Home » Zhejiang city in China named top source of monitored cyber attacks
A study by a US-based internet security firm has revealed that there may be more targeted cyber attacks originating from China than previously uncovered.
Analysts at Symantec identified Shaoxing , a city in Zhejiang , as the top source of all cyber attacks monitored this month from more than 12 billion e-mail connections the company processed. The report, titled "The Nature of Cyber Espionage," said more than a quarter of those targeted attacks - described as malicious e-mails sent in small volumes to gain access to sensitive corporate data - had originated in China, based on researchers' analysis of sender location rather than the more commonly used identifier of e-mail server location. Earlier analysis, based on e-mail server location, had China accounting for only 17.8 percent of attacks this month, the report said.
Paul Wood, the senior analyst at MessageLabs Intelligence, the research arm of Symantec, said its analysis was not connected with previous research by Google. "A large proportion of targeted attacks we tracked were sent from legitimate webmail accounts located in the US, and therefore the internet protocol address of the sending mail server is not a useful indicator of the true origin of the attack," Wood said. "We analysed the headers of the messages and identified the IP address of the sender, revealing the true source of these targeted attacks," Wood said. "This is the first time we've presented the difference between this detection method and the one based on the mail server address."
MessageLabs said the targeted attacks were frequently business-related or linked to some newsworthy event, sent from a webmail account with a fake "From" address crafted to appeal to the recipient. That approach gave the impression that the file attached contained important information. The recipient only had to open an attachment - couched in document types such as .pdf, .doc, .xls or .ppt - for the computer to be compromised.
The MessageLabs Intelligence report said the most frequently targeted job roles of addressees were: director, senior official, vice-president, manager and executive director. The most targeted individuals included those listed as "expert: Asian defence policy", "diplomatic mission", "expert: international finance", "human rights activist" and "expert: Asian security".
I want to hear from you. Tell me how we can improve.
This month in Security magazine, we highlight COVID-19 and enterprise security's response. How has the pandemic changed business continuity plans, and what lessons have been learned? Also this month, we profile Chris Hallenbeck, CISO at Tanium, his view on metrics and information security. In addition, security experts discuss video analytics, how to make AI work within your cyber strategy and more.