According to a recent Symantec blog, attackers are targeting SMBs at a greater rate than companies with more than 500 people. Some other interesting facts from Symantec’s cloud research:
“The percentage of employees who received a targeted Trojan during 2010 was much higher for the SMB sector than for large companies. One small business, in particular, had targeted Trojans sent to all 488 of their employees. SMB industry sectors such as mineral/fuel, non-profit, engineering, marketing and recreation received the most attacks compared with other industry sectors, showing that they are at higher risk. They also found that attackers target intellectual property and market-leading research – focusing their efforts on education and market research organizations, in particular.”
Commtouch, a provider of antivirus technology to industry, is indicating in its blog that targeted emails with malicious attachments have increased dramatically since August to two billion or more per day. These are not emails with links to bogus or malicious websites, but attachments that may look like normal document files typical in business. These attacks are not spam but something far more sinister.
These targeted attacks are aimed at specific individuals in specific organizations, contain embedded malware, and are designed largely to capture credentials and gain access to valuable data. Much of this targeted email with malicious attachments bypasses antivirus and gateway protections. It lands squarely in a target’s inbox as legitimate email. The embedded malware is designed to be unique and unknown to anti-virus and anti-malware.
If you find yourself reading an email with an attachment that seems to be legitimate, think twice, it may not be. A targeted email attack often uses information about you to gain your trust. It will seem like a normal email.
So what do you do? Symantec’s blogger suggests that you “use common sense” and “be smart.” Your business associates send you data files that you open all of the time. The attacker will pose as one of them, but will bury a program inside. You can’t possibly know for sure, regardless of how much common sense you apply.
The new Savant Enforcer client will block malicious attachments automatically because it denies by default any unknown executable. It’s a simple and powerful antidote for the avalanche of targeted malware and it can be installed on a computer for about a dollar per month. Should you use common sense, good security practices and keep your software protection up to date? Of course you should. But you may also want to consider a solution that gives you the confidence to open an attachment without the risk of compromise.