The Steady Rise Of Targeted Trojan Attacks

Look before you click may be a good idea for a new IT security public awareness campaign. Consider the reports coming out of South Korea that North Korean spyware made it's way onto the computer of a S. Korean army Colonel. There's no reason why this can't happen to you.Here's the news from The Chosun IIbo:

A North Korean spyware e-mail was reportedly transmitted to the computer of a colonel at a field army command via China in early August. The e-mail contained a typical program designed automatically to steal stored files if the recipient opens it. It has not been confirmed whether military secrets were leaked as a result of the hacking attempt, but their scale could be devastating given that the recipient is in charge of the South Korean military's central nervous system -- Command, Control, Communication, Computer & Information (C4I).

Now, imagine if that happened to your company, only it's not military secrets, but corporate secrets, preannounced earnings reports, or the financial information of customers. It could happen, and it only requires a single employee clicking the wrong link, or inserting the wrong USB drive.

These types of attacks aren't anything new. In mid-2005, the U.K.'s Centre for the Protection of National Infrastructure (CPNI) warned that Trojan-horse attacks were targeting certain U.K. companies and government agencies.

This is from a SecurityFocus news story at the time:

"This week, security company Symantec sorted through low-volume e-mail threats submitted to its response team for analysis and found several that had targeted U.S. government agencies or had been submitted to Symantec from government sources in the United States. (Symantec is the parent company of SecurityFocus.)

"This appears to be a very specific virus writer targeting government agencies and, not as (other articles) suggested, targeting only U.K. government agencies," said Dave Cowings, senior business intelligence manager for Symantec."

More recently, InformationWeek covered a warning from the SANS Internet Storm Center explaining that executives were being targeted with phishing e-mails that used fake subpoenas as bait. Click on the link and you're sent to a Web site crafted to push a Trojan to the system of the victim:

"The SANS Internet Storm Center on Monday warned that CEOs of some companies are being targeted with a phishing attack involving fake federal subpoenas sent via e-mail.

"We've gotten a few reports that some CEOs have received what purports to be a federal subpoena via e-mail ordering their testimony in a case," said John Bambenek, a security researcher at the University of Illinois at Urbana-Champaign and Internet Storm Center handler, in an online post. "It then asks them to click a link and download the case history and associated information. One problem: It's totally bogus.""

These types of targeted attacks are, when it comes to security, the new black. Gone, for the most part, are the days of high-impact worms. It's about getting a foothold into your organization, and that can be done via a phishing attack, or from a bogus e-mail that looks to come from someone you know, to a fake profile on a social networking or microblogging site designed to do nothing more than infiltrate a targeted company, agency, or person of interest.

One of the best defenses against these types of attacks isn't anti-malware, content filtering, or IDS -- it's a workforce made aware of the dangers.

How do you fight targeted attacks aimed at your company? Let me know. And consider following my security (and other) observations throughout the day on Twitter.