Retailers Biggest Victims Of Targeted Attacks

New Symantec data shows one-fourth of all focused attacks hitting retail organizations this month

Dark Reading Staff, Dark Reading

October 27, 2010

2 Min Read
Dark Reading logo in a gray background | Dark Reading

It's not even the holiday rush yet, and retailers are already feeling the pinch of cybercrime: New data shows that for the first time, retailers were hit hardest by targeted attacks.

Retail organizations accounted for 25 percent of all targeted attacks in October, up from a monthly average of about 0.5 percent over the past two years, according to new data from Symantec's October 2010 MessageLabs Intelligence Report. That was 516 of 2,310 targeted attacks.

Overall, there is an average of 77 targeted attacks each day against organizations across all types of industries, versus one to two per week in 2005. One in 1.26 emails were targeted attack vehicles in October, according to Symantec.

"This is the first time the retail sector has come under intensive attack with low-level targeted emails. Other sectors have been targeted more frequently in the past, including the public sector, manufacturing, chem/pharm, and finance," says Paul Wood, MessageLabs Intelligence senior analyst for Symantec Hosted Services.

Wood says the targeted attacks waged against the retail sector were aimed at a total of six retail businesses, and 63 percent at just one retailer. So why the noticeable bump in attacks against retail? "There are a number of factors that may be contributing to this, such as the financial performance of the retailers in question -- insider knowledge can be very valuable on the black markets. These companies may have overseas interests that are creating competition in other markets, and their competitors may have an interest in obtaining confidential data," Wood says. "It may be cybercriminals seeking access to customer account information or credit card records."

These targeted attacks were conducted via spear-phishing campaigns, and there were three waves of them, using legitimate-looking emails purportedly from human resources and IT staffers in the targeted organizations. The messages carried malicious attachments, PDFs, Excel, and ZIP files.

"It is difficult to ascertain the motivations behind each attack, but once a criminal group has penetrated an organization in this way, they may as well be sitting at a computer on the corporate network," Symantec's Wood says. "Social engineering plays a crucial role in the success or failure of these attacks, and raising awareness of them is very important. Eliminating these threats before they can reach your company network is the best way to defend against them."

The full report is available for download here.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights