Targeted trojan attacks and industrial espionage
Alex Shipp MessageLabs
download slides (PDF)
Currently our statistics show that over email we are stopping 3,000,000 items of malware
a day, of which approximately 7 on average can be classified as a targeted trojan attack.
This is less than 0.001% of all malware arriving by email, so should we be worried?
Analysis shows that these trojans are predominantly an attempt to get data-stealing software
inside an organisation, so perhaps we should.
In this paper I will run through a typical targeted attack, talk about what the
attacker is trying to achieve, and how they are trying to achieve it. I will then also look
at patterns and trends over the last 12 months, and try to make some predictions for the future.
I will also derive some metrics which can be used to explore if targeted attacks should
be high up on a company's risk analysis awareness, even though the number of attacks is
small.