Spear-phishing attacks have hooked 15,000, says Verisign
Two groups of criminals have stolen data from an estimated 15,000 victims over
the past 15 months, using targeted "spear-phishing" e-mail attacks,
according to researchers at Verisign.
Verisign has tracked 66 of these attacks since February 2007 and believes that
two shadowy crime groups are behind 95 percent of the incidents.
Unlike traditional phishing attacks, which are sent to millions in hopes of
luring some victims to fake Web sites, spear-phishing emails contain personal
information, such as the name of the victim or his employer's name to make them
appear legitimate. In the attacks tracked by Verisign, victims are tricked into
visiting malicious Web sites or opening malicious attachments, which then give
attackers a back door onto their PCs so they can steal information.
After tinkering with their attack techniques in the first few months of 2007,
the spear-phishers appear to be stepping up their campaigns.
Attacks have spiked over the past two months, said Matthew Richard, director
of Verisign's iDefense Rapid Response Team. "The bad guys have really fine-tuned
both the delivery methods... as well as their use of the data," he said.
"All the e-mails target businesses in some form or another. "
In April, they launched their most successful spear-phish to date. A targeted
e-mailing was sent to corporate executives, informing them that they had been
sued. This attack worked well because it was novel, Richard said. "The
subpoena one really took people off guard," he said. "Especially at
the executive level. That fear of litigation certainly scared people."
In May, over 2,000 victims were compromised with spear-phish e-mails claiming
to come from the U.S. Internal Revenue Service, the United States Tax Court,
and the Better Business Bureau, according to Verisign.
Verisign does not expect the spear-phishers to give up anytime soon."Now
that they have developed this well-tuned system, they will just keep doing it
over and over again" Richard said.
IDG News Service
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
