Reputation Attacks: A Little Known Internet Threat
by Inaki Urzay - CTO of Panda Security - Monday, 18 August 2008.
CastleCops accepts donations via PayPal. Attackers took advantage of this to begin a campaign aimed at discrediting CastleCops. They stole PayPal usersí passwords using Trojans and phishing techniques, and made several donations to CastleCops. When users realized someone had sent their money to CastleCops, they blamed CastleCops for the fraud. Consequently, CastleCops was forced to return all the money, and invest in resources to manage all the complaints and requests. CastleCopsí reputation was undoubtedly damaged.

Malware-based attacks

Most of the methods described above are essentially malware-based. For example, botnets are used to carry out distributed denial of service attacks and to launch spam that contains false information to ruin companiesí images. Most defacements also use automated attack tools. In the case of Google, malware is also used to automate the insertion of links and spam on 2.0 websites that allow users to add content. In the case of CastleCops, Trojans were used to steal PayPal usersí credentials.

There are numerous scenarios in which viruses, Trojans and other malware-types can damage a companyís reputation. In 2004, even Google was affected by the MyDoom worm which disabled many of its servers for several hours. Worse still, the search engine underwent the attack hours before being floated on the stock market. Other search engines such as Altavista, Yahoo! and Lycos were also affected by the worm.

Phishing techniques, which are still as popular as ever, can also damage companies. These attacks are critical for banks, since they cause financial losses and strike fear in users. In the same way, specially-crafted Trojans (mainly banker Trojans) have become one of the worst Internet threats. The main danger lies in the fact they are designed to specifically affect certain entities, and in many cases, operate totally invisibly and when users access their online bank, their access credentials are sent to hackers. In 2006, Trojans accounted for 53 percent of all new malware created, and 20 percent of these were banker Trojans. During 2007, there have already been over 40 percent more attacks than in the whole of 2006.


What's the real cost of a security breach?

The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 11th