40 top-tier businesses threatened by hackers

gallery

Business and personal data stolen from infected PCs is being contained by a server controlled by hackers, a new report has uncovered.

Finjan, provider of secure web gateway solutions, has found that more than 1.4GB of data, consisting of 5, 388 unique log files is being hosted on a Crimeserver running a command and control application.

The compromised data in question has come from all around the world and contains information from individuals, businesses and organisations such as healthcare providers. The information includes patient details, bank customer data, business-related email communications and captured Outlook accounts containing email communication.

Asked if he was surprised by the findings, chief technical officer of Finjan Yuval Ben-Itzhak said that although the business-related crime was unusual this kind of criminal practice is becoming commonplace.

"We were more surprised by the amount of business-related data that was being accessed. We usually find a lot of individual data breaches, so this is a very interesting development. This kind of thing is certainly becoming more common. But it's not just computer savvy people that know how to access this information. Your average person is able to collect this data through command and control applications, too."

Finjan found that the server contained information on 40 top-tier global businesses. In total this comprised of 232 log files from the UK, as well as 571 from the US; 621 from Germany, 322 from France, 308 from India, 150 from Spain, 86 from Canada, 58 from Italy 46 from the Netherlands and 1,037 from Turkey.

According to Finjan's Malicious Code Research Center (MCRC), they detected a Crimeserver that was being used as a command and control for the Crimeware being executed on infected PCs. MCRC also found that the Crimeserver was being used as a "drop site" for private information being harvested by that Crimeware.

These revelations are of especial concern as the stolen data was left unprotected on the Crimeserver. Without access restrictions or encryption the data has been freely available to potential criminal elements.

Finjan has already notified over 40 international financial institutions located in Europe, the US and India, as well as global law enforcement agencies.

Ben-Itzhak said that his company's findings proved there was need for greater proactive action.

"Crimeware infected PCs are a serious business problem that requires proactive action since it is no longer just a technical IT problem.

"There are two things that can help to stop this from happening. Firstly, there is a need for greater law enforcement, not just concentrating on running after the criminal but greater guidelines for ISPs. The second is for people to use more proactive technology that can identify when something malicious is happening," Ben-Itzhak said.

Email to a friend

Print this page