Highly targeted attacks are steadily increasing in number, according to the MessageLabs Intelligence 2010 Annual Security report to be published 7 December.
These carefully crafted attacks target specific users in specific organisations and require significant effort and research on behalf of the cybercriminal, but in 2011 criminal enterprises will increasingly automate this research, Symantec's researchers said.
This will create a heavier volume of more powerful and convincing attacks that appear particularly relevant, interesting, or newsworthy to the intended victims.
Targeted attacks remain a significant risk, researchers said, because although the volume of these attacks is low relative to mass spam and malware attacks, they are very effective in bypassing all traditional security systems and user training.
In 2010 cybercriminals began honing in on industries not previously targeted. At one point, 25% of attacks were against the retail sector, which had previously seen few to no targeted attacks.
In 2011, MessageLabs researchers expect the range of organisations being targeted in such attacks to become more diverse.
This means that attackers will also seek indirect entry into specific industries by exploiting contractors and suppliers, rather than targeting only the executives in each industry sector directly, they said.
This story was first published by Computer Weekly