The notion that cyber attacks on your business were coming from attention-craving mischief-makers working in their parents’ basements is slow to die. But today’s cybercriminals are a highly sophisticated bunch.

The reality is that the most pernicious attacks on your system are coming from determined criminals with state-of-the-art tools, clear targets and, almost certainly, more cutting-edge software expertise than your company can afford. These criminals are feeding a growing global demand for black-market information, and they are richly rewarded for it.

Take for example the recent Hydraq attack (alias Aurora, Microsoft IE Vulnerability, or Google Attacks), which hit the business world a few months ago.

The software installs a Trojan horse program on a computer and then “attempts to make contact with command and control servers in order to receive instructions and to upload any information that it may have collected. This type of attack is often called an advanced persistent threat because of the sophistication and persistence of the attack within a business.”

The software can capture keystrokes, upload files and replicate itself across the network. It is, according to Francis deSouza, Senior Vice President, Enterprise Security Group at Symantec, part of an increasing pattern of “well-organized attacks that leverage insidious malware and social engineering tactics to target key individuals and penetrate corporate networks.”

If your company has any information that is mission-critical, sensitive or confidential (and few companies larger than a nail salon don’t handle data that fits this description), it is of interest to someone who might be paying for access to it.

And while IT security companies like Symantec, McAfee, and Sophos come out with patches to plug these holes as fast as they can, and even Microsoft is getting better at sending out yet another system update, a good number of companies have already been ripped off, and the cybercriminals are already coming up with a new means of defeating the new obstacles

The organized cybercriminals, according to Symantec’s deSouza, use a four-step process, often having separate expert teams for each step of the attack:

1. an incursion phase, where access is gained to a company’s network through a variety of malware including e-mail attachments
2. a discovery phase, where the topography of the corporate network is mapped out and the locations of key asset are identified
3. a capture phase, where “they find and seize information that has a black market value, such as credit card information, identities, customer or patient records, intellectual property,” and so on, and
4. An exfiltration phase, where the data is moved off the network into the hands of the criminals.

All of this can (and often does) take place without any sign that the intrusion is happening. With the criminal’s team approach and a clear breakdown of roles, the typical company network hasn’t a chance of even knowing that its pockets have been picked.

If your company hasn’t upgraded its security plan within the last year, it is getting more and more vulnerable. Yes apply the patches and updates (though for many companies even that is a low priority), but the more valuable the data the more you need to go beyond the basic steps.

Tags: cybercriminals, hackers, Hydraq, Symantec