Report: Targeted e-mail attacks increasing

Security firm has spotted a significant upswing in e-mail attacks aimed at organizations.

Joris Evers Staff Writer, CNET News.com

Joris Evers covers security.

Joris Evers

April 19, 2007 6:44 a.m. PT

2 min read

Stealthy, targeted cyberattacks via e-mail continue to rise, e-mail security specialist MessageLabs said Wednesday.

During March, MessageLabs intercepted 716 e-mail messages that were part of 249 targeted attacks aimed at 216 of its customers, the Gloucester, England-based provider of hosted e-mail filtering services said in a research report. Of the attacks, almost 200 consisted of a single malicious e-mail designed to infiltrate an organization, MessageLabs said.

"These numbers represent a significant increase when compared to the same period last year when attack rates reached one or two per day," MessageLabs said.

Security experts have said that limited-scale attacks are the most dangerous. Widespread worms, viruses or Trojan horses sent to millions of mailboxes are typically not a grave concern because they can be blocked. But targeted Trojan horses, especially those aimed at specific businesses, have become nightmares as they can fly under the radar.

"The stuff that scares me the most is the stuff that I can't see," said Malcolm Harkins, general manager of the information security and risk group at Intel. "As the financial motive for attacks has increased, the attackers don't want to be spotted."

Security experts have predicted an increase in these inconspicuous attacks, which may expose organizations to spy incidents and other unwelcome intrusions.

Flaws in Microsoft Office applications are favored by bad guys for such targeted attacks. Microsoft and security firms over the past year or so have repeatedly warned of new, small-scale attacks that exploited yet-to-be-plugged security holes in applications such as Word, PowerPoint and Excel.

Microsoft Office accounted for 84 percent of targeted attacks in March, with PowerPoint files being the most commonly-used format, according to MessageLabs. That might be because a single group is sending a large number of attacks using the same attack file from an Internet address in Taiwan, MessageLabs said.

The stealthy attacks are typically timed to arrive during the work day and commonly target organizations in electronics, aviation, public sector, retail and communications, MessageLabs said.

"The bad guys know which organizations have data worth stealing and are picking them out one by one," Alex Shipp, a senior technologist at MessageLabs, said in a statement.