Cyberattacks, corporate espionage now targeting smaller companies

Smaller companies, their websites and their intellectual property are increasingly being targetedby cyberattacks, a new report on IT security trends says.

Targeted attacks were up 42 per cent in 2012 compared to the year before, andbusinesses with fewer than 250 employees are the fastest growing segment being targeted, according to the annual internet security threat report issued Tuesday bySymantec.

Based on data from 69 million "attack sensors" around the world, the reportsaid small businesseswere hit by 31 per cent of targeted attacks in 2012, up from 18 per cent a year earlier. That representsa 72 per cent increase.

The type of information being targeted by attackers is also changingfinancial information is now losing ground to other kinds of competitive data, the report found.

• RELATED:Q & A: Cyber-espionage

"Intellectual property is a growth area," said Liam O Murchu, manager of security response at California-based Symantec.

While traditional cybercriminals sought information that could be used to profit from identity theft, many attackers now have a different motivation: "We're seeing a lot of what we believe is corporate espionage or espionage of some sort or other."

What isn't clear, O Murchu said, is who is behind the attacks.

Whoever they are, the fact that larger companies have a bigger budget for securing their networks may be discouraging them from those targets.

"We saw attackers changing their attack strategy," O Murchu said.

Subcontractors targeted

Those who ultimately want data from a bigger company may now instead go after their smaller subcontractors andseek small amounts of information from each of many different companies, O Murchu added.

In some cases, they are collecting the data using malware that infects many companies or individuals within a target group by lying in ambush on a website that is popular among a target group, a strategy known as "waterholing."

For example, last May, the human rights group Amnesty International's U.K. website was compromised, and infectedvisitors with a trojan that allowed hackers to spy on them. And just this past February,Mac computers at Apple's headquarterswere infected by malware after some of the company's developers downloaded software from a site for software developers.

O Murchu said the trend should be a warning for those who think their web surfing behaviour alone will keep them safe.

"There was a perception that you would get infected if you went to dodgy sites or you went to not reputable areas of the internet ," he said. "Really what we see with this is that it could be a very reputable site that you visit all the time that you trust You need to be thinking about that."