Attackers are increasingly shifting their focus on smaller businesses when crafting targeted attacks, according to Symantec’s monthly threat report.
The June 2012 Symantec Intelligence Report found that 36 percent of all targeted attacks that were detected over the last six months were directed at businesses with 250 or fewer employees. In comparison, a mere 18 percent of targeted attacks went after small businesses in December 2011.
The total number of targeted attacks detected each day also increased in the first half of the year, with an average of 151 targeted attacks being blocked each day during May and June, Symantec said. Targeted attacks “went through the roof” in April, at an average of 468 per day, researchers found.
Large enterprises with more than 2,500 employees bear the brunt of these attacks, blocking on average 69 attacks each day, according to the report. The SMB is not that far behind, with 58 directed attacks per day, according to the report.
“There appears to be a direct correlation between the rise in attacks against smaller businesses and a drop in attacks against larger ones. It almost seems attackers are diverting their resources directly from the one group to the other,” said Paul Wood, cyber security intelligence manager at Symantec.
Smaller businesses are often perceived as being easier to victimize since they are less likely to have a full IT staff to look after attacks, according to Symantec. An email that appears to come from a particular individual of could find itself automatically forwarded on to other business contacts, and spreading the infection.
The shifting focus will make security even more expensive for these small businesses. The defense industry, which is listed as a sub-category in the report, tended to be hit with more targeted attacks, with an average of 7.3 attacks per day, according to Symantec. Chemical and pharmaceutical sector was the second most targeted, with one in every five targeted attacks gunning for that industry segment. Manufacturing, accounting for almost 10 percent of all targeted attacks, was third, the report found.
In many cases, the victimized company was not the attacker’s primary target, Wood said. Many of the targeted attacks are designed to take advantage of the weaker company in order to access intellectual property or strategic information that could be used to damage another company.
“An attacker may use your organization as a stepping-stone to attack another company,” Wood said.
While attackers may use customized malware and specially crafted social engineering tricks to gain unauthorized access, “targeted attacks are still very rare,” Wood said. He called these attacks “the next evolution of social engineering” as victims are researched in advance and specifically targeted.
The report also noted that global spam levels continued its gradual decline, falling to 66.8 percent of total mail in June, which is about a 1 percent drop since May. The volume of emails containing links to malicious Websites declined by 1.2 percent, accounting for 27.4 percent of all email-borne malware.
However, phishing related emails increased, as did other types of email-borne threats, according to Symantec. In June, one in 467.7 emails comprised some form of phishing attack and one in 316.5 emails contained malware. Netherlands was the most targeted country for phishing attacks and malicious email activity in June.
The full Symantec Intelligence Report for June 2012 is available here in PDF format.