What is a targeted attack?
Targeted attacks are aimed at one person or a specific, small group of people. Back in the day, virus writers were trying to spread their malware to as many computer users as possible to make a name for themselves. But today cybercriminals are largely driven by financial motives and targeted assaults are replacing global widespread virus outbreaks.
A specific target
Nowadays, cybercriminals choose specific targets and create purpose-built malicious code which is distributed to just a few selected individuals in order to steal their personal and financial information. Today we see waves of sophisticated, on-going attacks targeting corporate executives and other high-level employees at a range of companies. Targeted attacks often have in mind an organization or a company, but attacks targeting ordinary citizens are also on the rise.
Targeted versions of phishing have been named "spear phishing" and have become increasingly sophisticated. E-mails typically start with real names and company references to make the messages seem real. To further reduce suspicions, the messages are well written and professionally presented. Such attacks are both harder to detect than mass phishing attacks, and more likely to be acted on, given the fact that they are customised for their recipients. The rise of social networks, like Facebook, and professional networks, like Plaxo and LinkedIn, is making it easier for attackers to do research on potential victims.
Cybercriminals prefer to use flaws in Microsoft Office applications for targeted attacks. Microsoft Office accounted for 84 per cent of targeted attacks in March 2007, with PowerPoint files being the most commonly-used format. Many of these attacks disguise malware as embedded objects inside attached, convincingly named Word, Excel, or PowerPoint documents. The recipient must click an icon inside the document for the attack to succeed. This arrangement allows the malware to slip past many anti virus programs.
Attacks on the rise
Five years after its invention, spear-phishing remains a trusted tool in the modern cybercriminal’s kit. The number of targeted phishing attacks against individuals has risen dramatically in the last five years from one or two a week in 2005 to more than 70 a day in 2010, according to Wired.com.
The attacks focus on smaller businesses, looking for weak links in a supply chain. Between 200 and 300 organizations are targeted each month, with the specific industries varying.
Spammers too will use targeted attacks more and more, as they learn from the virus writers' targeted approach. Experts believe that spam-run sizes will remain vast, but the content will be more targeted and stickier as the spammers will harvest personal information from sites such as Facebook in order to target attacks more effectively and get higher click rates.