Risk
4/16/2013
03:49 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Small Businesses Now Bigger Targets In Cyberattacks

Half of all targeted attacks last year hit companies with less than 2,500 employees, and overall, targeted cyberattacks jumped 42 percent in 2012, new Symantec data shows

It's not just the big boys who the bad guys are hacking anymore: Smaller, more vulnerable, and defenseless organizations are now one of the most popular targets, newly published data shows. As targeted cyberattacks increased by 42 percent last year, nearly one-third of all of these attacks were aimed at businesses with less than 250 people.

"Smaller businesses presume they are not a target. But we think attackers [are targeting] them because they have weaker security settings and are probably easier to penetrate. Plus they do work with larger organizations ... and attackers can use small companies as a stepping stone to larger ones or as an entry point into getting the information they want," says Vikram Thakur, principal security response manager for Symantec, which today released these latest findings as part of its 2013 Internet Security Threat Report. "They need to expect that."

In some cases, the smaller firm may be a supplier of key elements of a larger firm's intellectual property, too, which also makes it a juicy target, he says. Attackers also infiltrate smaller, easier-to-hack businesses in hopes that they will ultimately lead to bigger, more lucrative firms, he says. "One theory is they stay under the radar in smaller firms in hopes the smaller ones will be acquired by a larger company and then their networks will merge, and they'll have an existing foothold," Thakur says. "Another theory is that if they get in smaller companies, they can then use" its tunnel to a larger business partner's network, he says.

Last year, 50 percent of all targeted attacks hit businesses with less than 2,500 employees, and businesses with less than 250 employees accounted for 31 percent of all targeted attacks and represented the biggest growth sector in these attacks, according to Symantec's report.

[Broader spearphishing campaigns and watering-hole attacks look to compromise and gather intelligence on broader classes of targets. See Expect Less Targeting From This Year's Targeted Attacks.]

Symantec tallied an average of 116 targeted attacks each day around the world in 2012. Why the jump in targeted attacks? Thakur says that the 42 percent jump may, in part, have to do with the flood of waterholing-type attacks, where attackers infect legitimate websites that users of the targeted organizations would most likely frequent in hopes of infecting them. This can be more efficient than the traditional spearphish in terms of volume of infections: One waterhole attack by the so-called Elderwood Group last year spread malware to 500 different organizations in 24 hours via a human rights organization's website, for instance, Symantec says.

Jaime Blasco, labs manager at Alien Vault Labs, says part of the reason for the increase in targeted attack reports is that organizations are getting better at detecting that they are getting hacked. "I think the main reason is that most of the antivirus companies have more visibility about what is and what is not targeted," Blasco says. "I'm not saying that the number of targeted attacks hasn't increased, but it is true that companies, especially the small and [midsize] ones, are improving their detection capabilities."

The most-hit vertical industry in 2012 was manufacturing, with 34 percent of the targeted attacks, up from 15 percent in 2011. "This is the first year that government was not on top of the vertical list," Symantec's Thakur says.

Government and public sector organizations went from 25 percent of the targeted attacks in 2011 to 12 percent last year. Symantec says these shifts may be due to attackers moving "down the supply" chain in their attacks.

Meanwhile, the number of new vulnerabilities discovered in 2012 increased slightly from 4,989 in 2011 to 5,291 last year -- 425 of which were in mobile operating systems. The number of new zero-day vulnerabilities used in attacks was 14, versus eight in 2011.

Web-based attacks jumped by 30 percent last year, and the number of phishing sites posing as social networking sites exploded by 125 percent as attackers set their sights on social networks. And while mobile malware has grown by 58 percent the past year, according to Symantec's Thakur, 32 percent of all mobile threats now steal information from victims. "Data loss is the biggest concern and so is privacy," he says.

The full Symantec report is available here for download.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Drew Conry-Murray
50%
50%
Drew Conry-Murray,
User Rank: Ninja
4/18/2013 | 12:00:23 AM
re: Small Businesses Now Bigger Targets In Cyberattacks
The attitude that "it couldn't happen to me" has been a persistent problem in infosec. Repeated battering of large companies by attackers over the last decade has generally brought those organizations around. Looks like it's SMBs' turn now.

Drew Conry-Murray
Editor, Network Computing
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1421
Published: 2014-11-25
mountall 1.54, as used in Ubuntu 14.10, does not properly handle the umask when using the mount utility, which allows local users to bypass intended access restrictions via unspecified vectors.

CVE-2014-3605
Published: 2014-11-25
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6407. Reason: This candidate is a reservation duplicate of CVE-2014-6407. Notes: All CVE users should reference CVE-2014-6407 instead of this candidate. All references and descriptions in this candidate have been removed to pre...

CVE-2014-6093
Published: 2014-11-25
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CVE-2014-6196
Published: 2014-11-25
Cross-site scripting (XSS) vulnerability in IBM Web Experience Factory (WEF) 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework (WDF) and Lotus Widget Factory (LWF), allows remote attackers to inject arbitrary web script or HTML by leveraging a Dojo builder error in an unspecified WebSp...

CVE-2014-7247
Published: 2014-11-25
Unspecified vulnerability in JustSystems Ichitaro 2008 through 2011; Ichitaro Government 6, 7, 2008, 2009, and 2010; Ichitaro Pro; Ichitaro Pro 2; Ichitaro 2011 Sou; Ichitaro 2012 Shou; Ichitaro 2013 Gen; and Ichitaro 2014 Tetsu allows remote attackers to execute arbitrary code via a crafted file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?