News

Detection-evading targeted malware attacks on the increase, says Symantec

Although targeted attacks using bespoke malware sent to specifically selected email addresses are still rare, the number of attacks is rising rapidly, says Symantec.cloud.

While only 0.02% of malware containing emails can be classed as targeted, Symantec.cloud detected an increase of 60% in the average number of daily attacks from 2009 to 2010 and a 10.5% increase in the past six months.

Symantec.cloud saw a 17.40% increase in the number of attacked customers in 2010 over 2009 and a 31.37% increase in the number of distinct attacks.

In April 2011, targeted attacks rose to 85 a day, the highest figure since March 2009 when the figure was 107 a day, according to the latest MessageLabs Intelligence Report.

Targeted attacks are typically designed to attack the computers of specifically targeted individuals to extract information that is valuable to the attacker or to act as a launching pad for further attacks within an organisation.

Also known as Advanced Persistent Threats (APTs), targeted attacks typically involve malware that exploits zero-day vulnerabilities.

The low volume in which targeted malware is sent and its sophistication means that they are often not detected by traditional anti-virus techniques and require heuristic analysis to be detected, says Martin Lee, senior software engineer, Symantec.cloud.

"Organisations relying on unsophisticated anti-virus protection may be completely unprotected against this class of threats," he says.

Since April 2008, almost a third of all targeted attacks seen by Symantec have been sent to the public sector, followed by manufacturing companies(15.98%), financial companies (8.04%), IT Services (6.12%) and educational organisations (4.61%).

"In 2010 only 1 in 35 of our private sector clients received a targeted attack. Of those that do receive attacks, the vast majority receive no more than 4 such attacks in the year," says Lee.

Although private sector organisations may rarely, if ever, be targeted by such an attack, a small percentage are under repeat attack, he says. Some 6.8% of Symantec.cloud clients receive more than 50 such attacks a year, with 2.3% receiving more than 250 attacks during 2010.

There is a clear increase in the number of attacks directed against the most frequently targeted organisations, says Lee, and targeted attacks appear to be becoming more common as well as more highly targeted.

Senior managers are the most targeted (34%), followed by managers (24%). Only 4% are of low seniority.

"Interestingly, 19% of recipients are not identifiable through public internet searches, yet the attackers know of their identity," says Lee

Another 19% of attacks are sent to mailbox type addresses such as 'recruitment@' or 'enquiries@'.

"Such addresses may be seen as an easy means of ingress into a company since the people administering these addresses may be used to opening attachments sent by email from unknown senders," says Lee.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy