Spam levels fall, but targeted attacks on the rise

Posted by Kate Taylor

The amount of spam winging its way into our inboxes has fallen to its lowest level in three years - although it still accounts for seven out of ten emails, says Symantec.

But somebody out there reckons we must all have a lifetime's supply of Viagra already, as pharmaceutical spam has halved since last year, now accounting for just under a third of all spam 32.5 percent of all spam.

However, it's not all good news. The November 2011 Symantec Intelligence Report shows that while spam may be falling, targeted attacks are on the rise, increasing four-fold since January this year. On average 94 targeted attacks were blocked each day during November.

"The aim of these targeted attacks is to establish persistent access to the targeted organization’s network, in many cases with the aim of providing remote access to confidential data. They have the potential to cause serious damage to an organization and in the long term represent a significant threat against the economic prosperity of many countries," says Paul Wood, a Symantec senior intelligence analyst.

"Targeted attacks are designed to gather intelligence, steal confidential information or trade secrets, and in the case of attacks like Stuxnet, disrupt operations or even destroy critical infrastructure."

In the US, says Symantec, at least one attack is being blocked each day, with one in 389 users being on the wrong end ofsuch an attack.
The public sector was the most frequently targeted industry during 2011, with around 20.5 targeted attacks blocked each day. The chemical and pharmaceutical industry was second highest ranked, with 18.6 blocked each day.

"It is important to remember that without strong social engineering, or ’head-hacking,’ even the most technically sophisticated attacks are unlikely to succeed. Many attacks include elements of social engineering and are based on information we make available ourselves through social networking and social media sites," says Wood.

"Once the attackers are able to understand our interests or hobbies, with whom we socialize and who else may be in our networks; they are often able to construct more believable and convincing attacks against us."