Security experts said that hackers could steal browser 'cookies' in Poodle attacks, potentially taking control of email, banking and social networking accounts.

Washington - Cyberattacks designed to steal valuable business information are becoming more refined and diverse.

Examples of new styles of attack include virus-laced e-mails sent to a mailing list used by employees who entered a company in the same year after it was infiltrated by a malicious party, and obtaining information through the use of smartphone viruses.

In one incident, using a style of attack that relies on social networking, a malicious party disguised itself as part of a group of same-year colleagues.

The police agency’s investigations found the attacker had joined five information-sharing groups on the internet, possibly collecting personal information relating to group members and selecting targets.


The administrator of one group’s mailing list – used to discuss drinking parties by colleagues who had joined their company at the same time – apparently endorsed the attacker’s application for group membership, without confirming his or her identity.

The perpetrator then obtained an e-mail address similar to an authentic member of the group and sent virus-infected messages to targets. The agency categorised the attack as a new kind of identity fraud cyberattack.

“It is a highly skilled method of focusing on a narrow range of targets, which makes it difficult to detect the damage inflicted,” a senior US National Police Agency official said.

Last year saw 492 cases of attacks where computer systems in businesses were infected with viruses after e-mails were sent to specific targets, resulting in information security breaches.

Among these were 37 incidents of a more sophisticated “correspondence”-style phishing attack, up from two in 2012.

In another case, an e-mail was initially sent to a company official tasked with firing new employees, saying the sender was looking for a job. Having reduced the probablility that subsequent e-mails would be treated with suspicion, the attacker sent a corrupted attachment as a CV.

The agency is building a framework to share information about cyberattacks with about 6 000 companies working with state-of-the-art technology in fields such as the space and nuclear industries. – The Washington Post