All the latest UK technology news, reviews and analysis
|
|
|
17 Feb 2011
The most advanced malware attacks now target individuals, rather than computer networks, delegates at the 2011 RSA Conference have heard.
Three of the most advanced malware attacks of the past year - Operation Aurora, Night Dragon and GhostNet - were initiated by highly targeted attacks against individuals, according to Uri Rivner, head of new technologies at RSA.
"Attackers traditionally attacked the network. They went for the infrastructure. Now malware writers don't bother with the network, they go after the employee," he said.
"After they find a specific employee for entry, they can search the network for someone with the access privileges they need."
Legitimate organisations are helping with this process, Rivner said, claiming that business social networking site LinkedIn is an increasingly common resource for these kind of attacks.
Rivner also warned of a potential threat from what he calls 'ZeusiLeaks'. The Zeus Trojan, estimated to have infected five million PCs, harvests all the data on an infected machine and dumps it in a server.
With unlimited server space in China available for $15 (£9.25) a month, Rivner explained that hackers are storing huge amounts of data and trying to find ways to monetise it. "WikiLeaks is nothing compared to ZeusiLeaks," he said.
An analysis of malware activity over the past 12 months shows that incredible profits are being made.
The team behind the NimKey Trojan, for example, stole over $30m (£18.5m) in a few months by hacking into the European carbon trading system, in one case even phoning a bomb threat into a local office to empty it so that the false trading would not be noticed.
Malware designed to harvest money from online bank accounts is also getting smarter, Rivner warned.
RSA researchers recently found a variant of Zeus that can empty a bank account and hide the theft by modifying account balances and deleting records of the withdrawals.
The malware code worked on major British and US online banks, Rivner said, and on most browsers, but not Firefox.
Latest stories from Security
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
V3 examines the key strengths and weaknesses of Samsung's latest iPhone killer
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
Java Deveoper/Programmer/Software Engineer, Algo Trading...
Austin Fraser has the pleasure of appointing a number...
Austin Fraser has the pleasure of appointing a Java Developer...
Austin Fraser has the pleasure of appointing a Senior...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?