While spam volumes continue to decline, there has been a marked increase in the use targeted attacks.
This was one of the findings of the 2013 Symantec Internet Security Threat Report released yesterday in Dublin. According to the report, there was a 42% increase in targeted attacks in 2012. The report also discovered that in 2012 there approximately 30 billion spam e-mails were in circulation worldwide each day. This was down from the 42.1 billion in 2011; a decrease of 28.6% in global spam volume.
Presenting the findings of the report, Bulent Teksoz, Symantec's chief security strategist for emerging markets, said targeted attacks were on the rise and expanding beyond the expected targets. He pointed out that manufacturing was the most targeted sector, recording 24% of targeted attacks; followed by finance, insurance and real estate.
"Targeted attacks are motivated by espionage - the theft of IP - and more recently we've seen an uptick in the number of destructive attacks against certain organisations," said Teksoz.
He also revealed that within an organisation, the most targeted employees are CEOs and board members; followed by PR and marketing personnel and personal assistants.
"Overall we've seen an increase in attacks against critical infrastructure," said Teksoz. "The first of this kind of attack to gain public attention were the attacks against Estonia which saw attacks performed against Web sites belonging to the Estonian parliament and ministries as well as those belonging to banks and media." According to Teksoz, the attacks were performed in retaliation against the relocation of war graves.
"The king of this type of attack is Stuxnet whose payload was the disruption of centrifuges used by the Iranian nuclear programme. Since then, a number of associated malware has been identified, such as Flamer, Duque and Gauss. More recently we saw attacks against energy companies in the Middle East where a threat called W32.Disttrack was used to destroy thousands of client machines," Teksoz explained.
He also noted that targeted attacks, while much lower in volume that traditional cyber crime, have become a standard, according to malware researchers. "We see over 100 targeted attacks on a daily basis with attacks and groups gaining notoriety." According to Teksoz, targeted attacks predominantly start as spear phishing attacks; however, in 2012, watering hole attacks emerged.
"While spear phishing has historically been the main infiltration point, we've observed an increase in watering hole attacks in the past year. This leads to wider infection base but again targets here can be used to launch further attacks."
"For example, this year we saw a line of code in tracking scrip on a human rights organisation's Web site with the potential to compromise a computer. It exploited a new, zero-day vulnerability in Internet Explorer to infect visitors. Our data showed that within 24 hours, people in 500 different large companies and government organisations visited the site and ran the risk of infection. The attackers in this case, known as the Elderwood Gang, used sophisticated tools and exploited zero-day vulnerabilities in their attacks, pointing to a well-resourced team backed by a large criminal organisation or a nation state."
He also believes that watering hall attacks will become more prevalent in 2013, as many companies have already fallen victim to it in February this year. Teksoz also pointed out that attackers don't discriminate by size of the enterprise, explaining that greatest growth in 2012 was companies with less than 250 employees.
"Small businesses may not be well protected against such attacks and they can be used as a stepping to get to larger organisations along the supply chain."
Share