This Week in Cybercrime: Companies Attacked Every Three Minutes

Plus: Bitcoin’s success puts it in hackers’ crosshairs

3 min read

This Week in Cybercrime: Companies Attacked Every Three Minutes

Hackers Are Nothing If Not Persistent

Pick a company, any company. Well before you finish reading this blog post, that firm will likely have faced at least one malware-related event—and perhaps several. That’s the main takeaway from a new report on advanced persistent threats [pdf] released by researchers at the FireEye Malware Intelligence Lab. The group, which examined 89 million global malware events that FireEye documented during the second half of 2012, found that some companies have to fend off attacks as often as once every three minutes. "This nearly continuous rate of attacks and activities is indicative of a fundamental reality: these attacks are working, yielding dividends," says the report. The most targeted types of companies are tech firms, because of the value of their intellectual property. Rounding out the top five most attacked industries, says a Kaspersky Threatpost article, are: telecom, logistics/transportation, manufacturing, and banking/finance. Who gets attacked the least? According to the report, government agencies, energy companies, and legal firms get comparatively little attention from hackers. The FireEye report also details the most common infiltration methods as well as the techniques attackers are now employing to evade security measures.

More Money, More Problems

Almost in lockstep with the announcement that the total value of all the Bitcoins in circulation has surpassed the one-billion-dollar mark, Bitcoin’s infrastructure has come under cyberattack. Two Bitcoin services, trading exchange Mt. Gox and storage service Instawallet, were hit by a distributed denial-of-service attack and a database hack, respectively. Mt. Gox says it is unsure of who is behind the DDoS attack, which began on Wednesday, but guessed that one reason the hackers could have done it is to spur a dip in the cryptocurrency’s trading value. Why would someone do that? If the attacker had “shorted” the value of Bitcoins (which means they essentially bet against it), they stand to rake in a huge profit if the currency’s value drops. Mt. Gox, which handles more than 80 percent of all Bitcoin-to-U.S.-dollar trades (and 70 percent of trades between the virtual money and all currencies), released a statement reassuring its customers that it has the situation under control. “There are a few things that we can implement to help fight the attacks, such as disconnecting the trade engine backend from the Internet. By separating the data center from the Mt.Gox website, we will continue to be able to trade.” The company also reported that a new trade engine under development will scale its infrastructure to accommodate spikes in trade volume and make itself less vulnerable to malicious floods of information.

Meanwhile, Instawallet is dead in the water. The Bitcoin value storage firm announced on its website it would be closed for business until further notice because its database was hacked. “Our database was fraudulently accessed, [and] due to the very nature of Instawallet it is impossible to reopen the service as-is,” says the notice on the site’s front page. The notice goes on to inform customers how they can claim funds they had stored before the service interruption, but gives no indication of how the intrusion occurred, how many Bitcoins were stolen in the heist, or who was steering the getaway packet.

Hackers Attack Japanese Internet Portals

Goo, a Japanese Internet portal owned by network operator NTT, reported that it suffered a series of brute force attacks on Tuesday night and that an estimated 100 000 accounts were compromised. The company confirmed that some of the accounts—which include information such as credit card and bank account data—had been fraudulently accessed. Some of the accounts, said Goo, were hit by more than 30 login attempts per second; the company wouldn’t offer any further details.  

At roughly the same time Goo was under siege, Yahoo Japan, the country’s leading Internet portal, discovered that its servers had been infected by malware that compiled data for 1.27 million users. Fortunately, says Yahoo Japan, which handles 55 percent of the nation’s Internet search and portal traffic, the program was halted before it was able to transmit any of the data outside of the company’s computer infrastructure.

And In Other Cybercrime News…

Anonymous hacks North Korea's Twitter and Flickr accounts and knocks over one of the country’s leading news and information sites.

An ICS-CERT report reveals that critical infrastructure remains vulnerablefor the same reasons—among them, lack of formal documentation, event monitoring, and permissions and privileges control—that have been noted for years.

Image: Robert Catta/Getty Images

The Conversation (0)