A deluge of precisely targeted spam designed to harvest intellectual property from companies worldwide was launched on 26 June, security experts have revealed.
More than 500 emails were intercepted in a few hours by MessageLabs, a security firm which filters email for around six million inboxes. The company would normally intercept an average of just 10 targeted email attacks a day.
The emails were addressed to named senior executives, including their job titles, in companies which own high-value intellectual property.
In some cases, emails were even sent to named executives' spouses or dependents in an attempt to compromise home computers.
"This is an attack in an entirely different league to generic virus or spam threats," said Mark Sunner, chief security analyst at MessageLabs.
The emails had an attached Microsoft Word document containing embedded executable code.
When opened, the executable would activate a Trojan component to compromise the victim's computer, enabling a remote party to download information.
Of the 500 emails intercepted by MessageLabs, 11 percent of the intended recipients were chief executives. Chief information officers accounted for seven per cent and chief financial officers six percent.
But the largest number, 29 percent, was aimed at chief investment officers, a role which would handle commercially sensitive information that could affect share prices, such as details of mergers and acquisitions.
This bias has led some security experts to speculate that the attack was related to stock market pump-and-dump spam activity which showed a considerable spike at the same time.
Targeted email attacks have historically been launched against individuals in governments or very large organisations in government-related businesses, such as defence.
But last week's email 'smart bomb' was aimed at a wider audience, including smaller companies in the pharmaceutical and aerospace industries.
This could be an attempt by criminal gangs to obtain intellectual property which they can sell to competitors.
But another theory is that the attack was a deliberate attempt, possibly by a country, to steal intellectual property as a short-cut for boosting home-grown businesses, or simply an attempt to destabilise unpopular regimes in developed nations.
Earlier this year, the Russian Federation was suspected of using botnets assembled by criminal gangs to launch cyber-attacks on Estonia.
Whereas the Estonia attacks were huge denial-of-service blitzes designed to knock over web servers by sheer brute force, targeted email attacks can elude detection by conventional antivirus software and spam filters because conventional software is built to detect known malware code.
If the malware code is hand-crafted the security software will not perceive it as a threat, nor will it be economically viable for security firms to issue patches for such one-off threats.
The tools with which targeted email attacks can be launched are now easily obtainable, according to Sunner.
A bespoke Trojan can be bought for $200 and upgraded for a further $50 if it fails to get through security software. A payment of US$2,000 buys the equivalent of 'technical support' from one of the Trojan writers.
Personal details can be gleaned from social and business networking sites such as Facebook and Linked In which contain details of executives' job titles, the scope of their job function, previous careers and even family information.
Precision email attack targets senior execs
By Andrew Charlesworth on Jul 3, 2007 4:13PM