Tech Shout!

The burgeoning amount of cyber attacks are targeting certain individuals at government agencies and corporations — luring them into accidentally open a corrupted Word, Excel or PowerPoint file sent as an e-mail attachment.

Clicking on the file surrenders control of the PC without the user’s knowledge. Next, the attacker uses the compromised PC as a base from which to travel the organization’s internal network.

Federal agencies and defense and nuclear contractors are under assault. Security firm MessageLabs maintained that it has been cutting off a series of attacks from PCs in Taiwan and China since November.

Other traits of these attacks include that they are typically timed to arrive during the busy workday and rarely over a weekend and most commonly target these five industry sectors: electronics, aviation, public sector, retail and communications.

“The bad guys know which organizations have data worth stealing and are picking them out one by one,” said Alex Shipp, Senior Anti-Virus Technologist, MessageLabs. “These targeted attacks are highly difficult to detect as the large majority consist of a single email to one individual, which means they never have anti-virus signatures created by traditional anti-virus software. However, if you happen to be that one company targeted the impact could be devastating. A proactive anti-virus defense, such as MessageLabs Skeptic technology is essential along with employee education and vigilance since many of these attacks are highly personalized.”

In early 2006, security experts detected one or two such attacks a week. In March 2007, MessageLabs intercepted 716 e-mails carrying corrupted Office files aimed at 216 different agencies and companies.

Assaults are coming from China and perhaps other countries in the hunt for military, trade and infrastructure intelligence, says Alan Paller, research director at The SANS Institute, a security think tank. The goal: strategic advantage over the USA. “The attacks are working,” says Paller. “Penetrations are deep and broad.”

Some attacks could be “on-demand,” at the request of companies that hire cybergangs to pilfer data from rivals, says Righard Zwienenberg, chief researcher at Norman Data Defense Systems.

At a congressional hearing last week on cyber security, Donald Reid, a senior State Department official, spoke about how an employee in May clicked on a Word document corrupted via a security hole for which Microsoft had no patch. A fix wasn’t available until eight weeks later. Microsoft has released 10 patches for security holes in Office programs since January 2006, which consists of a handful delivered only after crooks began using newly discovered flaws in their attacks. The best protection: keeping Office security patches updated.

The Office file attacks are “very targeted and very limited,” says Mark Miller, Microsoft’s director of security response, who called on workers “to absolutely extend extreme caution” when opening Office files in e-mail.

Microsoft has been slow to patch security holes in Office programs, says Zwienenberg. However he did add, “But the cyber criminals are getting smarter and smarter.”