Alex Shipp MessageLabs
download slides (PDF)
Currently our statistics show that over email we are stopping 3,000,000 items of malware a day, of which approximately 7 on average can be classified as a targeted trojan attack. This is less than 0.001% of all malware arriving by email, so should we be worried? Analysis shows that these trojans are predominantly an attempt to get data-stealing software inside an organisation, so perhaps we should.
In this paper I will run through a typical targeted attack, talk about what the attacker is trying to achieve, and how they are trying to achieve it. I will then also look at patterns and trends over the last 12 months, and try to make some predictions for the future.
I will also derive some metrics which can be used to explore if targeted attacks should be high up on a company's risk analysis awareness, even though the number of attacks is small.