14 DAY TRIAL // According to statistics compiled by antivirus giant Symantec, the average number of targeted attacks intercepted on a daily basis has increased by over 60% in 2010 compared to the previous year.
Targeted attacks are a very serious threat because they are regularly directed at government agencies, contractors, financial companies and other high-profile organizations.
In addition, such attacks have a higher success rate because they regularly exploit previously unknown security holes, called zero-day vulnerabilities.
The motivation behind targeted attacks can vary from intelligence gathering to theft of financial data, theft of intellectual property and even sabotage.
According to Symantec's data since April 2008 around a third of all attacks targeted organizations from the public sector.
Private companies that deal with manufacturing were targeted in 16% of attacks, suggesting a high corporate espionage activity. Financial companies with 8% of attacks and IT services with 6% follow on the list of most common targets.
Symantec estimates that 1 in 20 of its North American customers were attacked during 2010, which represents a 12% increase over 2009 that was coupled with a 20% percent increase in the number of actual attacks.
The Francophone countries of the European Union and the Asia-Pacific region have the highest rate of attacked customers, 1 in 19.
"Compared with 2009 the number of targeted attacks is increasing as is the number of companies attacked. We saw a 17.40% increase in the number of attacked customers in 2010 over 2009 and a 31.37% increase in the number distinct attacks," the antivirus vendor reports.
This type of attacks generally target senior company officials, because most attackers are looking for the highest possible access to data and systems.
According to Symantec, 34% of targets are senior managers with titles such as vice president or director, 24% are other employees with managerial responsibilities and 4% are low-ranking staff.
In addition, around 19% of attacks are sent to generic email addresses such as recruitment@ or enquiries@ because people checking those communications are more likely to open attachments or click on malicious links due to the nature of their work.