Targeted Attacks in 2013

It can all start with what looks like an innocuous email containing a link to a potential job opportunity. Or perhaps it’s an unexpected phone call from someone claiming to be a high-ranking employee, asking you to process an invoice sent by email. It may even be lying in wait behind a website you frequently visit for work.

In many ways, targeted attacks have become public enemy number one in the corporate world, if anything, just for the potential havoc a successful attack can wreak. Stolen intellectual property, a loss of faith by customers, or simply general embarrassment are just a few of the potential outcomes of these attacks.

In this month’s Symantec Intelligence Report we take a detailed look at targeted attacks in 2013. While new techniques have yet to surface in the threat landscape so far this year, we’ve found that attackers have been busy refining established practices, adding new tricks to attack methods such as watering holes and spear phishing in order to increase the likelihood of snaring their intended targets.

We analyzed targeted attack trends over the last three years to get a better feel for how attackers are operating. While we’ve noticed that attacks per day are lower compared to last year, attacks are up 13 percent over a three year period.

We’ve also noticed a change in intended targets. While attacks against Manufacturing made up almost a quarter of all targeted attacks in 2012, it seems that attackers have shifted to services industries, where more than a third of attacks have been aimed so far this year.

We also take a look at the times of the year attackers are more likely to kick off targeted attack campaigns, as well as the type of malicious payloads they’re using. For instance, just how effective do you think emailing an executable as an attachment is in 2013? You might be surprised.

I sat down with Stephen Doherty, one of our leading threat researchers, for a Q&A discussion around the Hidden Lynx group, which carried out targeted attacks and breached some of the world’s best protected organizations. Symantec Security Response recently reported details on this group in a Symantec whitepaper, “Hidden Lynx – Professional Hackers for Hire.”  Here’s a quick sample of our discussion:

They’re cutting edge in what they do. They have access to the latest exploits. We’ve seen them using spear phishing attacks, and VOHO was a large watering hole campaign. To get into quite hard to reach places they have used supply chain attacks.

We go on to talk about who the Hidden Lynx group is, how they operate, and what they’re after, as well as what the future might hold for these attackers.

We hope you enjoy reading the September Symantec Intelligence Report. You can download your copy here.