Cyber attackers wired to beef up tricks

Comment on this story
iol pic cyber Supplied Sudanese journalists regularly complain of censorship by the country's National Intelligence and Security Service, which has also been accused of rights abuses.

Washington - Cyberattacks designed to steal valuable business information are becoming more refined and diverse.

Examples of new styles of attack include virus-laced e-mails sent to a mailing list used by employees who entered a company in the same year after it was infiltrated by a malicious party, and obtaining information through the use of smartphone viruses.

In one incident, using a style of attack that relies on social networking, a malicious party disguised itself as part of a group of same-year colleagues.

The police agency’s investigations found the attacker had joined five information-sharing groups on the internet, possibly collecting personal information relating to group members and selecting targets.

 

The administrator of one group’s mailing list – used to discuss drinking parties by colleagues who had joined their company at the same time – apparently endorsed the attacker’s application for group membership, without confirming his or her identity.

The perpetrator then obtained an e-mail address similar to an authentic member of the group and sent virus-infected messages to targets. The agency categorised the attack as a new kind of identity fraud cyberattack.

“It is a highly skilled method of focusing on a narrow range of targets, which makes it difficult to detect the damage inflicted,” a senior US National Police Agency official said.

Last year saw 492 cases of attacks where computer systems in businesses were infected with viruses after e-mails were sent to specific targets, resulting in information security breaches.

Among these were 37 incidents of a more sophisticated “correspondence”-style phishing attack, up from two in 2012.

In another case, an e-mail was initially sent to a company official tasked with firing new employees, saying the sender was looking for a job. Having reduced the probablility that subsequent e-mails would be treated with suspicion, the attacker sent a corrupted attachment as a CV.

The agency is building a framework to share information about cyberattacks with about 6 000 companies working with state-of-the-art technology in fields such as the space and nuclear industries. – The Washington Post

Hungry for more scitech news? Sign up for our daily newsletter



sign up
 
 

Comment Guidelines



  1. Please read our comment guidelines.
  2. Login and register, if you haven’ t already.
  3. Write your comment in the block below and click (Post As)
  4. Has a comment offended you? Hover your mouse over the comment and wait until a small triangle appears on the right-hand side. Click triangle () and select "Flag as inappropriate". Our moderators will take action if need be.