Computerworld - My company deals with large electronic financial transactions on a regular basis, and I worry that this makes us the perfect target for a focused attack on our networks. This issue had been a theoretical one for me, however, until last week.
We do receive a great many attacks, but we aren't being singled out: Many other companies are being targeted at the same time. This leads me to conclude that either the attackers are taking the approach of targeting as many companies as possible with the same assaults and seeing which ones work, or there is so much noise in our monitoring logs that any targeted attacks are lost amid the chaos.
I have been reassured by how widespread the attacks have been. They show that we don't need to be totally secure -- just more secure than most companies. This goal is a lot cheaper and easier to achieve than perfect security, but it's only safe if no one is targeting us. If we are the target of a focused attack, hackers will keep coming back with new approaches until they find one that works.
Fairy Tale Attack
We have outsourced our e-mail monitoring to New York-based Messagelabs Inc., which offers us a guarantee that no malicious code will get past its defenses. To back up that claim, it's admirably paranoid. The company's statistics show that about one in 270 of our e-mails contains a virus. Last week, we saw a surge of suspicious e-mails. Normally, this signals a big virus outbreak, but there was no mention of this on any of the antivirus Web sites. The malicious code Messagelabs stopped was simply characterized as "Possible new Trojan software detected."
Whoever was sending these e-mails was using a "Rumpelstiltskin attack." In this type of attack, which gets its name from the fairy tale about a queen who must turn her first-born child over to Rumpelstiltskin unless she can guess his name, the attacker tries to guess e-mail address names by taking a list of common names, combining them with possible first and last initials and sending them to an e-mail server.
I wasn't too worried about the general attack, but in the middle of all those attempts, the attacker had sprinkled in real e-mail addresses of staff members. It was clear that this attacker had a list of about 200 of our employees' e-mail account names. Perhaps someone internal had leaked the list?
The address list was clearly an old one, because many of the people on it
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
