SMEs at centre of cyber attacks

SymantecheadquartersTargeted security attacks rose by 42 percent in 2012, with cybercriminals targeting SMEs, Symantec has found.

In its Internet Security Threat Report the company said these threats were designed to
steal intellectual property, and were increasingly hitting the manufacturing sector as well as small businesses, which were the target of 31 percent of these attacks.

Small businesses are apparently attractive targets themselves and a way in to ultimately reach larger companies via “watering hole” techniques, Symantec said, citing a threefold rise in the number of attacks on these size businesses compared to 2011.

It said that while small businesses¬† could feel they were immune to targeted attacks, cybercriminals were enticed by these organisations’ bank account information, customer data and intellectual property. Attackers hone in on small businesses that may often lack adequate security practices and infrastructure, the company said.

Web-based attacks increased by 30 percent in 2012, which Symantec said originated from the compromised websites of small businesses.

It pointed out that these websites were used in massive cyber-attacks as well as “watering hole” attacks. In a watering hole attack, the attacker compromises a website, such as a blog or small business website, which is known to be frequently visited by the victim of interest. When the victim later visits the compromised website, a targeted attack payload is silently installed on their computer.

Shifting from governments, manufacturing  moved to the top of the list of industries targeted for attacks in 2012. Symantec said this was because cybercriminals were attacking the supply chain as a result of finding contractors and subcontractors susceptible to attacks and often in possession of valuable intellectual property.

Often by going after manufacturing companies in the supply chain, attackers gain access to sensitive information of a larger company, the company pointed out.

On the consumer front mobiles seemed to be the worst hit, with malware increasing by 58 percent. Around a third of all mobile threats attempted to steal information, such as e-mail addresses and phone numbers.

Apple’s iOS had the most documented vulnerabilities, it only had one threat discovered during the same period and Android, by contrast, had fewer vulnerabilities but more threats than any other mobile operating system.

Webwise 61 percent of malicious websites were found to be legitimate websites that had been compromised and infected with malicious code. Business, technology and shopping websites were among the top five types of websites hosting infections.

A growing source of infections on websites was malvertisements – when criminals buy advertising space on legitimate websites and use it to hide their attack code.