There are different objectives behind malware and hacking attacks, and one of the primary reasons is obviously financial gain. The methods malicious hackers use to achieve financial gain have over time changed and evolved. In the past, this activity centered around acquiring credit card details or identities which would then be sold on the black market, but now malicious hackers are starting to eye far more lucrative opportunities.
The BBC carried a story on a study published by McAfee stating that malicious hackers are starting to realize that acquiring trade secrets and intellectual property from companies and selling them to their victim’s competitors is a highly lucrative venture.
How true this statement is! Just think about the information that is stored in a typical company’s IT infrastructure and the advantages such information could give to an unscrupulous competitor – source codes, strategy plans, legal documents such as patent filings, as well as various forms of research that organizations might have done. Some information can be very valuable to the attacker himself to further his agenda on acquiring this type of information. Data, such as partners’ information and contact details, can be an effective tool for an attacker to launch targeted and effective social engineering attacks.
Some companies will be very tempted to get their hands on their competitors’ strategy plans or legal documents, and they would be willing to pay good money in order to do so. Malicious hackers are not a company’s only concern either; where intellectual property is concerned, insider attacks are probably a higher risk than any external attack by a malicious hacker. McAfee’s views that these targeted attacks are on the rise are supported by recent events which McAfee’s report highlights as well.
Here are a couple of examples:
- Three employees were convicted of stealing Coca-Cola’s trade secrets.
- A Former Goldman Sachs programmer was recently convicted for taking his ex-employer company’s trading software when applying for a job with a competitor.
- The Stuxnet worm specifically targeted Industrial Infrastructure.
- Huang Kexue took his employer’s intellectual property to get government grants to start a competing business.
The list goes on and on.
The damage caused to companies is enormous. If the theft is undiscovered, the competitor will have an advantage that could potentially put the other victim company out of business or cause significant financial loss. If the theft is discovered but not prevented in time, a company might still end up with the same hefty losses and potentially long court battles. The only way out is to be able to stop the theft or discover it in a timely manner before any damage is done.
Having multiple layers of security can reduce the surface area for attacker to exploit. These can include minor controls such as proper user access control, disabling of unused services and other similar best practices. These basic security considerations will help and, since they can be implemented without the need for any additional software, they are generally not expensive to implement. In fact, in a lot of cases the cost of most security controls is that for the manpower required to implement them. Unfortunately some companies do not understand how vulnerable the corporate network is to such attacks because they don’t invest in the right network security tools and simply do without. Every company has information that is worth stealing, be it intellectual property or a customer list.
There is one lesson to be learnt: Security needs to be implemented before a disaster happens and not when it’s too late. Unfortunately, there are still companies that do not heed this basic advice.