The growth of social media sites is enabling businesses to engage customers and extend their reach online, and yet the wealth of information available gives hackers the opportunity to create ever more intelligent and more effective attacks. Popular social networking sites such as Facebook, LinkedIn and Twitter are being used by hackers to identify the targets with access to the most valuable information, such as a person working on a merger and acquisition in the energy sector, a clinical trial in biotech, or multi-million dollar real estate transactions.
Once a target person involved in the deal or transaction is identified, the hacker learns everything they can about that person to determine a strategy that will successfully infect the target’s computer. Their goal is to insert malware that will steal passwords and gain further access to information across internal networks – often going undetected for months. Hackers often apply their research to impersonate someone that the target knows and then contact the target via e-mail, fooling the target with a personalized message that appears authentic, and infects that person with malware.
Most recently USA Today reported that a group of hackers exploited the fact that many high profile executives have automated Google alerts for their own names. When such a target is identified, hackers inject corrupted malware files within a website to be picked up by Google for the alert notification. The executive then receives a genuine Google Alert in their inbox, and when the person clicks the Google alert link, the malware file is loaded and the target becomes infected.
These latest strategies have been highly successful, fooling four US law firms, four Canadian law firms , dozens of US energy companies, and even the security firm RSA.
The nature of these sophisticated and personalized attacks make it difficult for even the most advanced tools to detect the malware within traditional computer networks. Organizations that require high security are now reengineering their networks in a way that limits the ability of hackers to infect users, and restricts the ability of an infected computer to spread the infection or access sensitive information. The United States Department of Defense has identified a framework that stores files in an infrastructure that is highly secure, and maintains easy access for authorized users. Their reengineering is a key part of their Information Enterprise Strategic Plan, and they have explained the concept of their plans under the popular label of cloud computing.
“You can put your defenses around the cloud in a way they can’t put around individual computers. You’re less dependent on individual users to protect their own hardware and are less vulnerable to [malware].” – William Lynn, US Deputy Sec. of Defense on Charlie Rose .
By storing files in ‘the cloud’, administrators can create a single secure online portal for collaborating on document. Also referred to as a ‘data room’, such secure environments allow authorized end-users to view, upload, and change documents, but they are not able to run programs on the server – making malware based attacks impossible.
For organizations that don’t have the resources to move all their files into a data room, a hybrid security strategy can be applied in tiers that protects the most vulnerable and valuable documents with the highest level of security. Many firms are choosing to use a secure data room to store the most valuable files that they want to share, and are applying ongoing malware detection techniques to the more traditional and more vulnerable network of users and servers.
To learn more about how to protect your organization against e-mail phishing attacks see our post on “five ways your firm can avoid malware threats”.