ATLANTA -- Cyberspace crime today could almost make one miss script kiddies, those clever bedroom hackers who sent viruses and worms spiraling through the Internet, snarling networks worldwide while IT security vendors scurried to find yet another fix.

"You hardly hear about those kinds of attacks anymore," says Elizabeth Clarke, vice president of corporate communications at SecureWorks, an Atlanta-based provider of managed IT security services to more than 600 credit unions, 500 banks and 100 credit card processors, utilities and health-care organizations.

"Now it's organized criminals from around the world going after confidential information they can then use to steal identities and money," she says. "And they're always getting better at it."

Jon Ramsey, SecureWorks' CTO, said the perception among this criminal element seems to be that credit unions are easier targets. His company's detection software has picked up 67% more attacks on client credit unions than banks in recent months.

"I guess it's the lower-hanging fruit thing," he said of credit unions. "The idea seems to be that because they're smaller and there are so many of them, they would be less sophisticated in their defenses since they're not big enough to have the resources that big banks would. So they're ripe for the picking."

Not wanting to be thus plucked, Motorola Employees Credit Union of Schaumburg, Ill., has been using SecureWorks for network-intrusion prevention since 2003, protecting MECU's 35 servers and 100 workstations coursing data through a wide-access network supported at 12 different locations.

"Our small team couldn't possibly dedicate enough time to become 24-hour security experts and still run our information systems," said Mike Murphy, the $559 million CU's executive vice president and chief operating officer.

"I can't say that it has reduced our workload," Murphy said of MECU's use of SecureWorks' iSensor system, "because we did not have the resources or expertise to tackle intrusion prevention on our own. What it has done is allow us to focus on other priorities."

Murphy also said that he thinks that as credit unions and other financial institutions strengthen their network defenses, it has forced the fraudsters to focus on other areas, such as phishing, to get at the funds behind the firewalls.

But while the simple phishing attacks can be thwarted by simply educating consumers not to go to spoofed sites until the phish is shut down, it's the newest wave of cyberattacks that have Ramsey and his colleagues sitting up and taking notice. There has been a dramatic increase in the number of so-called SQL injection attacks, in which hackers add widely used structured query language (SQL) code to a Web form input box to get inside a network and gain access to its database. SecureWorks said it detected 650 such attacks against its clients in January and then saw that number soar to about 8,000 in June. "What makes these so dangerous is that they can be used on all kinds of Web applications, even things as simple as a mortgage loan calculator or online subscription form for a credit union newsletter," Ramsey said. "They're also specifically targeting credit unions, one at a time, looking for vulnerabilities all the time and always coming up with new variations of SQL injection attacks."

New targets, such as XML and service-oriented architecture technologies and even simply putting malicious code inside Word and other widely used Office documents, also are being chosen on an ongoing basis, the SecureWorks CTO said.

Defending against such attacks requires nonstop monitoring and constantly updated protections in place that perform such functions as validating textbox entries, strengthened internal password protections (such as not storing them in plain text), limiting internal access to databases and minimizing the amount of information in internal network error messages.

Such precise targeting also means that simply putting an intrusion detection device on the network perimeter and forgetting doesn't work anymore, Ramsey said.

"You have to develop countermeasures, think both tactically and strategically, always looking at ways you need to change the way that defenses work themselves, so you can stack the defense against the next emerging threat," said Ramsey. SQL injection attacks have garnered negative publicity and compromised data in large chunks, such as the security breach at CardSystems that netted 263,000 credit card numbers and exposed 40 million more, Ramsey said. More recently, Russian hackers claimed to have stolen 53,000 credit card numbers in an attack on a Rhode Island government Web site. While the headlines scream, a lot can happen behind the scenes, too. "They're generally using those kinds of attacks as a beachhead, to find information that they can use to attack the organization by stealing confidential information. They can then do really targeted phishing attacks, using personal information that leads the member to trust the e-mail they just got from what they think is their credit union," Ramsey said. "It's not just 'Dear Valued Member' anymore.

"Or sometimes they even use extortion, telling the institution that they've taken control of their information and will steal data or deny service unless you pay. It can happen to credit unions that way," said Ramsey. "I know of an instance." [email protected]