Retailers Under Attack

An upsurge in retail-oriented phishing exploits underscores the growing menace posed by targeted attacks.

We’ve already seen that targeted attacks are increasingly troubling for IT. In the past, spammers have targeted specific job roles or specific business subject-matter areas. This summer, spammers exploited interest in the World Cup to perpetrate a range of different targeted attacks -- including some aimed at specific verticals in specific locales -- such as chemical, financial services, and manufacturing interests in perennial World Cup powerhouse Brazil.

More recently, spammers have taken to targeting retailers. Such attacks are the latest trend according to researchers with Symantec Corp. subsidiary MessageLabs.

The upsurge in retail-oriented attacks once again demonstrates that attackers are as opportunistic as they are determined. “[I]n October, MessageLabs Intelligence identified that for the first time, businesses in the Retail sector had become the latest sector to be targeted,” write researchers in the October edition of MessageLabs’ Intelligence messaging security round-up.

Attacks targeting retail shops typically comprise about 0.5 percent of all cracking activity; in October, however, retail-oriented attacks accounted for a solid one-quarter of all targeted attacks. That being said, retail attacking isn’t quite as pervasive as its overall share of targeted activity seems to indicate.

“[T]he number of attacks against the Retail sector jumped to 516 in just the last month alone, compared with the earlier monthly average of just seven attacks per month for much of 2010,” write MessageLabs researchers. “The 516 attacks went to just six organizations, but it appears that there were only two organizations that were the main target of these attacks. Perhaps the attackers were seeking to obtain sensitive client records.”

Last month’s retail-oriented attacks used a social-engineering technique that MessageLabs dubs “Spear Phishing” in which attackers used spoofed e-mail addresses that they’d harvested from professional social networking sites.

“In one organization, 324 attacks against 88 employees were spoofed from senior executive e-mail addresses, and were sent to employees at the same company,” the report explains. “[T]he details of many of the executives’ names who were used could be found on professional social networking websites. It seems highly likely that the attackers performed some initial reconnaissance using these individuals’ personal profiles on professional social networking sites.”

A Change of Pace

Previously, MessageLabs researchers note, the manufacturing and public sectors were the verticals most likely to be targeted by spammers. Both tend to be disproportionately targeted, over time, relative to other verticals.

That’s one reason why the new focus on retail is so notable.

The nature of targeting attacking has changed over time. “Five years ago, targeted organizations included government departments, defense organizations, energy companies, pharmaceutical companies, and other international trade organizations,” the report explains.

“Over the last year, many different types of organizations have been targeted, not only large multinational corporations with overseas interests, but also smaller businesses like suppliers as the attackers potentially look for the weakest link in the supply chain.”

So both the aim and the scope of targeted attacks have changed over time.

Their frequency has exploded, too. “When targeted attacks first emerged five years ago, MessageLabs Intelligence tracked between one or two attacks per week; over the course of the following year, this number rose to between one and two per day,” researchers write. “Subsequently, attacks have increased further from approximately ten per day to approximately 60 per day in 2010.”

Fast forward to last month, when MessageLabs says it blocked 77 targeted attacks per day.