There’s some good news and bad news in cybersecurity software company Symantec’s final monthly intelligence report for the year, published Tuesday: The good news is that the global rate of email spam fell to its lowest level since 2008. The bad news is that targeted cyber attacks, the kind that can lead to advanced persistent threats such as Duqu and Stuxnet, increased by an astonishing 400 percent over the course of the year.
“In November, approximately 94 such attacks were blocked by Symantec.cloud each day, four times the number blocked in January of the same year,” the report states.
A targeted attack is defined as a cyber attack directed at a specific individual, group of individuals or organization, as opposed to more broad-based malware designed to infect as many individuals as possible.
This is precisely the kind of attack that delivered the Duqu malware to what security experts believe was its first target, a company in Sudan. In that instance, the attacker(s) emailed employees pretending that they were attaching a document pertaining to company business. When the decoy document was opened, it infected the recipient’s computer.
Moreover, Symantec reports a drastic increase in the number targeted attacks since they were first detected in 2005. Back then, Symantec was only identifying and blocking one such attack per week, but within a year, that number had risen to one per day. By 2010, Symantec was detecting and blocking 60 targeted attacks every day. In the first quarter of 2011, the number climbed to 80 attacks per day.
Symantec takes pains to point out that such attacks are still relatively rare compared to all the other malware circulating around the Web, and that not all targeted attacks deliver “advanced persistent threats,” such as Stuxnet and Duqu.
In fact, Symantec has a very specific definition for what constitutes an “advanced persistent threat” (APT): That is, a cyber attack campaign that is designed to stay “below the radar,” remaining covert and undetected on infected systems for as long as possible, in order to conduct a long-term campaign of theft, sabotage and/or another crime.
As Symantec explains:
The objective of an APT may include military, political or economic intelligence gathering, confidential or trade secret threat, disruption of operations, or even the destruction of equipment. Stuxnet was a good, albeit extreme example of the latter: the malware enabled an attacker to disrupt the industrial control systems within the Uranium enrichment process of a particular target.
Only one out of two million emails sent globally in November contained a targeted attack that could lead to an advanced persistent threat, according to Symantec.
On the plus side, the global rate of spam emails to authentic emails fell 3.7 points in November to 70.5 percent, a ratio of 1 spam email for every 1.42 emails sent.
That’s the lowest level that Symantec has detected since November 2008 following the shutdown of the McColo Internet service provider, which was estimated to account for as much as 75 percent of all global Internet spam.
Following that, global email spam rebounded in early 2009 as it became more decentralized, with new botnets springing up.
Why global email spam fell so much in 2011 isn’t entirely clear, but we’ve reached out to Symantec for more information on the subject.
The most common spam email subject lines in November 2011 pertained to software — namely Windows 7 and Adobe CS5 — Facebook, and, what else, “penis enlargement pills.” Also making the list were email subjects lines pertaining to “replica watches.”
Overall, though pharmaceutical-related spam hit its lowest level, 35 percent, since Symantec began tracking.
Russia was the most-spammed country and the automotive industry was the most-spammed sector, according to the security firm.
