NEW YORK (MainStreet) – The latest Internet Security Threat Report from computer security firm Symantec suggests that targeted attacks on companies, like this week’s massive leak of consumer email addresses by email management firm Epsilon, are on the rise.
The Symantec report was released almost concurrently with the Epsilon leak, which means the incident was not included in the look back at the state of computer security in 2010. But it comes as a high-profile culmination of a year full of targeted attacks that compromised the security and privacy of large organizations and consumers alike.
“It would be pretty easy to label 2010 as the year of the targeted attack,” says Kevin Haley, a director at Symantec Security Response. “There were two high-profile ones – Stuxnet and Hydraq – and both of them should serve as a wake-up call that there are people out there that are targeting companies for financial gain.”
That financial gain comes in various forms, says Haley. Most innocuous are attacks in which emails are stolen and then sold to spammers by the megabyte, typically causing little more than an annoyance for consumers who suddenly find themselves dealing with more spam than usual. At the other end of the spectrum are attacks in which credit card numbers are stolen, which is not the case in the Epsilon attack.
Haley and other experts have suggested that consequences for consumers could fall somewhere in between the two poles. If the email addresses are associated with specific retailers or financial institutions, they could be used in so-called phishing attacks, with an attacker posing as the organization in question and asking the customer to change his password or reveal other identifying information. As such, several retailers who do business with Epsilon sent out emails informing consumers of the breach and warning them to be wary of any emails seeking such information.