The number of targeted e-mail attacks rose in 2010 compared to the previous year, as cyber criminals increasingly target corporations in search of specific sensitive information and intellectual property, according to Symantec’s MessageLabs Intelligence 2010 security report.
Otherwise known as advanced persistent threats, targeted attacks were identified and blocked by MessageLabs at the rate of 77 per day, and remain one of the top damaging security threats to a business. (In 2009, the number was 48 per day.)
Paul Wood, MessageLabs Intelligence senior analyst, explained that targeted attacks are sent out in low volumes by cyber criminals who often use zero-day exploits for which there are no patches. They fly beneath the radar of most anti-virus software because the low frequency of attacks doesn’t allow for a signature to be produced identifying that particular attack, said Wood.
“You may be have protection but it’s not going to help you in those kinds of circumstances,” said Wood.
The rate of targeted attacks has grown enormously. Five years ago, it might have been one or two blocked and identified per week, said Wood.
Today, three to four hundred organizations are targeted monthly by cyber criminals but the type of organization targeted has changed over time. While traditional targets were large multi-national and well-recognized corporations in the banking, pharmaceutical and defense sectors, Wood said that threat today extends to small to medium-sized businesses.
“If you’re trying to penetrate defenses of a large enterprise-type organization, it becomes more difficult … the more probing you try to do, the more likely you are to draw attention to yourself,” said Wood.
Cyber criminals will sometimes attempt to penetrate a target organization indirectly by taking a “piggy back” on an attachment in an existing e-mail correspondence from a supplier. “It’s not executable and it comes from someone you already know on a subject you’ve had a conversation about,” said Wood.
According to Brian O’Higgins, an Ottawa-based independent security consultant, Symantec’s report of an increase in targeted malware is no surprise because the attack vector’s proven track record only serves as encouragement to cyber criminals.
O’Higgins also pointed out that cyber criminals are encouraged by organizations’ unorganized security that takes the form of unpatched systems and vulnerable configurations.
“These are damaging attacks and enterprises need to plan for them,” said O’Higgins. “In practice this means making an investment to reduce the vulnerability.”