Symantec’s latest Intelligence Report reveals that the number of daily targeted attacks has increased four-fold compared to January this year. On average 94 targeted attacks were blocked each day during the month of November.
The recent Duqu threats were created to gather intelligence data from industrial control system manufacturers. The creators of Duqu had access to the source code of Stuxnet, and were looking for information such as design documents that could help them mount a future attack on industrial control facilities.
Further analysis reveals that in the U.S. at least one attack is being blocked each day, and that one in 389 users may be the recipient of such an attack. Contrast this with Australia where at least one attack is blocked every three days, and may only be sent to one in 1,139 individuals.
The November Symantec Intelligence Report includes additional data on the geographical distribution of these attacks.
The public sector has been identified as the most frequently targeted industry during 2011, with approximately 20.5 targeted attacks blocked each day.
The chemical & pharmaceutical industry was second highest ranked, with 18.6 blocked each day. In this latter case, many of these attacks surfaced later in the year, and fit into the profile described in the Nitro attacks.
Similarly, this is also the case for the manufacturing sector, which was placed third most-targeted with approximately 13.6 attacks blocked each day.
“The aim of these targeted attacks is to establish persistent access to the targeted organisation’s network, in many cases with the aim of providing remote access to confidential data.
"They have the potential to cause serious damage to an organisation and in the long term represent a significant threat against the economic prosperity of many countries,” said Paul Wood, senior intelligence analyst, Symantec.cloud.
“Targeted attacks are designed to gather intelligence, steal confidential information or trade secrets, and in the case of attacks like Stuxnet, disrupt operations or even destroy critical infrastructure.”
This month’s analysis indicates that large enterprises consisting of more than 2,500 employees received the greatest number of attacks, with 36.7 being blocked each day.
By contrast, the small-to-medium sized business sector with less than 250 employees had 11.6 attacks blocked daily.
“It is important to remember that without strong social engineering, or ’head-hacking,’ even the most technically sophisticated attacks are unlikely to succeed.
"Many attacks include elements of social engineering and are based on information we make available ourselves through social networking and social media sites.
"Once the attackers are able to understand our interests or hobbies, with whom we socialise and who else may be in our networks; they are often able to construct more believable and convincing attacks against us,” Wood said.
While targeted attacks are on the increase, the global spam rate has now reached its lowest level in three years.
The effect of spam volumes three years ago was very dramatic and spam accounted for 68.0% of global emails.
Recently the decline has been much slower, but spammers have also adapted to using more targeted approaches and exploiting social media as alternatives to email.
Pharmaceutical spam is now at the lowest it has been since we started tracking it, accounting for 32.5 % of spam, compared with 64.2% at the end of 2010.
In November, Symantec Intelligence identified an average of 4,915 Web sites each day harboring malware and other potentially unwanted programs including spyware and adware; an increase of 47.8 percent since October 2011.
The most frequently blocked malware for the last month was WS.Trojan.H2. WS.Trojan.H is generic cloud-based heuristic detection for files that possess characteristics of an as yet unclassified threat.
The table alongside shows the frequency and ratio of attacks per user in the most frequently targeted regions.
Files detected by this heuristic are deemed by Symantec to pose a risk to users and are therefore blocked from accessing the computer.
In Australia 68.6 percent of email was blocked as spam, 69.2 percent in Hong Kong and 68.0 percent in Singapore, compared with 66.6 percent in Japan
In the US, 69.9 percent of email was spam and 69.5 percent in Canada. The spam level in the UK was 69.5 percent
In Australia, phishing activity accounted for one in 361.0 emails. The UK was the second most targeted country, with one in 167.0 emails identified as phishing attacks. Phishing levels for the US were one in 461.8.
In Australia, one in 326.2 emails was malicious. The UK remained at the top of the table with the highest ratio of malicious emails in November, with one in 149.4 emails identified as malicious. Virus levels for email-borne malware in the US reached one in 360.1.
With a drop in spam this month, the Automotive industry became the most spammed industry sector in November, with a spam rate of 73.0 percent.
The spam rate for the Education sector was 71.5 percent and 69.1 percent for the Chemical & Pharmaceutical sector, compared with 69.3 percent for IT Services, 69.0 percent for Retail, 68.8 percent for Public Sector and 69.2 percent for Finance.
The spam rate for small to medium-sized businesses (1-250) was 69.4%, compared with 69.7.1% for large enterprises (2,500+)
The Public Sector remained the most targeted by phishing activity in November, with one in 120.9 emails comprising a phishing attack.
Phishing levels for the Chemical & Pharmaceutical sector reached one in 407.5 and one in 377.0 for the IT Services sector, one in 397.0 for Retail, one in 130.5 for Education and one in 331.7 for Finance.
Phishing attacks targeting small to medium-sized businesses (1-250) accounted for one in 211.0 emails, compared with one in 334.0 for large enterprises (2,500+).
With one in 74.3 emails being blocked as malicious, the Public Sector remained the most targeted industry in November.
Virus levels for the Chemical & Pharmaceutical sector reached one in 275.5 and one in 276.6 for the IT Services sector; one in 337.1 for Retail, one in 105.2 for Education and one in 386.6 for Finance.
Malicious email-borne attacks destined for small to medium-sized businesses (1-250) accounted for one in 253.7 emails, compared with one in 249.9 for large enterprises (2,500+).
Read more: Advanced Persistent Threats (PDF)
Tables and charts courtsesy the November Symantec Intelligence Report.