That's not to say corporate spying isn't one goal of such activities -- only that it's most likely instigated by a third-party rather than by a direct competitor, Sargeant says. "If you managed to get specific information on, say, Nikon, you might try to market it to some corporate rival -- you might say 'Canon could be interested.' But I don't see it starting within companies."
F-Secure's Hyppönen isn't so sure. He says the malefactors could be organized criminals, corporate spies or some combination of the two. Most of the attacks F-Secure has handled have been clustered in similar industries, and the target information has been more corporate than personal.
"We don't really know if this is outsourced or espionage. Most of the [affected] companies all work within the same industry area," Hyppönen says, though he declines to specify which industries in Europe have been affected. Some government organizations, including parliament personnel in some countries, have also been targeted, he adds.
Tracking the cybercriminals back to their digital lairs is difficult. They typically route harvested data through a series of "DNS bouncers," which send it from server to server across international borders to obfuscate the final destination.
"Initially, it looks like the information is going to China, so the first thought is, 'It must be the Chinese,' but it's not that easy. If you're about to do corporate espionage, it's probably a pretty smart thing to point people at China," Hyppönen notes.
How to Fight Back
The phenomenon of bad guys targeting top dogs inside the corporate firewall is growing for three reasons, observers say:
- Executives are reading their own e-mails and using their own PC applications rather than leaving those tasks to an administrative assistant.
- They're traveling more with itty-bitty (and less-secure) digital devices in tow.
- Like everyone else, they're exploring the power of social networks, inadvertently exposing details along the way that could make them targets of criminals.
How to fight back?
Bolster office security. First and foremost, it's up to IT to bolster security for the boss, both in the office and when he wants to work from home, by making sure anti-malware software and services are up to date at the desktop, server and network levels.
The most basic security practices, including frequently changing passwords, must be strictly enforced as well, and it's imperative that any security holes in Word, Excel or Acrobat are plugged well and quickly. And IT should especially ensure that the operating systems on handheld devices -- typically beyond the scope of desktop antivirus programs -- are always up to date as well.
Get the word out. IT managers should instruct top execs to notify the appropriate person immediately if they click on a Word, Excel or PDF document received via e-mail and the application appears to launch but then shuts down and relaunches. That happens as a Trojan attempts to cloak itself behind the real application, Hyppönen explains.