The Phoenix toolkit played a role in 39 percent of all Web-based attacks, followed by NeoSploit and Nukesploit, each at 18 percent. At the same time, attackers are exploiting social networks to perform reconnaissance before cracking into businesses and tricking trusting employees into divulging information that gives them access to key systems and sensitive data.
Enterprise attacks may target executives or someone with access to source code or customer accounts. Small businesses may be compromised by tricking whomever has access to their bank accounts. "They're sort of two sides of the same coin," says Marc Fossi, executive editor of the report. "Targeted attacks use a lot of social engineering, doing all this reconnaissance, maybe gathering information from social networking sites and sending very directed emails.The other side of the coin, Web-based attacks, is completely indiscriminate, affecting anyone who visits a Web site that's been compromised."
Other targeted attacks, such as the high-profile Stuxnet and Hydraq (Aurora) attacks, make use of sophisticated malware that flies under the radar, leveraging zero-day vulnerabilities and rookits. In a number of cases, malware is designed to spread through portable storage devices, such as USB drives, a key to penetrating the "air-gapped" systems that Stuxnet penetrated. (This technique recalls the early days of "sneaker-net infection, when malware was spread via floppy disks.)
It's difficult to say if targeted attacks are on the rise overall, Fossi says, because by nature they are designed to remain hidden. Other reports have shown that breaches often go months without being detected. Stuxnet and Hydraq may have helped increase awareness about these kinds of attacks.