Hackers Devise More-And-More Sophisticated Attacks

Stefan Tanase, Senior Security Researcher at Kaspersky Labs, during a lecture at the Security Analyst Summit of Kaspersky Labs in Cyprus said that cyber assaults based on social engineering tactics were mostly successful. The reason for their success is that phishing assaults operators employed online tricks that made their achievement rate better, as reported by SCMagazineUK on June 4, 2010.

The attendees of the conference asked whether phishing e-mails with specific languages were a problem, the researcher remarked that they represented an issue in the end-user transaction domain. According to him, since '419 scam' assaults tended to use phishing e-mails with specific languages, there were greater chances that recipients would open them.

Tanase is certain that the current phishing assaults are increasingly money driven rather than mischief.

He points out that online theft can happen in three ways. First, an attacker can steal data straight from the end-user. Such thefts happen for the end-user's credit card details, Internet banking accounts, electronic money and at times for blackmailing. Even people without money are attacked because their resources can greatly help for building botnets, launching Denial-of-Service assaults, dispatching spam, gathering passwords, executing pay-per-click frauds and so on, as reported by Itweb on June 7, 2010.

Hence, online-criminals look for sensitive data like third-party information, details of future products, production system credentials, source codes, customer data and e-mails of executives.

Here come in the personalized attacks. The researcher mentioned the recent exit of the Internet giant Google from the Chinese cyber-zone because the company had encountered an advanced attack that stole intellectual property. Interestingly, over seven days had passed between the publication of the security flaw and Microsoft's release of the patch, he indicated.

Apart from this, Tanase discussed an unusual occurrence too. At a bank, a cashier showed him the screen of his monitor and Tanase could see the AV program the bank employed. The implication is that if one can determine a security flaw, he can strike against the entire institution.

Lastly, Tanase said that unlike what people mostly thought, it wasn't all that difficult to acquire confidential, insider data.

Related article: Hackers Redirect Windows Live Search to Malicious Sites

» SPAMfighter News - 6/14/2010