Organised crime is joining athletes across the globe in training for the Games. And it's your corporate secrets that are up for grabs. In the past 6 months MessageLabs has intercepted 13 separate Olympic-themed Targeted Trojan attacks across several data-rich industries.With Targeted Trojans on the rise and able to evade conventional security mechanisms, MessageLabs is currently intercepting attacks that exploit the Olympics to appear authentic and attractive, but contain dangerous malware designed to steal corporate secrets.
Organised Crime goes for Gold
at Beijing
Targeted Trojans are custom-designed to slip behind even the most elaborate defences. Now, the new industrial espionage - financed by organised crime - is cheating Olympic-style.
Table of Contents
Introduction 3 Targeted Trojans on the rise 3 Winning the race against conventional defences 5 Gold medal security for business information 5
2 Introduction
With the Olympics on the horizon, it's not just the athletes in training. Organised MessageLabs crime has been readying itself, testing its skills and waiting for the right time to attack. Custom-written Trojans are targeting senior executives under the guise of intercepted 13 organisations as reputable as the International Olympic Committee.
The damage done by these attacks is no longer limited to corruption of your network separate infrastructure and compromising your business reputation. Now, it's your organisation's confidential information, such as product designs, research and Olympic- themed development data and merger and acquisition secrets that are at risk.
targeted Trojan This white paper exposes the structure of these attacks, their targets and the security gaps they are designed to exploit. It examines the means available to attacks across business for staying one step ahead of cybercrime, defending intellectual property and creating certainty in the exchange of information. several data-rich A wooden horse at the Olympics industries. Between October 2007 and April 2008, MessageLabs intercepted 13 separate Olympic-themed targeted Trojan attacks across several data-rich industries with subject titles including The Beijing 2008 Torch Relay and National Olympic Committee and Ticket Sales Agents. Some attacks purport to be from the International Olympic Committee, based in Switzerland. In fact, all but one attack has been sent from IP addresses in the Asia Pacific.
The Olympic attacks reveal both the way the attackers work, and the extent of their audacity. A theme is chosen which appears beyond suspicion and has natural, widespread appeal to act as a smokescreen - just like the wooden horse used to smuggle Greek soldiers into ancient Troy. And the most high profile and noble of international organisations, established for over a century to build a more peaceful and better world through education and sport, can be undermined for the attackers' criminal purpose.
Personalisation maximises the Trojan's reputable appearance and helps persuade the user to open it. Attackers gather data about targets from social networking services such as Facebook and Linked-In, as well as corporate websites. Using resources accessed through search engines and public records, plentiful personal information can be collected about a business's senior management - enabling attackers to craft an email that, for example, appears to come from the finance director, addressed to the CEO by name with a spreadsheet attached called Draft figures for the AGM. Recent Trojans intercepted sported email subject lines as simple as Invoice or Customer complaint, increasing their chances of slipping under the radar.
Targeted Trojans on the rise
Targeted Trojans are custom-built malicious software or malware, personalised for a small number of recipients and created to penetrate a specific organisation's 3 corporate network. They contain a malicious EXE file hidden in a commonplace document, which is extracted; run and can download further components. With the ability to remain undetected for months, Trojans enable the criminal sector to eavesdrop on individuals by circumventing common security measures, opening up the entire contents of a corporate network infrastructure and the data it stores to infiltration, corruption and theft.
The last two years have seen a steady emergence of this new brand of corporate attack, with the detection of targeted Trojans rising from two per week in 2005, largely limited to the public sector, to daily strikes during 2006 as targets diversified. In May 2007 volumes started to climb to around 10 per day, peaking with the June 26 CXO attack, when 514 attacks were detected in just two hours. Two follow up assaults - 1,100 in 16 hours on September 12 and 924 in five hours on November 19 - signalled the arrival of easily-accessible Trojan-building toolkits ... [download for more]
