SYDNEY, 7 APRIL 2010 - Mass indiscriminate computer attacks are giving way to highly targeted individual attempts in a new wave of professional cyber crime, experts say.
Right now millions of computers are being targeted all over the world. At one point last week, home computers and telecommunications companies were the two user groups most under threat worldwide. In Australia alone, 2.95 million attacks have been detected, originating mainly from Canada, the US and China.
According to Symantec, the maker of Norton AntiVirus and owner of corporate email filtering company MessageLabs, between 20,000 and 40,000 new threats are discovered every day by collaborating vendor security labs around the world.
The worrying new trend is that while mass attacks were the norm in the past, targeted, almost single-user, attacks have started to appear.
Hand-picked individuals in corporations are receiving emails and electronic documents that resemble something they expect to see in their inbox, only to unleash trojans and other malware on to their corporate networks.
In its new report, MessageLabs says the top-five targeted job titles are director, senior official, vice-president, manager and executive director. Top of the list are those responsible for foreign trade and defence policy, especially in relation to Asian countries.
The recent hacking attempts on Google and up to 20 large US corporations were aimed at extracting specific information from single users. Individuals appeared to have been targeted according to their position or access to corporate information, according to the chief architect of security technology and response at Symantec, Carey Nachenberg.
In one documented case, senior managers received an infected PDF agenda for a conference they were planning to attend. Opening the document either tried to download and install an executable file, or directed the user to a credible-looking website that was in fact an attempt at phishing.
"What's very unique about this is people had a lot of patience," says Nachenberg, who is responsible for several security patents and teaches computer science at UCLA. "They spent a lot of time putting their targets together. The purpose of the attack we can only guess. We don't know who got the information and for what purpose."
He says malware authors have switched from mass distribution of a few exploitable threats to micro-distribution of millions of distinct threats, each with different instructions and individual fingerprints.
Symantec has detected 120 million distinct threats in the past 12 months. Some, like Vundo, had been distributed to 18 users, while others, such as Harakit, had attempted to infect only 1.6 users on average.
The security response manager of F-Secure Labs in Malaysia, Chia Wing Fei, cites another strategic exploit example.
"We detected a banking virus that is only interested in PCs in Europe," he says. "It won't infect PCs anywhere else, even if the user goes to the drive-by website. The virus uses the user's IP address to determine targets."
Sign up for Computerworld eNewsletters.