Targeted attacks are attacks that target only one person or a specific smaller group of persons. Back in the day, virus writers were trying to spread their malware to as many computer users as possible to make a name for themselves. But today cybercriminals are largely driven by financial motives and targeted assaults are displacing global widespread virus outbreaks.
Nowadays cybercriminals identify specific targets and create purpose-built malicious code which is distributed to just a few selected individuals in order to steal their personal and financial information. Targeted versions of phishing have been termed “spear phishing”.
2007 saw waves of sophisticated, ongoing attacks targeting corporate executives and other high-level employees at a range of companies. Targeted attacks often target an organization or a company but attacks targeting ordinary citizens are also on the rise.
Targeted email attacks have become increasingly sophisticated. Emails typically start with real names and company references to make the messages seem real. To further reduce suspicions, the messages are well written and professionally presented. Such attacks are both harder to detect than mass phishing attacks, and more likely to be acted on, given the fact they are customised to their recipients.
The rise of social networks, like Facebook, and professional networks, like Plaxo and LinkedIn, is making it easier for attackers to do their homework on potential victims.
Flaws in Microsoft Office applications are favored by cybercriminals for targeted attacks. Many of these attacks disguise malware as embedded objects inside attached, convincingly named Word, Excel, or PowerPoint documents. The recipient must click an icon inside the document for the attack to succeed, but the arrangement also allows the malware to slip past many antivirus programs. Microsoft Office accounted for 84 percent of targeted attacks in March 2007, with PowerPoint files being the most commonly-used format
The number of targeted phishing attacks has risen sharply in recent years. In 2005, researchers detected two attacks per week out of 1.5 billion messages. In 2006, they found one such attack per day out of 180 million messages. In November 2007, they were seeing 924 targeted attacks every five hours.
According to experts, spear-phishing will grow significantly in 2008, as phishers are shifting from opportunism to ‘spearing’ specific individuals based on factors such as age or socio-economic status. With the rewards of such attacks obviously outweighing the research required to develop them.
Experts also believe, that PC users will see a surge in targeted hacking attacks in 2008 as criminals continue to reap large sums of money from phishing scams.
Spammers too will increasingly use targeted attacks as they learn from virus writers’ targeted approach. Experts believe, that spam-run sizes will remain vast but the content will be more targeted and stickier with spammers harvesting personal information from sites such as Facebook in order to target attacks more effectively and get higher click rates.