The Rise Of The Customised Security Attack
by Mark Sunner - CTO at MessageLabs - Monday, 7 March 2005.
The email security landscape is constantly changing, and one of the biggest shifts during the past twelve months has been the dominance of convergence Ė the practice of combining virus, spam and other attack methods. The motivation behind this technique is undoubtedly financial, with virus writers and spammers collaborating in order to increase the loot.

As criminals operating online have begun to realise the potential commercial value of Internet-related crimes, so they have started to investigate other ways of using malware to line their pockets.

In the not too distant past few people would have known what a phishing scam was. Yet the practice of targeting an online organisation and its customers with the hope of collecting details of accounts that could then be abused has become familiar to many.

In September 2003, only 279 of the tens of millions of emails scanned by MessageLabs every day were phishing-related. By September 2004 this number had risen to over two million, and during the whole of 2004 over 18 million emails were intercepted. There is a simple explanation for the rise in phishing Ė it works.

During the short time phishing has been on the scene the perpetrators have developed and honed their techniques effectively. Recent phishing emails have reduced the need for human error by capturing online details automatically, for example. There is also evidence that phishers have tried to dupe unsuspecting users into becoming middlemen for money laundering operations.

What makes phishing different to many virus and spam operations is that it is in some way customised to the victim. Typically, there is no specific target for a virus outbreak or spam run Ė those behind it simply want to reach as many people and their machines as possible. Phishing emails may be spammed out to many random recipients, but the target is usually one company and its customers. The email will probably have been designed to look as though it could have come from that organisation, and the company will probably have been selected on account of its brand, and the fact that it has a high number of consumer customers, amongst other factors.

This move to a more tailored approach, signalled by the advent of phishing, is beginning to show itself in other online scams and operations. Last year, in the run up to major sporting events such as the Cheltenham Gold Cup and European Championships online betting sites were threatened with denial of service attacks if they didnít pay the blackmailers. These gaming companies were selected because of their reliance on ecommerce, and according to periods of peak business. Obviously, in these instances, the primary threat is to revenue and profits, although other impacts include possible damage to the brand and consumption of internal technical resources.

Another example is the company threatened with having child pornography sent out in the their name, and once again the perpetrators demanded money in order to suspend the attack. Although the golden rule is not to give in to a blackmailers demands, the possibility of something as sensitive as child pornography being released into the public domain apparently from your organisation is a threat that has to be taken seriously and be handled appropriately.

Given the examples above it is not too hard to imagine what could potentially be achieved by using malicious code in the execution of crime. Blackmail, extortion and protection are just a few of the options. Every organisation has its weaknesses, and most now rely upon the Internet and email in some way. Even the least sophisticated cybercriminal could probably think of way to compromise most businesses.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Feb 9th