Epsilon security breach: 5 signs it's only the tip of the iceberg

Targeted attacks are the trend in cyberspace. Six months ago, the world's first cyber superweapon – Stuxnet – was discovered to be targeting Iran's nuclear facilities. This week millions of e-mail addresses were reported stolen from Epsilon, a firm that supplies e-mail marketing to BestBuy, Disney, and many others.

The two highlight a trend toward precision among those that create malicious software. Epsilon's information will help hackers craft very specific "phishing" e-mails that are far more subtle, experts say. Here are five emerging targets for precision attacks:

1. Businesses' 'crown jewels'

Alfred Jin/Reuters/File
A man walks past the logo of Google China outside its company headquarters in Beijing on Jan. 19, 2010.

Forget identity theft and stealing credit cards. That's small potatoes. Today's hot currency for organized cybercrime gangs is increasingly found by prowling corporate networks to steal a company's "crown jewels" – proprietary data and trade secrets that can later be sold for big bucks on the cyber black market, cybersecurity experts say.

"Corporate intellectual capital is the newest cybercrime currency," reported McAfee, the computer security company, in a survey of 1,000 information technology managers worldwide released last week. "Cybercriminals have made the shift from stealing personal information to targeting the corporate intellectual capital of some of the most well-known global organizations."

The report cites a rise in "sophisticated attacks," like the one against Google last year. Dubbed Operation Aurora, it reportedly targeted Google's critical software source code.

Also surging are relatively "unsophisticated" yet targeted attacks against company networks. One such group of attacks that McAfee dubbed "Night Dragon" snatched "bid data" and other key oil-discovery data from oil and gas companies worldwide.

The Night Dragon attacks, which McAfee says emanated from China, and the Aurora-style attacks against Google, have infiltrated some of the most-protected companies in the world to steal intellectual property, the company says.

Nearly half of all organizations McAfee surveyed had had at least a small data breach, and almost one-quarter had had a data breach in the past year. The costs of data breaches are increasingly high, too. On average, lost data cost the companies more than $1.2 million, compared to less than $700,000 in 2008, the survey found.

1 of 5
of 5 stories this month > Get unlimited stories
You've read 5 of 5 free stories

Only $1 for your first month.

Get unlimited Monitor journalism.