The most advanced malware attacks now target individuals, rather than computer networks, delegates at the 2011 RSA Conference have heard.
Three of the most advanced malware attacks of the past year - Operation Aurora, Night Dragon and GhostNet - were initiated by highly targeted attacks against individuals, according to Uri Rivner, head of new technologies at RSA.
"Attackers traditionally attacked the network. They went for the infrastructure. Now malware writers don't bother with the network, they go after the employee," he said.
"After they find a specific employee for entry, they can search the network for someone with the access privileges they need."
Legitimate organisations are helping with this process, Rivner said, claiming that business social networking site LinkedIn is an increasingly common resource for these kind of attacks.
Rivner also warned of a potential threat from what he calls 'ZeusiLeaks'. The Zeus Trojan, estimated to have infected five million PCs, harvests all the data on an infected machine and dumps it in a server.
With unlimited server space in China available for $15 (£9.25) a month, Rivner explained that hackers are storing huge amounts of data and trying to find ways to monetise it. "WikiLeaks is nothing compared to ZeusiLeaks," he said.
An analysis of malware activity over the past 12 months shows that incredible profits are being made.
The team behind the NimKey Trojan, for example, stole over $30m (£18.5m) in a few months by hacking into the European carbon trading system, in one case even phoning a bomb threat into a local office to empty it so that the false trading would not be noticed.
Malware designed to harvest money from online bank accounts is also getting smarter, Rivner warned.
RSA researchers recently found a variant of Zeus that can empty a bank account and hide the theft by modifying account balances and deleting records of the withdrawals.
The malware code worked on major British and US online banks, Rivner said, and on most browsers, but not Firefox.
The best Black Friday tech bargains out there
Russell Group slammed for misusing student data in donation campaigns
Linus Torvalds is unhappy with current approaches to Linux security
Bug prevents ASLR from randomising location of important data