internet security tHreAt rePOrt GOVernMent 2013
internet security tHreAt rePOrt GOVernMent 2013
internet security tHreAt rePOrt GOVernMent 2013
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
p. 112<br />
Symantec Corporation<br />
Internet Security Threat Report <strong>2013</strong> :: Volume 18<br />
MALICIOUS CODE TRENDS<br />
While 55 percent of the mailboxes targeted for attack are<br />
high-level executives, senior managers and people in R&D, the<br />
majority of targets are people that are unlikely to have such<br />
information. Why then are they targeted?<br />
As we’ve said, they provide a stepping stone to the ultimate<br />
target. And in the case of personal assistants, sales and media<br />
(public relations), they work closely with people who are the<br />
ultimate target. But just as important, these people are also easy<br />
to find and research online: email addresses for public relations<br />
people, shared mailboxes, and recruiters are commonly found on<br />
a company’s website.<br />
Additionally, these people are used to being contacted by people<br />
they do not know. And in many cases part of the job requires<br />
them to open unsolicited files from strangers. Think of how<br />
many resumes a recruiter receives each day in a document or<br />
PDF file attachment. Finally, under the illusion that targeted<br />
attacks are only aimed at high-level executives or those working<br />
with the company’s intellectual property (IP), they are less<br />
likely to have their guard up against social engineering.<br />
In Figure B.16, we can see that malicious EXEs are largely<br />
used in targeted attacks (over one-third of attacks). However,<br />
malicious DOCs and PDFs are commonly used by attackers<br />
(44.4 percent of the attacks).<br />
Looking at the break out of targeted attacks by industry,<br />
Manufacturing was the most-targeted sector in 2012, with 24.3<br />
percent of targeted attacks destined for this sector, compared<br />
with 15 percent in 2011. Attacks against government and public<br />
sector organizations fell from 25 percent in 2011, when it was<br />
the most targeted sector, to 12 percent in 2012. It’s likely the<br />
frontline attacks are moving down the supply chain, particularly<br />
for small to SMBs.<br />
Conclusion<br />
Figure B.13. Breakdown of Document Types Being Attached to Targeted Attacks, 2012<br />
Source: Symantec.cloud<br />
45%<br />
40<br />
35<br />
30<br />
25<br />
20<br />
15<br />
10<br />
5<br />
39%<br />
EXE<br />
34%<br />
DOC<br />
11%<br />
PDF<br />
5%<br />
XLS<br />
SCR<br />
BIN<br />
LNK<br />
Targeted attacks should be concern for all organization, large<br />
and small. While C-level executives and those that work with<br />
a company’s IP should be careful, everyone in an organization<br />
is at risk of being targeted. This is especially true of workers<br />
who in the course of their jobs typically receive email from<br />
people they don’t know. In the end, no matter the size or type<br />
of organization you have or your role in that organization, you<br />
are at risk and best practices must be followed to protect the<br />
organization. Don’t become the weakest link in the supply chain.<br />
2% 2% 2% 2% 1% 1%<br />
CHM<br />
DMP<br />
DLL
Change language