidential Business Information

By Author: eccuni
Total Articles: 211
Comment this article

Cybercriminals are now initiating target-based attacks to extract confidential information. Recently, security researchers identified targeted attacks on employees of organizations that allow their staff to access personal e-mail at work. In case of one of the attacks detected by security researchers at Trend Micro, cybercriminals send a cleverly crafted e-mail to employees, which appear to arrive from Facebook. The e-mail alerts users that their Facebook account has been accessed from another computer device or location, other than their usual device or location. The e-mail intimates users that the Facebook account has been temporarily disabled and seeks clarification, whether they have made use of any other device to login.

Usually, attackers entice users to open a malware-ridden e-mail attachment or click on a link, which redirects them to a malicious website. However, the latest attack only requires users to preview the message in a web browser to initiate attack. When unwary employees preview the message, they inadvertently download a malicious script from a remote website. The malicious script embeds into the webpage ...
... to steal sensitive information such as e-mails, contact details and also forwards e-mails to a particular e-mail address.

Attackers may gain access to privileged communication and e-mail contacts related to organizations through such attacks. Attackers may sell confidential information to corporate rivals, disseminate spam, and initiate sophisticated spear phishing attacks to extract more data or install malware. Leakage of confidential business information may have severe strategic and financial implications. Cybercrime results in loss of productive business hours, revenue loss and generate negative media coverage. Information security is crucial for smooth and unhindered business operations. Organizations must place emphasis on information security. They must impose restrictions on the use of personal e-mail at work, monitor employee activity, encourage use of strong passwords, place restrictions on use of social media sites, and restrict user access on computer systems. Organizations must create awareness among employees on password management, safeguards while using social media sites through workshops and training programs. They may also encourage employees to undertake e-learning programs and online IT courses to abreast themselves of different forms of online threats, cyber security tips and best practices in information security.

Organizations face both internal and external threats. Attackers may target organizations through intrusion or download malware through social engineering attacks. IT professionals need to constantly update their technical know-how through online IT degree courses to deal with proactive threats in cyberspace. A recent Data Breach Investigation report by Verizon reveals that industry faced around 760 data breach incidents during 2010. The current year has already witnessed a series of high profile data breach incidents. Hiring professionals qualified in IT degree programs may help organizations to frame and implement appropriate information security policy. Proactive action is crucial to defend the IT apparatus from sophisticated cyber threats. Organizations must constantly evaluate the security scenario, keep track of security advisories, identify and install requisite security updates to software products. Regular security audits, vulnerability assessment tests may help in timely identification and mitigation of security flaws.