Spam e-mail hits three-year low – but targeted attacks up
Targeted cyberattacks – the kind used to burrow deep into corporate computer networks and steal their proprietary secrets – rose sharply in 2011, according to a new report. But it also found that the broad tidal wave of e-mailed spam fell substantially this year.
Granted, spam still accounted for 70.5 percent of the 48 billion e-mail messages sent each day. But overall spam levels this year hit a three-year low – well below the 90 percent rate reported in 2010 by Symantec, a computer security company in Mountain View, Calif.
Pharmaceutical pitches made up the bulk of spam messages – nearly 33 percent, followed by watches/jewelry at 19 percent, unsolicited newsletters 17.5 percent, adult/sex/dating at 12.5 percent, and weight loss at 8 percent. Gambling, software, scams, degrees, and diplomas together accounted for about 5 percent.
Declines in spam overall are due in part to some success in closing down rogue Internet service providers and shutting down notorious "botnets" – networks of enslaved computers used by criminals to send waves of bogus spam e-mail.
While spam is often fraudulent, just 1 of every 255 e-mails in November contained some form of malicious software or “malware," which can steal information – or worse.
Although there were relatively few "targeted e-mail attacks," those increased the most, writes Paul Wood, Symantec senior researcher, in the report. An example of a generic targeted attack is an e-mail advertising half-price “green fees” that might appeal to a golfer. The attacker's goal is to get the recipient to click on and open a document – a contaminated PDF file. That, in turn, might install a piece of malicious software that steals his bank account information.
An even worse variant is the "highly targeted" e-mail attack dubbed the “advanced persistent threat,” or APT. Such attacks leapt from one per day six years ago to about 60 per day in 2010, and they rose to 94 a day last month, Symantec found.
That's still relatively rare. On average, just one "highly targeted" attack appeared in every 8,300 malicious e-mails – and in just 1 out of every 2 million e-mails overall. Among those in the cross hairs of "highly targeted" spam were the government, chemical/pharmaceutical companies, and the finance and manufacturing sectors, Symantec found.
The APT malicious software is hidden in an attached document of an e-mail that often appears to come from a boss or colleague. One reported attack, in April, came via an e-mail that included a spreadsheet document appearing to detail a company hiring plan for the coming year. It was "dressed-up to appear to have been sent from a recruitment agency the HR team had been working with, a technique known as 'spear phishing,' " the Symantec report said.
Attached to the e-mail might have been a document called “staff_salaries.doc.” At that point human curiosity takes over, Symantec reports, leading an employee to click on the document. Once that happens, the victim's computer becomes a steppingstone or beachhead for infiltrating the rest of the company’s network.
Crafting an e-mail so that it appears to come from a colleague is the key for an attack to succeed.
"Without strong social engineering, or 'head-hacking,' even the most technically sophisticated attacks are unlikely to succeed," the report says. "Many socially engineered attacks are based on information we make available ourselves through social networking and social media sites. Once the attackers are able to understand our interests, hobbies, with whom we socialize, and who else may be in our networks; they are often able to construct more believable and convincing attacks against us."
