Social Media Tools Used to Target Corporate Secrets

Not long after airstrikes began in Libya, attorneys at four U.S. law firms received a personally addressed e-mail message that carried an Adobe PDF attachment. The attachment was supposedly from an analyst describing the impact of Libya's uprising on oil futures. Each lawyer clicked on the attachment. Unfortunately, the PDF was actually pre-set to deliver a quick-acting "computer intrusion," and within seconds, the PC of each attorney who clicked on the attachment began sending a silent beacon to a command server controlled by the intruders.

"We're seeing criminal gangs using these tactics against commercial enterprises simply because they work so well," says Chris Day, chief security architect at data security firm Terremark, who watched the attack unfold, according to a USA Today report by Byron Acohido.

More often these days, "spear-phishing attacks" such as this use social-media tools to meticulously enter corporate networks. These cybercriminals tap into search engines and social networks to target specific employees for social-engineering trickery. "It's become very common for advanced groups to be in systems for a year or longer without being detected," said Kim Peretti, forensics director at PricewaterhouseCoopers, as quoted in the USA Today report.

It seems that cyber criminals are mostly after intellectual property, which is considered twice as valuable as day-to-day financial and customer data because stolen trade secrets can be converted into cash, according to Forrester Research.

Threat-detection company Mandiant investigates 30 to 40 persistent intrusions in organizations around the world every month. Many of these attacks began with the criminals doing reconnaissance on Google, Facebook, LinkedIn, Twitter and other popular Internet services. Potential phishing scams include, according to the report:

A spear-phishing lure designed to entice a specific employee to click on a viral attachment or Web page link, using information gleaned during the reconnaissance phase to make the attachment or link seem trustworthy.

A phishing scam linked to Google Alerts. Google's free service will e-mail a Web link to the executive every time the search engine indexes a Web page containing a fresh news article mentioning the executive. An "injected" infection that redirects the alert kicks in once it's opened.

For more information about phishing scams and social media attacks, read the full article: