Daily targeted attacks are ramping up rapidly -- and the public sector is seeing the brunt of the onslaught. So says the November Symantec Intelligence Report.
On average, Symantec blocked 94 targeted attacks each day during the month of November, with at least one attack blocked in the U.S. every day. The public sector saw more than 20 of those targeted attacks, followed closely by the chemical and pharmaceutical industry with an average 18.6. The manufacturing sector ranked third with 13.6 a day. Many of the chemical and pharmaceutical industry attacks surfaced later in the year, and fit the Nitro profile.
"While the amount of global spam is at its lowest level since the McColo take-down in November 2008, the latest Symantec intelligence report shows a fourfold increase in the number of daily targeted attacks since January 2011," said Paul Wood, senior intelligence analyst at Symantec. "This is the greatest increase over a 12-month period ever recorded by Symantec."
Serious Damage Possible
Wood went on to explain that the aim of these targeted attacks is to establish persistent access to the targeted organization's network , in many cases with the aim of providing remote access to confidential data . In his assessment, these attacks have the potential to cause serious damage to an organization and in the long term represent a significant threat against the economic prosperity of many countries.
"Many attacks include elements of social engineering and are based on information we make available ourselves through social networking and social-media sites," Wood said. "Once the attackers are able to understand our interests or hobbies, with whom we socialize and who else may be in our networks, they are often able to construct more believable and convincing attacks against us."
Good News, Bad News
As Wood mentioned, there's good news on the spam front. Just three years ago, spam accounted for 68 percent of all e-mail. Pharmaceutical spam is now at the lowest it has been since Symantec started tracking it, accounting for 32.5 percent of spam, compared with 64.2 percent at the end of 2010. Part of the reason for the decline is a move by spammers to target social media instead of e-mail.
That doesn't mean your e-mail is totally safe, though. In November, the global phishing rate increased slightly. South Africa once again became the country most targeted for phishing attacks in November, with one in 96.2 e-mails identified as phishing. Meanwhile, Web-based malware threats have increased 47.8 percent since 2011.
A Future Stuxnet
What should enterprises expect in 2012? Following on the theme of targeted attacks, Wood said, 2011 really laid the groundwork for the successor of the infamous Stuxnet. When combined with recent revelations around the Duqu threat, he said, the findings in a recent Symantec Critical Infrastructure Protection Survey are particularly troubling.
"Duqu's purpose was to gather intelligence data and assets from organizations such as manufacturers of components commonly found in industrial control environments," Wood said. "The attackers behind Duqu were looking for information such as design documents that could help them mount a future attack on an industrial control facility. Since Duqu is essentially the precursor to a future Stuxnet and it is likely other similar reconnaissance-type threats exist, it's quite likely that 2011 saw the foundation for the next Stuxnet-like attack being laid."
0 komentar:
Post a Comment