In an attack described as “Executive Spear Phishing” a targeted attack has been mounted on three Government of Canada departments (including Treasury Board and The Department of Finance). The attack involved, according to published reports, the forwarding of “infected” pdf files, which when opened stealthily searched their host computers and networks for documents to send back to servers in China.
China has denied responsibility, and it is plausible that any attacker this sophisticated might well have found unprotected servers in China from which to “stage” the attack. This only highlights the level of sophistication involved in cyber-espionage.
A related story about the sophistication of targeted cyber hacking, viruses, and their link to military espionage is here – see the Stuxnet Story.
- Preventing ever-more sophisticated attacks is very tricky
- Companies and Governments need to know and be alert to excellent security measures if they have valuable data worth protecting
- Managing technology requires an ability to “detect” attacks, as many go unnoticed.