11 May 2011

Phishing becoming a problem for companies

The use of phishing emails to breach organizations is becoming more prevalent for cyber criminals, according to a recent report by Computerworld.

Phishing, considered a low-level threat, has breached the Oak Ridge National Laboratory and EMC’s RSA security division. The Oak Ridge security breach originated in a phishing email sent to approximately 570 employees. The email appeared as a memo regarding changes made by the human resources department, and once employees clicked on the link, malware was downloaded to their computers.

Cyber crime groups are using the method to target high-level executives by crafting personalized phishing emails. According to the report, information from social networking sites, such as Facebook and LinkedIn, make the attacks more difficult to detect.

"If you have 1,000 employees in your organization and you train them all on not opening untrusted attachments, you'll still have someone doing it,” said Anup Ghosh, the founder of an internet security company. “This is not a problem you can train yourself out of."

Financial malware is also becoming a favorite way for cyber criminals to target companies. According to Richard Moffitt, a consultant systems engineer for Trusteer, financial malware targets businesses of all sizes through banking procedures and online transactions.