- Securing SSLVPN with client certificates
- Toshiba propels DVD quality to near HD
- 16 hot roles for IT pros
- Torvalds: Fed up with the 'security circus'
- The dos and don'ts of IT job seeking
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Two groups of criminals have stolen data from an estimated 15,000 victims over the past 15 months, using targeted "spear-phishing" e-mail attacks (Compare Messaging Security products), according to researchers at VeriSign.
VeriSign has tracked 66 of these attacks since February 2007 and believes that two shadowy crime groups are behind 95% of the incidents.
Unlike traditional phishing attacks, which are sent to millions in hopes of luring some victims to fake Web sites, spear-phishing e-mails contain personal information, such as the name of the victim or his employer's name to make them appear legitimate. In the attacks tracked by VeriSign, victims are tricked into visiting malicious Web sites or opening malicious attachments, which then give attackers a back door onto their PCs so they can steal information.
After tinkering with their attack techniques in the first few months of 2007, the spear-phishers appear to be stepping up their campaigns.
Attacks have spiked over the past two months, said Matthew Richard, director of VeriSign's iDefense Rapid Response Team. "The bad guys have really fine-tuned both the delivery methods... as well as their use of the data," he said. "All the e-mails target businesses in some form or another. "
In April, they launched their most successful spear-phish to date. A targeted e-mailing was sent to corporate executives, informing them that they had been sued. This attack worked well because it was novel, Richard said. "The subpoena one really took people off guard," he said. "Especially at the executive level. That fear of litigation certainly scared people."
In May, over 2,000 victims were compromised with spear-phish e-mails claiming to come from the U.S. Internal Revenue Service, the United States Tax Court, and the Better Business Bureau, according to VeriSign.
VeriSign does not expect the spear-phishers to give up anytime soon."Now that they have developed this well-tuned system, they will just keep doing it over and over again" Richard said (Compare Patch and Vulnerability Management products).
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comments (1)
It is weird..By tuomoks on June 9, 2008, 12:01 am"Normal" people but executives? Maybe I know wrong kind of executives but (anytime) when they get mail, e-mail, whatever which has any legal, contractual, etc problems,...
Reply | Read entire comment
View all comments