Symantec has a released a new report looking at the nature of industrial espionage and targeted attacks, a big issue right now, considering the whole Google/China situation. A representative for the firm tells WebPronews, "Further analysis of targeted attacks shows that the top five targeted roles are senior officials (VPs, Directors) and the individuals that receive the most targeted malware are responsible for foreign trade and defense policy, especially in relation to Asian countries."
The attacks frequently come from malicious emails sent in small volumes aimed at gaining access to sensitive corporate data. The report suggests that the majority of targeted malware sent this month originated in China. "While most of the emails containing targeted malware are sent from mail servers in the United States, analysis of the actual sender’s location shows that most targeted attacks come from China (28.2 percent), followed by Romania (21.1 percent) and the United States (13.8 percent)," Symantec says.
Locations can be deceiving. "When considering the true location of the sender rather than the location of the email server, fewer attacks are actually sent from North America than it would at first seem," says Paul Wood, Senior Analyst for Symantec’s MessageLabs Intelligence. "A large proportion of targeted attacks are sent from legitimate webmail accounts which are located in the US and therefore, the IP address of the sending mail server is not a useful indicator of the true origin of the attack. Analysis of the sender’s IP address, rather than the IP address of the email server reveals the true source of these targeted attacks."
The most common file types attached to the malicious emails are .XLS and .DOC, but the most dangerous file type, according to Symantec, is an encrypted .RAR. .ZIPs and .PDFs are also common.