“The fact is that employees often use office computers to communicate on social networking sites, share links to online entertainment or download files from suspicious resources”, said Kirill Kruglov, Kaspersky Lab security expert, in a blog. “At the same time, cybercriminals are actively using social networking sites for phishing and the distribution of malware. Many personal blogs, entertainment sites, file sharing services, torrent trackers and files downloaded from them are infected. Passwords to email accounts are regularly hacked or stolen.”
He added that this is particularly concerning when it comes to targeted attacks, which, unlike wide-net threats aimed at mass audiences, are performed secretly, often using a non-standard approach.
“They are highly sophisticated and well organized,” Kruglov explained. “To achieve their goals the fraudsters use the most effective weapon to exploit any available software or social vulnerability.”
In 2009, more than 20 major software companies such as Google, Adobe, Juniper and Yahoo fell victim to Operation Aurora, which was a carefully executed targeted initiative. In a typical instance, perpetrators first set out to collect widely available information from social networks about a certain user, his/her interests, preferences and contacts. Then, they create an account, focusing on the interests of the victim and their personal data (the year and the place of birth, school, college). They went on to become "friends" with the people from the victim’s list of contacts, before getting in touch with the victim using an established "cover." From there, it was just a matter of time before the victim accessed the account from a workstation.
“When an account has been so thoroughly prepared it has every chance of getting potential victims to click on a suspect link,” Kruglov said. “If this fails, the scammer can try a more sophisticated trick, hacking the account of a user whom the victim fully trusts and sending links from there. This is often not difficult to do, especially if the victim’s trusted contacts include potentially vulnerable categories of user – elderly people, children or teenagers.”
And that link is likely to lead the victim to a site that contains a set of zero-day exploits that allow criminals to gain access to vulnerable computers.
Considering that standard anti-virus measures can’t protect against this type of attack, what’s the remedy? User education, Kruglov said.
“It’s clear that users play an important role in targeted attacks – they unwittingly allow scammers to attack the system”, he noted. “Unfortunately, there is currently no technology that can eliminate human error from corporate network security. However, reinforcing security policies with a few relevant technologies provides effective protection against targeted attacks by combating them at every stage – from the first attempt to exploit a vulnerability to attempts to compromise the network.”