Home > > China responsible for most targeted email attacks

China responsible for most targeted email attacks

Malicious emails help criminals gain access to sensitive corporate data

Map showing the source of targeted email attacks based on sender location. The size of the plot is relative to the percentage of targeted malware sent from that location.
Map showing the source of targeted email attacks based on sender location. The size of the plot is relative to the percentage of targeted malware sent from that location.

China is to blame for the most targeted email attacks that are designed to obtain access to sensitive corporate data, according to a new report by security software firm Symantec.

Most targeted attacks this month came from the United States (nearly 36%) based on mail server location, the latest MessageLabs Intelligence Report revealed. Closer analysis into the sender's location however found that more attacks actually originated from China (about 28%) and Romania (21%). Criminals physically based in the United States were responsible for only about 14% of that figure.

The attacks are designed to gain access to sensitive data or internal systems by targeting specific individuals in companies, and are sent in relatively small volumes compared to spam and phishing emails. The top five roles that received the most malware include the Director, Senior Official, Vice President, Manager and Executive Director, and individuals responsible for foreign trade and defense policy, especially in relation to Asian countries.

Messages often imply that the malware attachment contains important information related to business meetings, legal documents or current affairs, and come from a webmail account or a spoofed ‘From' address. The file types attached to all malicious emails were .XLS and .DOC file types that accounted for 50% of the files, while the most dangerous file type identified are encrypted .RAR files that were compromised 96.8% of the time.

 "When considering the true location of the sender rather than the location of the email server, fewer attacks are actually sent from North America than it would at first seem," said Paul Wood, MessageLabs Intelligence Senior Analyst. "A large proportion of targeted attacks are sent from legitimate webmail accounts which are located in the US and therefore, the IP address of the sending mail server is not a useful indicator of the true origin of the attack. Analysis of the sender's IP address, rather than the IP address of the email server reveals the true source of these targeted attacks."

The city of Shaoxing in China is a major source accounting for 21.3% of targeted attacks, as is Taipei (16.5%) in Taiwan and London (14.8%) in the UK.

CHANNEL AWARD 2018