Hackers target business secrets

Filing cabinet, Eyewire Many net-savvy thieves are scouring corporate networks for saleable secrets

Related Stories

Intellectual property and business secrets are fast becoming a target for cyber thieves, a study suggests.

Compiled by security firm McAfee, the research found that some hackers are starting to specialise in data stolen from corporate networks.

McAfee said deals were being done for trade secrets, marketing plans, R&D reports and source code.

It urged companies to know who looks after their data as it moves into the cloud or third-party hosting centres.

"Cyber criminals are targeting this information based on what their clients are asking for," said Raj Samani, chief technology officer in Europe for McAfee.

He said some business data had always been scooped up when net thieves compromised PCs using viruses and trojans in a search for logins or credit card details.

The difference now was that there exists a ready market for the data they are finding. In some cases, said Mr Samani, thieves were running campaigns to get at particular companies or certain types of information.

The McAfee report mentioned cases in Germany, Brazil and Italy in which trade secrets were either stolen by an insider or cyber thieves tried to get hold of via a concerted attack.

In some cases, said the McAfee report, companies made the job of the criminals easier because they did little to censor useful information about a corporate's culture or structure revealed in e-mails and other messages.

Such information could prove key for thieves mounting a "social engineering" in which they pose as employees to penetrate networks.

The report detailed efforts by firms to watch casual and contract employees and the use of behavioural analysis software to spot anomalous activity on a corporate network.

Perimeter defences

Thefts of intellectual property or key documents could be hard to detect, said Mr Samani.

"You may not even know it's stolen because they just take a copy of it," he said.

Defending against these threats was getting harder, he said, because key workers with access to the most valuable information were out and about using mobile devices far from the defences surrounding a corporate HQ.

"Smartphones and laptops have crossed the perimeter," said Mr Samani.

The report comes in the wake of a series of incidents which reveal how cyber criminals are branching out from their traditional territory of spam and viruses.

2010 saw the arrival of the Stuxnet virus which targeted industrial plant equipment and 2011 has been marked by targeted attacks on petrochemical firms, the London Stock Exchange, the European Commission and many others.

Mr Samani said that, as firms start to use cloud-based services to make data easier to get at, they had to work hard to ensure they know who can see that key corporate information.

Otherwise, he warned, in the event of a breach, companies could find themselves losing the trust of customers or attracting the attention of regulators.

"You can transfer the work but you cannot transfer the liability," said Mr Samani.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features

  • RihannaCloud caution

    After celebrity leaks, what can you do to safeguard your photos?


  • Cesc FabregasFair price?

    Have some football clubs overpaid for their new players?


  • Woman and hairdryerBlow back

    Would banning high-power appliances actually save energy?


  • Rack of lambFavourite feast

    Is the UK unusually fond of lamb and potatoes?


  • Members of staff at James Stevenson Flags hold a Union Jack and Saltire flag UK minus Scotland

    Does the rest of the UK care if the Scots become independent?


BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.