Who's next? Identifying risk factors for subjects of targeted attacks

Martin Lee Symantec

  download slides (PDF)

Malware-containing emails can be sent to anyone. Single malware variants can be sent to tens of thousands of recipients without distinction. However, a small proportion of email malware is sent in low copy number to a small set of recipients that have apparently been specifically selected by the attacker. These targeted attacks are challenging to detect and, if successful, may be particularly damaging for the recipient.

The vast majority of Internet users will never be sent a targeted attack. The few users to which such attacks are sent presumably possess features that have brought them to the attention of attackers, and have caused them to be selected for attack. Applying epidemiological techniques to calculate the odds ratio for features of malware recipients, both targeted and non-targeted, allows the identification of factors that are associated with targeted attack recipients.

In this paper we show that it is possible to identify specific risk factors that are associated with individuals subjected to targeted attack, by considering the threat akin to a public health issue. These risk factors may be used to identify those at risk of being subject to future targeted attack, so that these individuals can take additional steps to secure their systems and data.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.