Cyberattacks Targeting Specific Individuals, Security Experts Say
ORLANDO -- Cyberattacks are increasingly being directed at specific individuals, security experts said at the CompTel convention on Tuesday. Individuals with specific access rights -- such as network operation center technicians with privileges to configure the network -- “are probably our most active target,” said Level 3 Chief Technology Officer Jack Waters. “They don’t attack our salespeople, they attack our technical folks.”
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
In the financial sector, the latest botnet threats will target the financial officer, said FBI Special Agent Todd Renner. By installing malware on the computer of someone responsible for payroll, hackers can get access to that person’s credentials and then generate an Automated Clearing House file that diverts a company’s finances, he said. The botnets will then make denial of service attacks on the company’s financial officer, as well as at the bank. While everyone is trying to deal with the DoS attacks, no one is “realizing that some large sum of money is being fraudulently transferred,” Renner said. “It’s very effective. I've seen them take out millions of dollars out of payroll.”
People are still falling for the Nigerian email scam on a daily basis, Renner said. But the FBI is less concerned with the “criminal element” than with state-sponsored intrusions and the potential for cyberterrorism, he said. State-sponsored attacks are the hardest to catch, he said. In China, there are rooms of people working day and night to penetrate American systems. Even if the FBI can trace an attack via its Internet Protocol address to a building in China, authorities there are “not going to care if the FBI comes knocking on their door,” Renner said. International toll fraud is a particularly hot crime right now, he said. “Small mom and pop companies are getting hit pretty hard with this.”
Cyberterrorists haven’t been able to conduct electronic terror attacks with any sort of success, Renner said. When they do, it will raise some interesting diplomatic issues, he said. Is electronically disabling a country’s power plants equivalent to an act of war? he asked.
The biggest intellectual property breaches are committed by employees who know they're about to be let go from a company, said Lou Archibold, a senior consultant on Verizon’s RISK (Research. Investigations. Solutions. Knowledge) team. If a reduction in force is on its way and people know about it, “you need to watch to see if they're plugging in USBs,” he said.