internet security tHreAt rePOrt GOVernMent 2013
internet security tHreAt rePOrt GOVernMent 2013
internet security tHreAt rePOrt GOVernMent 2013
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
p. 109<br />
Symantec Corporation<br />
Internet Security Threat Report <strong>2013</strong> :: Volume 18<br />
MALICIOUS CODE TRENDS<br />
social engineering techniques. However, not all targeted attacks<br />
lead to an APT; for example, the Zeus banking Trojan can be<br />
targeted and will use social engineering in order to trick the<br />
recipient into activating the malware. But Zeus is not an APT.<br />
The attacker doesn’t necessarily care about who the individual<br />
recipient is; they may have been selected simply because the<br />
attacker is able to exploit information gathered about that<br />
individual, typically harvested through social networking<br />
websites.<br />
Social engineering has always been at the forefront of many of<br />
these more sophisticated types of attack. Without strong social<br />
engineering, or “head-hacking,” even the most technically<br />
sophisticated attacks are unlikely to succeed. Many socially<br />
engineered attacks are based on information harvested through<br />
social networking and social media websites. Once the attackers<br />
are able to understand their targets’ interests, hobbies, with<br />
whom they socialize, and who else may be in their networks,<br />
they are often able to construct more believable and convincing<br />
attacks.<br />
The data in this section is based on analysis of targeted email<br />
malware identified and blocked by Symantec.cloud on behalf of<br />
its customers in 2012.<br />
Figure B.10. Average Number of Targeted Email Attacks Per Day, 2012<br />
Source: Symantec.cloud<br />
250<br />
200<br />
150<br />
100<br />
50<br />
JAN<br />
FEB<br />
MAR<br />
APR<br />
MAY<br />
JUN<br />
JUL<br />
AUG<br />
Data and Commentary<br />
Malware such as Stuxnet in 2010, Duqu in 2011, and Flamer<br />
and Disttrack in 2012 show increasing levels of sophistication<br />
and danger. For example, the Disttrack malware used in the<br />
Shamoon attacks on a Saudi oil firm had the ability to wipe hard<br />
drives. 5<br />
The same techniques used by cybercriminals for industrial<br />
espionage may also be used by states and state proxies for cyber<br />
attacks and political espionage. Sophisticated attacks may<br />
be reverse-engineered and copied so that the same or similar<br />
techniques can be used in less discriminate attacks. A further<br />
risk is that malware developed for cybersabotage may spread<br />
beyond its intended target and infect other computers in a kind<br />
of collateral damage.<br />
SEP<br />
OCT<br />
NOV<br />
DEC