Sharp rise in targeted attacks against retailers

Targeted e-mail attacks have increased significantly from one to two attacks per week in 2005, to 77 attacks per day this month, with the global retail sector facing a sharp rise in attacks for the first time, finds a Symantec survey.

Released Thursday, the MessageLabs Intelligence Report revealed that attacks against this sector increased from a monthly average of 0.5 percent over the past two years to 25 percent in October. The statistics also showed that businesses in this sector were targeted above the monthly average of 1 in 1.26 million, increasing the likelihood of an attack by a factor of almost 6.3 times.

According to the study, the retail sector was attacked 516 times this month alone, compared to just seven attacks per month in 2010, making it the focus of a targeted campaign in recent years.

Paul Wood, senior analyst of MessageLabs Intelligence, said in the report: "While targeted e-mail messages by nature are sent in low volumes, they are one of the most damaging types of malicious attacks.

"We have seen a constant influx of targeted attacks over the past six months, with the type of organization targeted changing on a monthly basis and the number of targeted users increasing each month. Although the number of unique attack exploits being deployed has diminished slightly, the number of attacks used by each exploit has increased," Wood added.

Retail businesses were hit by spear-phishing attacks, which were launched in three waves each one week apart. In these attacks, hackers used social engineering techniques to distribute legitimate-looking e-mail messages that contained malicious attachments from HR and IT staff of targeted organizations.

The report explained that each wave comprised one or two different e-mail messages using different themes.

The first wave of e-mail messages targeted 50 recipients and spoofed an e-mail address from the company's senior HR executive, with subjects referring to confidential salary information. The attachment contained a malicious PDF file.

The second wave also spoofed an HR staff and targeted 20 recipients with a subject line pertaining to new employment opportunities. The malicious attachment was an XLS file.

The third wave took a slightly different approach and spoofed one of the organization's senior IT security executives. It targeted 70 employees across the organization and requested action with a critical security update. The malicious attachment was a password-protected zip file.

Wood said: "Examination of the attacks' timing and techniques suggests a methodical approach on behalf of the attackers. In the case that the recipient clicked on any of the three malicious attachments, a backdoor Trojan would have been installed onto the computer with the potential for the attacker to gain access to any sensitive personal information or valuable corporate data on the machine."

India most malicious e-mail

The global ratio of spam in e-mail traffic was 87.5 percent, or 1 in 1.4 e-mail messages, during October. This was a dip of 4.2 percentage points compared to September, according to the report.

Across the Asia-Pacific region, Hong Kong had the highest spam rate of 92.4 percent, while Singapore and Malaysia stood at 90.2 percent.

The automotive sector was the most spammed industry in October, at 93.5 percent, followed by education at 92.1 percent and the chemical and pharmaceutical sector at 91.8 percent. The government and public sector remained the most targeted industry for malware with 1 in 43.2 malicious e-mail messages blocked, according to the report.

In terms of viruses, the global ratio was 1 in 221.9 e-mail messages or 0.45 percent. Some 23.1 percent of e-mail borne malware contained links to malicious Web sites, the report noted.

In this region, India fared the worst where there was one malicious e-mail for every 84.8 sent in the country, compared to 1 in 738.1 in Japan which had the lowest ratio in the region. In Singapore, 1 in 576.4 e-mail contained malware.

The security vendor's analysis of the Web also showed that 51.3 percent of malicious domains blocked in October were new, which was an increase of 17.7 percent from September. MessageLabs also identified an average of 2,280 new Web sites per day that harbored malware and other potentially unwanted programs such as spyware and adware. This, however, is an improvement from last month, where figures dropped 23.9 percent.