Symantec - CEOs Becoming Victims of Spear Phishing Attacks

According to a warning released by the Internet security firm 'Symantec,' CEOs and other executives of grade-C are increasingly falling to advanced phishing attacks that pretend to deliver e-mails from government organizations.

Francis deSouza, SVP of Security Group at Symantec, explains that usually CEOs are too occupied to read such e-mails and therefore they forward them to CFOs who in turn forward them to others. This continues down the hierarchy till they land up with junior staff members who, feeling reassured that the e-mails are safe since they arrive via senior people, click on given web-links that are typically malicious, as reported by IT Business Edge on November 5, 2009.

Another reason why CEOs are being increasingly ensnared by phishing attacks is the global economic meltdown, which has resulted in increased incidences of IP thefts and corporate espionages as organizations struggle to capture market shares. In addition to professional phishers, business competitors too engage in phishing in efforts to turn the market in their own favor.

Moreover, phishing attacks that generally target senior officials of companies are called "Spear phishing." During April 2008, one such attack specifically targeted a huge 20,000 corporate executives in which the electronically sent mails accurately addressed the CEOs and other senior officials citing their own and organizations' names and phone numbers. Clearly, for those who followed the given web-links, their computers become infected with information-stealing malware.

According to deSouza, when employees transfer copied data without authorization is called "data spillage." This phenomenon also simplifies cyber criminals' tasks.

Citing one instance, deSouza stated that cyber criminals attacked an American government agency after they had managed to hack staff members' data, which was moved from HR to IT for conducting certain system tests. Criminals hack into corporate networks for finding what and where information is stored prior to assessing the trade-off among its illegal sale value and the extent of protection on it, said deSouza.

Disturbingly, phishing entails great losses to organizations, as deSouza says that the FBI's computation of different types of hacked company data values in the range of $600 Billion to $1 Trillion, as reported by SCMagazine on November 5, 2009.

Related article: Sentence for American Contractor for Sabotaging Government Navy Computers

» SPAMfighter News - 11/19/2009