Symantec Warns Of Increased Email Attacks

Targeted email attacks have rising significantly in the last five years, according to a new report from security specialist Symantec. It found that these attacks have gone from one or two attacks per week in 2005, to 77 attacks per day in October 2010.

The results of the study were announced with the publication of Symantec’s October 2010 MessageLabs Intelligence Report.

Retail Sector Targeted

For the first time, targeted attacks hit the retail sector hardest this month, where they increased from a monthly average of 0.5 percent of all attacks over the past two years to 25 percent in October. The report found in October, 1 in 1.26 million emails was a targeted attack.

The number of targeted attacks in October aimed at businesses in the retail sector rose considerably above the monthly average of 1 in 1.26 million, increasing the likelihood of an attack by a factor of almost 6.3. Moreover, the number of attacks against the retail sector jumped to 516 in the last month, compared with just seven attacks per month for much of 2010, marking the first time the retail sector had been the focus of a targeted attack campaign in recent years.

“Of the 516 attacks, only six organisations were the intended targets, but two of them were mainly targeted, one of which was the target of 63 percent of the 516 attacks,” said MessageLabs Intelligence senior analyst Paul Wood. “The spear phishing attacks, launched in three waves each one week apart, used social engineering techniques to distribute legitimate-looking emails from HR and IT staff of the targeted organisation but in actuality contained malicious attachments.”

Emails From HR

Each wave comprised one or two different email messages using different themes, Wood said. The first wave of emails targeted 50 recipients and spoofed an email address from the firm’s senior HR executive with subjects referring to confidential salary information. The attachment contained a malicious PDF. The second wave also spoofed an HR executive and targeted 20 recipients with a subject line pertaining to new employment opportunities.

“While targeted emails by nature are sent in low volumes, they are one of the most damaging types of malicious attacks,” said Wood. “We have seen a constant influx of targeted attacks over the past six months, with the type of organisation targeted changing on a monthly basis and the number of targeted users increasing each month. Although the number of unique attack exploits being deployed has diminished slightly, the number of attacks used by each exploit has increased.”

According to the report findings, in October the global ratio of spam in email traffic from new and previously unknown bad sources was 87.5 percent (1 in 1.4 e-mails), a decrease of 4.2 percentage points since September, while the global ratio of email-borne viruses in e-mail traffic from new and previously unknown bad sources was 1 in 221.9 e-mails (0.45 percent) in October, a decrease of 0.01 percentage points since September. In October, 23.1 percent of email-borne malware contained links to malicious websites, an increase of 15.5 percentage points since September.