Panda Software is developing a service expected to launch early next year to protect enterprises against an emerging network security threat it calls "espionage," where professional hackers will target one specific company instead of many with tailor-made code.
To test the waters, Panda rolled out Wednesday TruPrevent Personal 2006 for individual users that is designed to run alongside normal security software such as Norton Antivirus from Symantec Inc. It protects against new attacks from code unknown to the security software.
The service will use artificial intelligence and sophisticated algorithms to identify and stop unknown malicious code from attacking the network. In the last year there have been approximate 20 attacks on various commercial companies from individuals seeking competitive information, and many have never been reported by the media, Patrick Hinojosa, Panda Software U.S. chief technology officer, told TechWeb. "The fastest way to get a leg up on your competition is corporate espionage," he said. "Some of the code we are seeing is coming from other companies because the nature of the data."
Most vulnerable to these attacks are companies such as those that have frequent changes in product lines within industries such as aerospace, defense, pharmaceutical, biotech, and finance.
The SAN Institute and the governments of the United States and the United Kingdom earlier this month released a report on the year's top 20 Internet vulnerabilities. The report notes criminals often seek out target applications in target companies to cause devastating results.
Ferris Research first began hearing from security software company MessageLabs earlier this year that individuals were targeting high-level executives within specific companies to gain access to passwords and confidential documents. "We are well aware there are sophisticated organize crime networks involved with consumer-based phishing where people pass on details of compromised credit cards and it's assumed the network is similar to this spear-fishing attack," said Richi Jennings, lead analyst for e-mail security practice at Ferris Research.
Software companies from Panada Software to MessageLabs are putting software and systems in place to check that internal file structures, are correct, to look for unknown malware such as viruses, Trojan Horses, and worms, Jennings said.
In May, for example, a hacker successfully infiltrated the computer network of CardSystems Solutions Inc., a third-party payment company processing more than $15 billion in Visa, MasterCard, American Express and Discover transactions, and stole approximately 40 million credit card numbers from credit card companies.
Most companies can firewall their e-mail and are fast at nailing down worm outbreaks, but those are typically perpetrated by "script kiddies, people who want to make noise for notoriety," Hinojosa said. "These are not people who want to make noise. This is about organized crime and that's the major difference."