In a story entitled Coke Gets Hacked and Doesn’t Tell Anyone, Bloomberg reports on the growing problem of cyber industrial espionage undermining the value of companies. The article illustrates the central role of spearphishing in cyber-industrial espionage:
The Coca-Cola report provides a rare and chilling account of the intricate and determined ways that hackers raided its files — from pilfering internal e-mails to gaining the ability to access almost any Microsoft (MSFT) Windows server, work station or laptop on the network with full remote control.
Computer hackers made daily incursions through Coca-Cola networks over a period of at least one month, often using systems that were first compromised by infected e-mails sent to company executives. The messages were disguised to look authentic but actually contained malicious software, or malware, that gave intruders a pipeline into the company’s networks, according to the report.
Once inside, the hackers struck quickly. In the first two days, they uploaded a dozen tools allowing them to steal e-mails and documents, installed a keystroke logger on the machine of a top executive in Hong Kong, and stole computer account passwords for other Coca-Cola employees, including those with administrative powers, to help them move freely across the company’s network, according to the report.
The article discusses several other attacks, including one revealed by MI5 which cost an undisclosed company $1.3 billion (see paragraph 26).
Bloomberg has posted an extensive interview with Jacob Alcott of Good Harbor Consulting regarding cyber-industrial espionage.
Spearphishers deceive by masquerading as trusted senders. SP Guard from Iconix provides the ability to distinguish real email from spearphishing attacks. You can contact us at 408-727-6342 ,ext 3 or use our online form.