Cyber attackers wired to beef up tricks


Washington - Cyberattacks designed to steal valuable business information are becoming more refined and diverse.

Examples of new styles of attack include virus-laced e-mails sent to a mailing list used by employees who entered a company in the same year after it was infiltrated by a malicious party, and obtaining information through the use of smartphone viruses.

Share this story
Security experts said that hackers could steal browser 'cookies' in Poodle attacks, potentially taking control of email, banking and social networking accounts.

In one incident, using a style of attack that relies on social networking, a malicious party disguised itself as part of a group of same-year colleagues.

The police agency’s investigations found the attacker had joined five information-sharing groups on the internet, possibly collecting personal information relating to group members and selecting targets.


The administrator of one group’s mailing list – used to discuss drinking parties by colleagues who had joined their company at the same time – apparently endorsed the attacker’s application for group membership, without confirming his or her identity.

The perpetrator then obtained an e-mail address similar to an authentic member of the group and sent virus-infected messages to targets. The agency categorised the attack as a new kind of identity fraud cyberattack.

“It is a highly skilled method of focusing on a narrow range of targets, which makes it difficult to detect the damage inflicted,” a senior US National Police Agency official said.

Last year saw 492 cases of attacks where computer systems in businesses were infected with viruses after e-mails were sent to specific targets, resulting in information security breaches.

Among these were 37 incidents of a more sophisticated “correspondence”-style phishing attack, up from two in 2012.

In another case, an e-mail was initially sent to a company official tasked with firing new employees, saying the sender was looking for a job. Having reduced the probablility that subsequent e-mails would be treated with suspicion, the attacker sent a corrupted attachment as a CV.

The agency is building a framework to share information about cyberattacks with about 6 000 companies working with state-of-the-art technology in fields such as the space and nuclear industries. – The Washington Post

Share this story