The most advanced malware attacks now target individuals, rather than computer networks, delegates at the RSA Conference have heard.
Three of the most advanced malware attacks of the past year (Operation Aurora, Night Dragon and GhostNet) have been initiated by highly targeted attacks against individuals according to Uri Rivner, head of new technologies at RSA.
"Attackers traditionally attacked the network, they went for the infrastructure," he said.
"Now malware writers don't bother with the network, they go after the employee. After they find a specific employee for entry then they can search the network for someone with the access privileges they need."
Legitimate organisations were helping with this process he said, saying business social networking site LinkedIn as an increasingly common resource for these kind of attacks.
Rivner also warned of a potential threat from what he calls Zeusileaks. The Zeus trojan, estimated to be running on five million PCs, harvests all the data on an infected machine and dumps it in a server. With unlimited server space in China available for $15 per month he said, hackers were storing huge amounts of data and trying to find out ways to monetise it.
"WikiLeaks is nothing compared to ZeusiLeaks," he said.
An analysis of the last year's malware activity shows that incredible profits are being made. The team behind the NimKey Trojan used it to steal over $30m in a few months by hacking the European carbon trading system, in one case even phoning a bomb threat into a local office to empty it so the false trading wouldn't be noticed.
Malware designed to harvest online bank accounts is also getting smarter he said. RSA researchers had recently been found a variant of the Zeus Trojan that could not only empty a bank account but also hide the theft by giving false account balances and deleting records of its withdrawals. The code worked on major British and American banks he said, and on most browsers, but not Firefox.
Return to security news headlines
View Security News Archive