Retail organizations accounted for 25 percent of all targeted attacks in October, up from a monthly average of about 0.5 percent over the past two years, according to new data from Symantec's October 2010 MessageLabs Intelligence Report. That was 516 of 2,310 targeted attacks.
Overall, there is an average of 77 targeted attacks each day against organizations across all types of industries, versus one to two per week in 2005. One in 1.26 emails were targeted attack vehicles in October, according to Symantec.
"This is the first time the retail sector has come under intensive attack with low-level targeted emails. Other sectors have been targeted more frequently in the past, including the public sector, manufacturing, chem/pharm, and finance," says Paul Wood, MessageLabs Intelligence senior analyst for Symantec Hosted Services.
Wood says the targeted attacks waged against the retail sector were aimed at a total of six retail businesses, and 63 percent at just one retailer. So why the noticeable bump in attacks against retail? "There are a number of factors that may be contributing to this, such as the financial performance of the retailers in question -- insider knowledge can be very valuable on the black markets. These companies may have overseas interests that are creating competition in other markets, and their competitors may have an interest in obtaining confidential data," Wood says. "It may be cybercriminals seeking access to customer account information or credit card records."
These targeted attacks were conducted via spear-phishing campaigns, and there were three waves of them, using legitimate-looking emails purportedly from human resources and IT staffers in the targeted organizations. The messages carried malicious attachments, PDFs, Excel, and ZIP files.
"It is difficult to ascertain the motivations behind each attack, but once a criminal group has penetrated an organization in this way, they may as well be sitting at a computer on the corporate network," Symantec's Wood says. "Social engineering plays a crucial role in the success or failure of these attacks, and raising awareness of them is very important. Eliminating these threats before they can reach your company network is the best way to defend against them."
The full report is available for download here.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.