Given the examples above it is not too hard to imagine what could potentially be achieved by using malicious code in the execution of crime. Blackmail, extortion and protection are just a few of the options. Every organisation has its weaknesses, and most now rely upon the Internet and email in some way. Even the least sophisticated cybercriminal could probably think of way to compromise most businesses.
What about the malware itself? Are the perpetrators using common methods of creating the tools used in these attacks, or is something more sinister going on? To date, most of the viruses, Trojans and worms have been of the same ilk as you’d expect to be used in a random attack. But there is evidence to suggest that this is changing, and there have been some instances of Trojans constructed with a particular organisation in mind. By investigating the defences of a company, it is possible to design a piece of malicious code with the express purpose of circumventing them.
Consider the following scenario. It wouldn’t be too difficult to find out which anti-virus software product a company is using and how efficient that vendor is at issuing signatures for new viruses. All that is then needed are the names of users working in department most likely to have access to sensitive information, perhaps the financial team. It is possible to create a virus designed to search for documents with particular filenames, such as ‘sensitive’ or ‘confidential’, and email these documents to a designated account.
If this is the first time the virus has been seen, a company using reactive software probably won’t be alerted. By the time the infection is discovered, it will take another few hours to issue a patch. But the damage has already been done, and your highly sensitive information and intelligence has already exited the building.
It isn’t possible to say for certain which organisations are more likely to be targeted with these types of attacks. In reality, any business is a potential victim. However, those with a strong online presence or heavy reliance on ecommerce are most likely to be at risk. Anyone with a high profile brand should also seriously consider this type of threat – it takes years to build a brand but only minutes to destroy it.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.