Targeted E-Mail Attacks Increasing, Symantec Report Finds

Targeted e-mail attacks have increased significantly since they were first discovered five years ago. They have gone from one to two attacks per week in 2005 to 77 attacks per day in October 2010, according to a report from security specialist Symantec.

The results of the study were announced with the publication of Symantec's October 2010 MessageLabs Intelligence Report. For the first time, targeted attacks hit the retail sector hardest this month, where they increased from a monthly average of 0.5 percent of all attacks over the past two years to 25 percent in October. The report found in October, 1 in 1.26 million e-mails was a targeted attack.

The number of targeted attacks in October aimed at businesses in the retail sector rose considerably above the monthly average of 1 in 1.26 million, increasing the likelihood of an attack by a factor of almost 6.3. Moreover, the number of attacks against the retail sector jumped to 516 in the last month, compared with just seven attacks per month for much of 2010, marking the first time the retail sector had been the focus of a targeted attack campaign in recent years.

"Of the 516 attacks, only six organizations were the intended targets, but two of them were mainly targeted, one of which was the target of 63 percent of the 516 attacks," said MessageLabs Intelligence senior analyst Paul Wood. "The spear phishing attacks, launched in three waves each one week apart, used social engineering techniques to distribute legitimate-looking e-mails from HR and IT staff of the targeted organization but in actuality contained malicious attachments."

Each wave comprised one or two different e-mail messages using different themes, Wood said. The first wave of e-mails targeted 50 recipients and spoofed an e-mail address from the firm's senior HR executive with subjects referring to confidential salary information. The attachment contained a malicious PDF. The second wave also spoofed an HR executive and targeted 20 recipients with a subject line pertaining to new employment opportunities.

"While targeted e-mails by nature are sent in low volumes, they are one of the most damaging types of malicious attacks," said Wood. "We have seen a constant influx of targeted attacks over the past six months, with the type of organization targeted changing on a monthly basis and the number of targeted users increasing each month. Although the number of unique attack exploits being deployed has diminished slightly, the number of attacks used by each exploit has increased."

According to the report findings, in October the global ratio of spam in e-mail traffic from new and previously unknown bad sources was 87.5 percent (1 in 1.4 e-mails), a decrease of 4.2 percentage points since September, while the global ratio of e-mail-borne viruses in e-mail traffic from new and previously unknown bad sources was 1 in 221.9 e-mails (0.45 percent) in October, a decrease of 0.01 percentage points since September. In October, 23.1 percent of e-mail-borne malware contained links to malicious Websites, an increase of 15.5 percentage points since September.