CONTENTS

Number of daily targeted attacks increase four-fold since January; lowest global spam rate for three years: Symantec

Symantec announced the results of the November 2011 Symantec Intelligence Report. This month’s analysis reveals that the number of daily targeted attacks has increased four-fold compared to January this year. On average 94 targeted attacks were blocked each day during the month of November.

Further analysis reveals that in the U.S. at least one attack is being blocked each day, and that one in 389 users may be the recipient of such an attack. Contrast this with Japan where at least one attack is blocked nearly every nine days, and may only be sent to one in 520 individuals. The November Symantec Intelligence Report includes additional data on the geographical distribution of these attacks.

The public sector has been identified as the most frequently targeted industry during 2011, with approximately 20.5 targeted attacks blocked each day. The chemical & pharmaceutical industry was second highest ranked, with 18.6 blocked each day. In this latter case, many of these attacks surfaced later in the year, and fit into the profile described in the Nitro[1] attacks. Similarly, this is also the case for the manufacturing sector, which was placed third most-targeted with approximately 13.6 attacks blocked each day.

“The aim of these targeted attacks is to establish persistent access to the targeted organization’s network, in many cases with the aim of providing remote access to confidential data. They have the potential to cause serious damage to an organization and in the long term represent a significant threat against the economic prosperity of many countries,” said Abhijit Limaye, Director, Development, Symantec.

“Targeted attacks are designed to gather intelligence, steal confidential information or trade secrets, and in the case of attacks like Stuxnet, disrupt operations or even destroy critical infrastructure.”

This month’s analysis indicates that large enterprises consisting of more than 2,500 employees received the greatest number of attacks, with 36.7 being blocked each day. By contrast, the small-to-medium sized business sector with less than 250 employees had 11.6 attacks blocked daily.

“It is important to remember that without strong social engineering, or ’head-hacking,’ even the most technically sophisticated attacks are unlikely to succeed. Many attacks include elements of social engineering and are based on information we make available ourselves through social networking and social media sites. Once the attackers are able to understand our interests or hobbies, with whom we socialize and who else may be in our networks; they are often able to construct more believable and convincing attacks against us,” Limaye said.

While targeted attacks are on the increase, the global spam rate has now reached its lowest level in three years. The effect of spam volumes three years ago was very dramatic and spam accounted for 68.0% of global emails. Recently the decline has been much slower, but spammers have also adapted to using more targeted approaches and exploiting social media as alternatives to email. Pharmaceutical spam is now at the lowest it has been since we started tracking it, accounting for 32.5% of spam, compared with 64.2% at the end of 2010.

Other report highlights:

Spam: The global ratio of spam in email traffic in November fell by 3.7 percentage points since October to 70.5% (1 in 1.42 emails).

Phishing: In November, the global phishing rate increased by 0.04 percentage points, taking the average to one in 302.0 emails (0.33%) that comprised some form of phishing attack.

E-mail-borne threats: The global ratio of email-borne viruses in email traffic was one in 255.8 emails (0.39%) in November, a decrease of 0.03 percentage points since October 2011. Further analysis also shows that 40.2% of email-borne malware contained links to malicious Web sites, an increase of 20.1 percentage points since October 2011.

Web-based Malware threats: In November, Symantec Intelligence identified an average of 4,915 Web sites each day harboring malware and other potentially unwanted programs including spyware and adware; an increase of 47.8% since October 2011.

Endpoint threats: The most frequently blocked malware for the last month was WS.Trojan.H[2]. WS.Trojan.H is generic cloud-based heuristic detection for files that possess characteristics of an as yet unclassified threat. Files detected by this heuristic are deemed by Symantec to pose a risk to users and are therefore blocked from accessing the computer.

Spam

• In the US, 69.9% of email was spam and 69.5% in Canada.
• The spam level in the UK was 69.5%.
• In The Netherlands, spam accounted for 70.5% of email traffic, 70.1% in Germany, 70.4% in Denmark.
• In Australia 68.6% of email was blocked as spam, 69.2% in Hong Kong and 68.0% in Singapore, compared with 66.6% in Japan.
• Spam accounted for 70.1% of email traffic in South Africa and 74.3% in Brazil.

Phishing

South Africa once again became the country most targeted for phishing attacks in November, with one in 96.2 emails identified as phishing.

• The UK was the second most targeted country, with one in 167.0 emails identified as phishing attacks.
• Phishing levels for the US were one in 461.8 and one in 242.4 for Canada.
• In Germany phishing levels were one in 426.2, one in 781.5 in Denmark and one in 250.4 in The Netherlands.
• In Australia, phishing activity accounted for one in 361.0 emails and one in 517.0 in Hong Kong; for Japan it was one in 2,058 and one in 609.7 for Singapore.
• In Brazil one in 775.3 emails was blocked as phishing.

E-mail-borne threats

• The UK remained at the top of the table with the highest ratio of malicious emails in November, with one in 149.4 emails identified as malicious.
• Switzerland had the second highest rate, with one in 185.6 emails identified as malicious.
• South Africa returned to the top-5 list this month with one in 222.5 emails blocked as malicious.
• Virus levels for email-borne malware in the US reached one in 360.1 and one in 219.9 in Canada. In Germany virus activity reached one in 275.0, one in 710.5 in Denmark and in The Netherlands one in 238.2.
• In Australia, one in 326.2 emails was malicious and one in 325.8 in Hong Kong. For Japan the rate was one in 1,147, compared with one in 450.0 in Singapore.
• In Brazil, one in 570.6 emails in contained malicious content.

Vertical trends

• With a drop in spam this month, the Automotive industry became the most spammed industry sector in November, with a spam rate of 73.0%.
• The spam rate for the Education sector was 71.5% and 69.1% for the Chemical & Pharmaceutical sector, compared with 69.3% for IT Services, 69.0% for Retail, 68.8% for Public Sector and 69.2% for Finance.
• The spam rate for small to medium-sized businesses (1-250) was 69.4%, compared with 69.7.1% for large enterprises (2,500+).
• The Public Sector remained the most targeted by phishing activity in November, with one in 120.9 emails comprising a phishing attack.
• Phishing levels for the Chemical & Pharmaceutical sector reached one in 407.5 and one in 377.0 for the IT Services sector, one in 397.0 for Retail, one in 130.5 for Education and one in 331.7 for Finance.
• Phishing attacks targeting small to medium-sized businesses (1-250) accounted for one in 211.0 emails, compared with one in 334.0 for large enterprises (2,500+).
• With one in 74.3 emails being blocked as malicious, the Public Sector remained the most targeted industry in November.
• Virus levels for the Chemical & Pharmaceutical sector reached one in 275.5 and one in 276.6 for the IT Services sector; one in 337.1 for Retail, one in 105.2 for Education and one in 386.6 for Finance.
• Malicious email-borne attacks destined for small to medium-sized businesses (1-250) accounted for one in 253.7 emails, compared with one in 249.9 for large enterprises (2,500+).