Hackers Target Employees Handling Proprietary Data

According to security researchers, hackers targeted friends of staff members at Adobe, Google and other firms via several cyber attacks discovered recently. This has raised privacy concerns and demonstrated the extreme sophistication of attacks, said the researchers.

The most important finding is that those workers were selected who had an access to database of proprietary. Subsequently, the attackers found the addresses of the employees' friends. The security researchers also state that the attack's process involved hijacking the friends' social-networking accounts first and then sending messages containing web-links, which served spyware. As they appear to have come from known people, the messages increased the possibility that victims would follow the malevolent web-links.

Consequently, the attack worked very smoothly without detection. However, two serious points about the attack become evident. One - it was designed scrupulously. Two - it involved spying on individuals, suggesting that the attack was probably government-sponsored.

George Kurtz, Chief Technology Officer, McAfee, states that the incident indicate to a point that the hackers are doing an immense amount of direct research to determine who all have access to confidential information and how they can be reached, as reported by ComputerWeekly on January 26, 2010.

According to Kurtz, the hackers also utilized a popular application of Instant Messaging so that victims were encouraged to click on the malicious web-links.

Moreover, the security analysts examining the attack stated that other advanced tactics were also used, making it very hard to stop the hackers.

Furthermore, privacy and security counselors largely state that the attack, which Google disclosed, should prove as a sufficient indication to businesses that they need to act. It also substantiates that organizations are endangered of sophisticated and pervasive espionage attempts.

The attack demonstrates that majority of commercial security programs don't work effectively. Companies are facing a challenge of not only preventing online assaults, but also tackling them after their launch.

Thus, the security experts recommend that organizations should engage those people in their companies who are properly skilled and have the knowledge of system vulnerabilities as well as attack methods. Targeted counter-spying and reverse engineering can primarily help in fighting back data theft, they suggest.

Related article: Hackers Redirect Windows Live Search to Malicious Sites

» SPAMfighter News - 2/4/2010