Symantec released its October 2010 MessageLabs Intelligence Report this week, and despite the high-profile reports of Zeus and its attacks on the banking industry, Symantec found that retailers have been the hardest hit industry in terms of number of attacks.
According to Symantec, for the first time, targeted attacks hit the retail sector hardest this month, with an increase of .5 percent of all attacks over the past two years to 25 percent this October. The attacks appeared to come in three waves of highly targeted spearphishing attacks.
The report stated:
The danger of targeted attacks is the stealth deployment of malicious code that quietly performs some covert operation on the recipient’s computer. Sometimes this code is attached directly to an email message as an .EXE (which to many would appear suspicious), but increasingly they are frequently hidden within very legitimate looking documents such as .PDF, .DOC, .XLS and .PPT, and even hyperlinks. The recipient only has to open the attachment using a vulnerable application, or click on a malicious hyperlink, and their computer is compromised.
Reading the report, it appears that the targets are people who work within the retail industry (and as the report said, beware, next month it could be another industry), but I have to wonder, are the bad guys gearing up for the holiday shopping season? This month it was employees being hit. Will next month be customers? The uptake of the report might be that retailers can be on alert and keep customers informed of possible attacks before they begin shopping in earnest.