4 Recent Cyber Crimes Involving Spear Phishing and EmailsWritten by Paul Mah on April 11, 2011
Is email the root of all evil? Perhaps not, but spear phishing attacks and other computer crimes that revolve around email certainly appear regularly on the news these days. To underscore the importance of our fight against phishing and spam, I’ve highlighted some prominent cyber-crimes that revolve around the use of email today.
1. Operation Aurora
First disclosed at the beginning of 2010, Operation Aurora was the name given to a series of concerted cyber-attacks conducted against dozens of high profile organizations such as Google, Adobe Systems, Juniper Networks and Rackspace. Google, who was one of about 20 companies that it says were targeted, took the unusual step of admitting that it suffered intellectual property theft as a result.
According to security company McAfee, who obtained samples of the malware, the malicious code exploited a new (also known as a zero-day) security vulnerability in the Microsoft Internet Explorer browser to load malware onto the targeted computer. Victims were identified selected and sent specially crafted emails that look like they were coming from a trusted source. The exploitation takes place when an attached file or URL link is clicked, leading to the installation of malware with direct access to the corporate network.
2. RSA Network Breach
RSA was targeted by a cyber-attack which led to “certain information being extracted from RSA’s system,” says the security company just last month. In an open letter to its customers, Executive Chairman Art Coviello admitted that the information is related to the company’s vaunted SecurID two-factor authentication products, though the company declined to provide further information.
Well, the company broke part of its silence last week, and outlined the details of the attack in a detailed blog post. In summary, a new zero-day vulnerability in Flash was exploited by embedding a Flash file within an Excel XLS file. To entice employees to trigger the exploit, the file was named “2011 Recruitment plan.xls” and sent to selected employees over a two-day period. I observed that the spear phishing attempt targeted users that were not “particularly high profile or high value targets,” which I presume was a deliberate attempt to avoid users who are sufficiently tech-savvy to notice the threat, or have access to the real recruitment plan to recognize the dud for what it was.
3. HBGary Email Breach
Angered over claims in a press report that security firm HBGary Federal can identify individual members of the loosely knit global hacking group Anonymous, five hackers decided to break into the company in revenge. As reported by Forbes, the members defaced the company’s Web site, deleted data and posted more than 50,000 of its (now former) CEO’s emails online for all to see – all within the span of 24 hours.
Beyond the embarrassment and the fact that hidden among the thousands of email messages were correspondences damaging to the reputation of the company, what is perhaps more shocking was how the security company’s defenses was breached. In a nutshell, a systems administrator from HBGary was allegedly tricked – via email, into changing the password of a server and lifting firewall restrictions to allow a remote connection. Probably only more startling is the revelation that the person who played the pivotal role outlined above – and no doubt trashed a few careers along the way, was a 16-year-old girl.
4. Epsilon Data Breach
Epsilon Interactive is an Email Service Provider for hundreds of corporations, including well-known brands such as Best Buy, Disney and Home Shopping Network. As you will no doubt have read about by now, the company suffered a data breach on March 30. Not much is known about how hackers gained access into Epsilon’s system, other than that a “subset” of the customer data belong to its clients were exposed by an unauthorized entry into the company’s email system. According to the terse press release issued late last week, approximately 2 percent of total clients were affected.
Probably more worrying is the five financial institutions identified to be affected, which are JP Morgan Chase, Capitol One, CITI, U.S. Bank, Ameriprise Financial. For now, customers with accounts or business dealings with affected organizations should be triply careful over possible spear phishing attempts. They should check all email correspondences carefully and avoid clicking on suspicious URL links or opening attachments. Remember, no legitimate businesses will ask for personal or bank-related information over the email.
Do you know of any other recent high-profile cyber crimes? Feel free to highlight them in the comments section.