IMF Phishing Attack Raises Awareness, Opens Channel Opportunities

Hackers linked to a foreign government have reportedly targeted a spear phishing attack at the International Monetary Fund, another recent high-profile attack that underscores the need for enterprise organizations to re-evaluate their security posture and consider high-end security solutions, channel partners say.

As in recent attacks, the cyber attack against the IMF, first reported by Bloomberg, resulted in the theft of ’a large quantity’ of data, which allegedly included documents and e-mails. The reported attack initially prompted the IMF to temporarily disable its network connections with the World Bank, which have since been restored.

Bloomberg cited anonymous sources revealing that the intrusion was thought to be state-based, but didn’t specify which nation perpetrated the attack.

The IMF administrators told employees last week that it planned to replace RSA SecureID tokens, which the organization used for two-factor authentication. RSA offered to replace SecurID tokens after they were linked to several high-profile breaches, including attack against defense contractor Lockheed Martin.

However, a BBC report indicated that the IMF attack was unrelated to the RSA breach, instead suggesting that hackers instead gained entry via a spear phishing attack, indicated by the presence of ’suspicious file transfers.’ The BBC reported that the IMF attack appeared to originate from a specific PC that was infected with data stealing malware.

The IMF has confirmed that an investigation is underway, but was scarce on details related to how the attack was conducted and what attackers were after.

If true, the reported cyber attack against the IMF follows a growing surge of targeted attacks, also known as spear phishing, in which hackers take aim at a particular organization in order to gain access to intellectual property, classified or other confidential information, typically by tricking specific users into responding to e-mails or downloading data-stealing malware.

’Nobody is immune,’ Dave Jevans, chairman of the Anti-Phishing Working Group and the security firm IronKey, wrote in an e-mail to CRN. ’The most sophisticated companies in the world have been successfully attacked. Remember that attacks are not just against the networks of these companies, but also against their employees and customers. Once infected, they are affected entry points for attackers.’

Google reported earlier this month that hundreds of Gmail users, including military personnel, senior U.S. government officials, Chinese political activists, South Korean officials and journalists, were targeted in a sophisticated spear phishing attack , appearing to be sourced from Jinan, China, that attempted to infiltrate users’ e-mail accounts and monitor communications.

Recently, researchers at security firm Trend Micro found that Web mail providers Hotmail and Yahoo Mail fell victim to similar phishing attacks, although it’s unclear if the attacks targeting Gmail were related.

And Jevans contends that there will likely be more highly sophisticated attacks targeting large scale organizations.

’These are going to escalate in intensity and sophistication,’ he said. ’Recent months have indicated that the technological sophistication of attackers is increasing, especially as groups are organizing to bring together the technological sophistication of multiple cyber criminals to create blended attacks. Expect increased targeting of employees and customer through information gleaned from social networks and previously stolen databases,’ he said.

Next: Partners See Opportunity In High-Profile Cyber Attacks

Meanwhile, solution providers say that the upsurge of cyber attacks in recent years, including the latest assault on the IMF, have prompted the CIOs and CISOs at many large enterprise organizations to take notice of their security posture.

’Since numerous companies have been attacked lately, companies that have traditionally taken a ’wait and see’ approach are on high alert,’ said David Sockol, CEO of Santa Clara, Calif-based Emagined Security. ’High profile companies are very concerned with the growing number of attacks, especially when the hacking community is hitting so close to home. These companies are quickly realizing that the hacker community is targeting organizations that have the greatest impact on the news as well as focusing on financial gains.’

Kevin McCann, vice president of Bedford, Mass.-based Continental Resources, said that the recent proliferation of mobile devices in the workplace and social media have further complicated the security landscape and created new challenges for CIOs and IT administrators of major organizations by introducing a plethora of open channels that also more easily allow hackers to launch malware and phishing attacks.

’No wonder why the infections started occurring more. Not only were the new devices open to viruses, but because a corporation has to be open for its users to get in, (its networks) are more open for hackers to get in,’ McCann said. ’This new wave of openness has really caught the attention of CIOs and has become a top priority for security in many companies, which in turn has opened lots of doors for the reseller community for product and services sales. But where will this go? Who knows?’

McCann added that he had seen a range of responses from enterprise customers attempting to reduce the risk of a cyber attack, ranging from attempting to obtain a security system for iPads or smartphones to ’reverting back to locking the corporate infrastructure down’ and only allowing access by corporate devices.

Partners say that the most daunting hurdle thus far for organizations has been cost, and currently many organizations are weighing budgetary constraints with the need to implement expensive and complicated security solutions in order to combat a growing number advanced persistent threats and other sophisticated malware.

’Major manufacturers, governments, and financial organizations need to put more attention into their security posture than ever before,’ Sockol said. ’The biggest challenge that these organizations are facing these days is with their lack of security budgetary planning. Just buying enough services and solutions to pass audit requirements is not enough.’

However, the heightened awareness spawned from the growing number of cyber attacks have opened up opportunities for channel partners to implement vulnerability detection technologies, data loss prevention and managed security services, as well as providing consulting opportunities that paved the way for resellers to help customers create more robust security plans and policies.

’Companies are worried because here are so many holes in the dam now and not enough resources to plug them all,’ McCann said. ’As a reseller, we see our focus to help companies realize where their faults are and to develop a plan to stay ahead of the harmful technologies that can damage them -- all while being mindful of spending limits.’