Unsuccessful targeted cyber attacks can yield useful information on future targets and attack vectors, according to a researcher at security firm Symantec.
This suggests that IT departments would be well advised to share data on all types of persistent attacks with their security vendors, in order to be better safeguarded in future.
Martin Lee, senior analyst at Symantec, wrote on his blog that his resesearch is aided by the small number of targeted attacks, and the fact that attackers will often keep trying to breach the target's security.
"Since April 2008, when we started recording such attacks, we have identified 72,500 targeted attack emails sent to 28,382 email addresses," he wrote.
"To put this into context, we block approximately 500,000 malicious emails each day, sent to the approximately 10 million email addresses that we protect.
"However, the rarity of targeted attacks and the persistence of attackers can be exploited by researchers to draw up maps of activity of what may be the activities of single gangs."
He explained that companies are often reluctant to release details of successful attacks for fear of revealing their own security failings, but details of unsuccessful attacks can also prove useful.
Presenting his research at the Virus Bulletin conference in Barcelona this week, he explained the type of intelligence likely to be held in this data.
"By looking at the kinds of organisations that are being targeted, the industries that they're in and other data such as geographic location, it's possible to identify some interesting patterns," said Lee, according to security firm Kaspersky's news service Threatpost.
"We can come up with guesses as to who's next. It's an interesting question.
"What tends to get overlooked is the attacks that weren't successful and were identified. Once you start pulling the data together, you can analyse it topologically and see what's going on."
However, there are still areas of uncertainty, in particular when it comes to understanding the reason behind some types of attack.
"It's not clear what the business model is with many of these attacks," he said. "We don't necessarily know how they're making money from this."
Have your say on this article
Newsletters
Latest stories from Security Technology
You may also like
Security Technology jobs
Technology Patent Wars
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
