Cyber Espionage: A Growing Threat to
Ellen Messmer, Network World
Monday, January 21, 2008 7:00 AM PST
Cyber espionage is getting renewed attention as fresh evidence emerges of
online break-ins at U.S. research labs and targeted phishing against
corporations and government agencies here and abroad.
It's no wonder that research firm SANS Institute has ranked cyber espionage
No. 3 on its "Top Ten Cyber Menaces for 2008," just behind Web site attacks
exploiting browser vulnerabilities and botnets such as the infamous Storm.
"Economic espionage will be increasingly common as nation-states use cyber
theft of data to gain economic advantage in multinational deals," SANS
Institute claims. "The attack of choice involves targeted spear phishing with
attachments, using well-researched social engineering methods to make the
victim believe that an attachment comes from a trusted source."
Alan Paller, director of research at SANS Institute, adds that people should be
aware that an "extraordinary treasure chest of information has been stolen,"
and "the same people doing the military espionage are engaged in economic
espionage using the same or very similar techniques to steal information from
organizations that are working on business ventures in the attackers' country."
He offered no estimate as to how much cyber espionage is costing
Many have seen some form of cyber espionage up close.
"Absolutely there's espionage," says Michele Stewart, manager of data security
at Orlando-based AirTran Airways.
Members of AirTran's executive management team were recently targeted by
phishing e-mail that sought to trick them into divulging confidential corporate
information as well as attempted to place bot malware on their computers, she
"The e-mail did get through our filter, but fortunately [our team] had the presence of mind to realize something
strange was going on," Stewart says. AirTran, which relies on Lancope network-behavior-analysis equipment to
watch for anything outs