Daily targeted attacks increase since January – report


6 Dec 2011

The number of daily targeted network security attacks has increased four-fold compared to January this year, with an average of 94 targeted attacks blocked each day during November, Symantec Corp’s November 2011 Symantec Intelligence Report reveals.

Further analysis reveals that in Ireland, at least one attack is blocked nearly every 62 days, and one in 5,104 people may be the recipient of such an attack.

In the US, at least one attack is being blocked each day, and one in 389 users may be the recipient of such an attack.

Contrast this with Japan, where at least one attack is blocked nearly every nine days, and may only be sent to one in 520 individuals.

Most frequently targeted industries

The report also reveals the public sector has been the most frequently targeted industry during 2011, with about 20.5 targeted attacks blocked each day. Closely behind, with 18.6 blocked targeted attacks daily, is the chemical and pharmaceutical industry. The third-most targeted industry has been the manufacturing sector, with about 13.6 attacks blocked each day.

“The aim of these targeted attacks is to establish persistent access to the targeted organisation’s network, in many cases with the aim of providing remote access to confidential data,” said Paul Wood, senior intelligence analyst, Symantec.cloud.

“They have the potential to cause serious damage to an organisation and in the long term represent a significant threat against the economic prosperity of many countries,” Wood added.

“Targeted attacks are designed to gather intelligence, steal confidential information or trade secrets, and in the case of attacks like Stuxnet, disrupt operations or even destroy critical infrastructure.”

This month’s analysis indicates that large enterprises consisting of more than 2,500 employees received the greatest number of attacks, with 36.7 being blocked each day. By contrast, the small-to-medium sized business sector with less than 250 employees had 11.6 attacks blocked daily.

“It is important to remember that without strong social engineering, or ’head-hacking,’ even the most technically sophisticated attacks are unlikely to succeed,” said Wood.

“Many attacks include elements of social engineering and are based on information we make available ourselves through social networking and social media sites. Once the attackers are able to understand our interests or hobbies, with whom we socialise and who else may be in our networks; they are often able to construct more believable and convincing attacks against us,” Wood added.

Targeted attacks by geographical distribution:

Chart