Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

4/16/2013
03:49 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Small Businesses Now Bigger Targets In Cyberattacks

Half of all targeted attacks last year hit companies with less than 2,500 employees, and overall, targeted cyberattacks jumped 42 percent in 2012, new Symantec data shows

It's not just the big boys who the bad guys are hacking anymore: Smaller, more vulnerable, and defenseless organizations are now one of the most popular targets, newly published data shows. As targeted cyberattacks increased by 42 percent last year, nearly one-third of all of these attacks were aimed at businesses with less than 250 people.

"Smaller businesses presume they are not a target. But we think attackers [are targeting] them because they have weaker security settings and are probably easier to penetrate. Plus they do work with larger organizations ... and attackers can use small companies as a stepping stone to larger ones or as an entry point into getting the information they want," says Vikram Thakur, principal security response manager for Symantec, which today released these latest findings as part of its 2013 Internet Security Threat Report. "They need to expect that."

In some cases, the smaller firm may be a supplier of key elements of a larger firm's intellectual property, too, which also makes it a juicy target, he says. Attackers also infiltrate smaller, easier-to-hack businesses in hopes that they will ultimately lead to bigger, more lucrative firms, he says. "One theory is they stay under the radar in smaller firms in hopes the smaller ones will be acquired by a larger company and then their networks will merge, and they'll have an existing foothold," Thakur says. "Another theory is that if they get in smaller companies, they can then use" its tunnel to a larger business partner's network, he says.

Last year, 50 percent of all targeted attacks hit businesses with less than 2,500 employees, and businesses with less than 250 employees accounted for 31 percent of all targeted attacks and represented the biggest growth sector in these attacks, according to Symantec's report.

[Broader spearphishing campaigns and watering-hole attacks look to compromise and gather intelligence on broader classes of targets. See Expect Less Targeting From This Year's Targeted Attacks.]

Symantec tallied an average of 116 targeted attacks each day around the world in 2012. Why the jump in targeted attacks? Thakur says that the 42 percent jump may, in part, have to do with the flood of waterholing-type attacks, where attackers infect legitimate websites that users of the targeted organizations would most likely frequent in hopes of infecting them. This can be more efficient than the traditional spearphish in terms of volume of infections: One waterhole attack by the so-called Elderwood Group last year spread malware to 500 different organizations in 24 hours via a human rights organization's website, for instance, Symantec says.

Jaime Blasco, labs manager at Alien Vault Labs, says part of the reason for the increase in targeted attack reports is that organizations are getting better at detecting that they are getting hacked. "I think the main reason is that most of the antivirus companies have more visibility about what is and what is not targeted," Blasco says. "I'm not saying that the number of targeted attacks hasn't increased, but it is true that companies, especially the small and [midsize] ones, are improving their detection capabilities."

The most-hit vertical industry in 2012 was manufacturing, with 34 percent of the targeted attacks, up from 15 percent in 2011. "This is the first year that government was not on top of the vertical list," Symantec's Thakur says.

Government and public sector organizations went from 25 percent of the targeted attacks in 2011 to 12 percent last year. Symantec says these shifts may be due to attackers moving "down the supply" chain in their attacks.

Meanwhile, the number of new vulnerabilities discovered in 2012 increased slightly from 4,989 in 2011 to 5,291 last year -- 425 of which were in mobile operating systems. The number of new zero-day vulnerabilities used in attacks was 14, versus eight in 2011.

Web-based attacks jumped by 30 percent last year, and the number of phishing sites posing as social networking sites exploded by 125 percent as attackers set their sights on social networks. And while mobile malware has grown by 58 percent the past year, according to Symantec's Thakur, 32 percent of all mobile threats now steal information from victims. "Data loss is the biggest concern and so is privacy," he says.

The full Symantec report is available here for download.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Drew Conry-Murray
50%
50%
Drew Conry-Murray,
User Rank: Ninja
4/18/2013 | 12:00:23 AM
re: Small Businesses Now Bigger Targets In Cyberattacks
The attitude that "it couldn't happen to me" has been a persistent problem in infosec. Repeated battering of large companies by attackers over the last decade has generally brought those organizations around. Looks like it's SMBs' turn now.

Drew Conry-Murray
Editor, Network Computing
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31664
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-33185
PUBLISHED: 2021-06-18
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information.
CVE-2021-33186
PUBLISHED: 2021-06-18
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-31272
PUBLISHED: 2021-06-18
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.
CVE-2021-31660
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to obtain sensitive information.