Lately it seems rare to read a technology section and not see a story about a targeted online security attack. With Stuxnet, Duqu and now Flamer making big headlines, targeted attacks have become common house-hold names.
What is interesting to note is that targeted attacks aren’t always aimed at the big guys. The latest intelligence report from Symantec found that targeted attacks on SMBs are increasing.
While larger organizations continue to be the primary aim of targeted attacks, there has been a significant shift towards smaller companies over the last six months. More than 36% of all targeted attacks are aimed at small companies, compared to 18% at the end of 2011. In fact, when looking at the trends month-by-month, there appears to be a direct correlation between a rise in attacks against small companies and a drop in attacks against larger ones. Attackers could very well be diverting malicious resources directly from one group to the other.
This shift could be based on a perception that smaller business may be an easier point of entry. Without dedicated IT security staff, smaller businesses could be seen as a weaker link in the supply chain – less effort for bigger gains. For instance, an email that appears to come from a trusted contact, (in reality a spoofed from address), could find itself automatically forwarded on to business contacts or partners. These contacts could then open the email, installing the malware on their computers.
As spammers and malware authors adapt their strategies, it’s important for users to follow best practices and use security solutions from trusted vendors. Before downloading music or video files or opening an attachment to an email message, Symantec recommends the following best practices:
1. Get ready: Strengthen your computer’s defenses with:
- Antivirus protection
- Software updates
- Email spam filters
2. Download with caution: Think first. Click later.
- Beware of fraudulent email messages
- Only download from reputable sites
- Install and use file-sharing programs cautiously
- Save files for safer downloads
3. Remove malicious software – Sometimes, despite your best efforts, you may download a program you don’t want:
- Run antispyware tools
- Run the malicious software removal tool
- Disable add-ons
Other highlights from the Symantec Intelligence Report: June 2012
- Spam – 66.5 percent of total email in Canada (a global decrease of 1 percentage point since May 2012)
- Phishing – One in 332 emails identified as phishing in Canada (a global increase of 0.04 percentage points since May 2012)
- Malware – One in 271.3 emails contained malware (a decrease of 0.04 percentage points since May 2012)