Attackers used smaller businesses with less stringent security as gateways to their ultimate targets — large corporations or governments that hold valuable secrets, according to a Symantec report on Internet security.
In addition, adversaries target lower-level employees because they are more likely to open up malware attachments to emails that compromise their machines and then their networks, according to “Internet Security Threat Report: 2011 Trends,” put out by Symantec.
Half the targeted attacks were directed at companies with fewer than 2,500 employees, the study says, and while they may not own assets that the attackers want, they may represent back doors into larger businesses that do own such assets.
“It is possible that smaller companies are targeted as a stepping-stone to a larger organization because they may be in the supply chain or partner ecosystem of larger, but less well-defended companies,” according to the report.
This was the case with the attack on RSA that resulted in its two-factor token code being stolen. The network of an RSA partner company was compromised and an email sent from that company to an RSA employee contained an attachment that led to the breach. The RSA breach, in turn, led to the breach later last year of Lockheed Martin’s network.
The individuals targeted are generally not high-level employees with direct access to valuable information, although 25 per cent are aimed at executives.
Instead, attackers target a range of those who are likely to open attachments on emails from strangers, such as HR professionals who routinely receive emails with resumes attached that are sent by job applicants, the report says. HR workers are targeted 6 per cent of the time, the study says. Shared mailboxes receive 23 per cent of the attacks.
Data breaches resulted in the personal information of 232.4 million people being exposed, with each breach averaging the exposure of 1.1 million identities, the Symantec report says. The cost to U.S. companies that lost personal data was $194 per individual.
Healthcare organizations suffered the lion’s share of the breaches — 43 per cent, but computer software and IT companies suffered the greatest percentage of individual identities compromised with 44 per cent and 41 per cent, respectively.
Other stats from the report:
The number of machines compromised by bots shrank from 2010 to 2011 from 4.5 million to 3.06 million.
The total number of attacks Symantec blocked jumped 81 per cent from about 3 billion in 2010 to about 5.5 billion in 2011. The unique variants of malware jumped from 286 million in 2010 to 403 million in 2011. “Malware authors effectively use toolkits to create new versions of malware,” the report says.
Mobile vulnerabilities jumped from 163 in 2010 to 315 in 2011. Many of these were spyware that collected information from phones and sent it to attackers, but 24 per cent of mobile malware sent premium text messages. These messages are sent without the owner’s knowledge, and result in the owner being billed.