Criminal organizations focus attacks

Organized crime is now able to target individual enterprises and to exploit weaknesses in any partner, Web site or application, well-known or obscure. Criminals are exploiting the dispersed nature of today’s supply chains — as well as social media and other online applications that may be able to traverse the enterprise firewall unscanned — in order to target enterprises in a more granular manner than ever before. The news comes as even the most sophisticated of users are deemed vulnerable to the latest attack methods. InternetNews.com reported earlier this year that attackers are snaring even knowledgable victims by using legitimate Web sites and well-known social media.

Enterprises should be aware that these sophisticated attacks can be aimed at one business at a time. Paul Wood, senior analyst at Symantec’s hosted e-mail security provider Messagelabs, said that criminals conduct reconnaissance before launching targeted attacks at specific businesses. “Some attacks rely on information about ourselves that we put on the Internet,” he said. Criminals are looking for information as basic as what applications are used by their target, but the more they know about the target, the more weaknesses they can find.

For example, criminals might use knowledge of the supply chain to their advantage. “They target a weak link the supply chain. Perhaps a multinational is well defended but one of its suppliers is not well defended. We have seen things like that attempted,” Wood said.