Symantec: Industrial espionage on the rise, SMBs a target

Symantec's latest Internet Security Threat report suggests that SMBs remain an attractive target for those trying to steal intellectual property.
Written by Charlie Osborne, Contributing Writer

Security giant Symantec's latest Internet Security Threat report says that attacks focused on stealing intellectual property surged by 42 percent in 2012 in comparison to the previous year.

Targeted cyberattacks based on IP theft are being conducted against both the manufacturing industry and smaller businesses, which are likely to have less income to invest in shoring up their defenses against attack. Symantec says that SMBs -- with fewer than 250 employees -- now account for 31 percent of targeted attacks, and are often seen as a means to gain access to larger firms through "watering hole" techniques.

The average number of targeted attacks has increased to an average of 116 per day, made popular by the Elderwood Gang which was able to infect 500 firms in 24 hours.

Simply put, a "watering hole" attack uses a trusted website as a base to divert visitors to an unsafe, malicious website, where malware can then take advantage of vulnerabilities within a PC system to steal data. The redirect order, usually achieved through finding a vulnerability and then injecting a HTML iframe, can be instantaneous and so the victim doesn't realize what has occurred. Last month, NBC admitted it was a victim of this type of attack.

An interesting point highlighted within the report is that 61 percent of malicious websites are actually legitimate; targeted by hackers who exploit vulnerabilities and create diversions or channels for malware to be installed on a victim's PC. Business, technology and ecommerce websites are most likely to be affected due to unpatched website vulnerabilities, and once malware has been downloaded, ransomware is a popular choice for hackers to get their money's worth -- especially when they buy legitimate advertising space to hide their code.

The report suggests that industrial espionage is on the rise, and manufacturing is now the most attractive target for those looking to steal valuable data, accounting for 24 percent of targeted attacks. By choosing targets that are part of a supply chain, hackers are more likely to find third parties which are vulnerable than by taking on larger firms. These weaknesses in a supply chain can lead to the theft of sensitive, corporate data -- and cybercriminals have caught on. Instead of going for executives, the security firm says that now knowledge workers and sales representatives are most likely to be targeted.

Data breaches declined in 2012, but the amount of stolen identities increased; the healthcare, education and government networks most affected.

As social media spam rises, traditional spam has declined slightly from 75 percent of all email sent in 2011 to 69 percent last year -- although 30 billion are still sent every day. Pharmaceutical spam is no longer the top form of spam, instead, sex and dating messages reign supreme. In addition, phishing attempts declined from one in 414 to one in every 299 emails sent in 2012. Malware is present in one of every 291 emails, and 23 percent of these types of message contain URLs to malicious websites.

"This year's ISTR shows that cybercriminals aren't slowing down, and they continue to devise new ways to steal information from organizations of all sizes," said Stephen Trilling, chief technology officer of Symantec. "The sophistication of attacks coupled with today’s IT complexities, such as virtualization, mobility and cloud, require organizations to remain proactive and use ‘defense in depth’ security measures to stay ahead of attacks."

The report compiled information from more than 69 million attack sensors in 157 countries around the world.

Editorial standards