Industrial espionage is the new target for hackers

By Steve Malone

Posted on 17 Mar 2006 at 10:46

Cyber criminals are increasingly targeting many of the most sensitive business and government areas.

According to the joint Counterpane and MessageLabs 2005 Attack Trends and Analysis survey, although financial institutions and banks are still the prime target for attack the pharmaceutical and manufacturing sectors are increasingly coming under assault from hackers attempting to break in and steal data.

The worms that are used to probe corporate defences are becoming increasingly sophisticated. The report notes the rise of both polymorphic and metamorphic worms designed to evade anti-virus software. The report also notes the appearance of worms that act as vulnerability assessment tools, and worms that use search engines like Google for reconnaissance. Even more worrying are the worms that don't advertise their presence when they infect a system.

The report notes a disturbing new trend. Cyber-criminals are not only intent on breaking into a system and causing damage; today, they may be much more interested in industrial espionage. MessageLabs says that throughout 2005 it intercepted approximately two to three attacks per week directed at government departments, military organizations and large multinational corporations, particularly within the aerospace, pharmaceutical, petrochemical, and legal sectors.

Similarly, pharmaceutical-healthcare is the sector that suffers the most from spyware attacks compared to the other industry sectors, at almost 50 percent. Although the
'utility, power & energy' sector only ranked third in the total survey for the entire year, the sector experienced the most significant increase. Spyware attacks made up fewer than five per cent of all the sector attacks monitored by Counterpane in the first quarter, but this jumped to almost 45 per cent of all attacks in the fourth quarter.

Meanwhile, the biggest target for the cyber criminals are still the banks and other financial institutions, which accounted for almost 40 per cent of Trojan attacks. This is followed by the materials and manufacturing sector, which ranked a distant second, at 22 per cent.

Hackers are becoming more sophisticated in their attacks. Rather than using the familiar phishing method of impersonating a financial institution and convincing customers to hand over their personal details, they are using tactics that bypass the stronger authentication systems being put in place. The report cites the W32/Grams Trojan that targets 'e-gold' but doesn't launch an attack until the authentication process has been monitored and completed, as e-gold uses a number of security measures, such as limiting account access to an individual IP address and the use of one-time passphrases.