Innovation is the name of the game in IT, but the same holds true in the seedy world of cyber crime, where hackers are always changing their strategies and finding new ways to use old malware. Let's look at two new ways hackers are using Trojans to steal data from businesses:
- Attacks on SaaS users.
- Email attacks to steal business IP.
Cloud Security Weakness: Hackers Target SaaS Data Before It Gets to Cloud
ThreatPost reports that Dyreza, a Trojan attack that typically targets banking sites, has been modified to attack the SaaS powerhouse Salesforce.com. This new attack is notable because…
- As more IT shifts to the cloud, hackers have begun to target SaaS companies.
- Hackers trick users into downloading this malware by using phishing email campaigns.
- This "Man in the Middle" attack steals data before it is encrypted, making Salesforce's security features useless.
How is Dyreza able to steal data? The malware latches on to a user's browser and steals data before SSL can encrypt it. Then it passes the data through to Salesforce's servers as if nothing had happened.
The myth of the cloud says everything is safe because it happens in a remote hyper-secure digital environment. But that's not true. Often, users still have to send data through their browsers, which means hackers can attack before a secure connection is made between a company's computer and the SaaS server.
Trojan Attack at Oil and Gas Company Steals Business IP
Security Intelligence reports on a massive spread of Trojan malware that has infected a number of oil and gas companies in the Middle East. This attack used a version of Citadel to steal employee email credentials.
Once the malware had these credentials, it sent phishing emails to other employees and it burrowed deeper into the company's email to gain access to business IP and proprietary information.
IBM researchers first discovered these targeted attacks, which are notable because they are the first time this particular strand of malware has targeted a non-financial institution.
New Attacks Should Change the Way You Think about Data Security
When most people think of data breaches, they think of stolen credit card information. Those are the stories that get the most press. But as these two new Trojan attacks demonstrate, hackers are expanding their reach. Proprietary business data, IP, and financial records are all prime targets for hackers. A variety of stolen data can be traded on the black market and flipped for quick cash.
Here are some questions to consider when examining these attacks:
- What does this mean for IT consultants? You need to make sure your clients aren't lulled into a false sense of security regarding their IT. SaaS hacks and new sophisticated Trojan attacks have found ways of sneaking inside a company's security and harvesting data.
- What do these attacks have in common? They attack a company's weakest link: the user. Both attacks used phishing campaigns, which tricked users into clicking on a malicious link. From there, the malware infected more computers and made its way deeper into the organization.
As we reported in "Re: Your Recent Spear Phishing Attack," cyber criminals have increased the amount of spear phishing campaigns that specifically target small businesses – from 11 percent in 2011 to 30 percent in 2013. As these user-targeted attacks increase, it becomes more pressing that the average user knows how to use their device securely. Emphasize this point to your clients and get them to increase their company's security expectations and education.
