Annual Symantec Internet Security Threat Report: 81 Percent Increase in Malicious Attacks

symantec-infographics-thumb

symantec-infographics-thumb

Have you read an email recently? Clicked on a link? Watched a Youtube video? Reading this, you’ve probably done two of the three and that has probably increased your chances of getting malicious attacks through the internet, tenfold. Symantec Corp. (Nasdaq: SYMC), through its findings have released their Internet Security Threat Report, Volume 17, which details malicious trends on the internet and data security issues that the world currently faces. Through their findings, Symantec discovered that the number of vulnerabilities have decreased by 20 percent however, the number of attacks have increased by a whopping 81 percent globally. The report also highlights that advanced targeted attacks are spreading to organizations of all sizes, variety of personnel with data breaches increasing and that attackers are focusing on mobile threats. According to the report, Malaysia ranked 38th among countries globally on Internet Threat Activities.

[ad#Google Adsense 336×280]

 

[quote]Raymond Goh, Symantec’s senior regional director for Systems Engineering and Alliances, Asia South Region said, “Symantec has observed a large increase in malicious Internet attacks through mobile devices, making these devices a viable platform for attackers to leverage in targeting sensitive data, especially if they are used to store corporate information.  With the increasing mobile penetration in Malaysia, organisations need to be vigilant in protecting their confidential information on these devices as cybercriminals are latching on to this growing mobility trend and taking advantage of the ubiquity of smart mobile devices to gain access to sensitive corporate information.”[/quote]

Nigel Tan, Symantec’s principal consultant for Asia South Region said, “Cybercriminals have greatly widened their reach beyond large enterprises, with nearly 20 percent of targeted attacks now directed at companies with fewer than 250 employees. Smaller companies are now being targeted as a stepping stone to a larger organisation because they may be in the partner ecosystem and less well-defended. Targeted attacks are a risk for businesses of all sizes – no one is immune to these attacks. Therefore, having a comprehensive security policy and keeping up with industry-standard best practices would go a long way towards ensuring that Malaysian organisations stay safe in the connected world.”

[spoiler title=”Click to Reveal Infographics”]

symantec-infographics

[/spoiler]

Here are some details from the report:

  • Symantec blocked more than 5.5 billion malicious attacks in 2011 – an increase of 81% over 2010
  • The number of unique malware variants increased to 403 million and the number of Web attacks blocked per day increased by 36%
  • Spam levels fell considerably and new vulnerabilities discovered decreased by 20 percent
  • Attackers have embraced easy to use attack toolkits to efficiently leverage existing vulnerabilities
  • Cyber criminals are then turning to social networks to launch their attacks
  • Daily targeted attacks increased from 77 per day to 82 per day by the end of 2011.  Targeted attacks use social engineering and customised malware to gain unauthorised access to sensitive information.
  • In 2011, targeted attacks diversified and drifted away from the traditional public and government sectors.
  • Targeted attacks are no longer limited to large organisations.  More than 50% target organisations with fewer than 2,500 employees, and almost 18 percent target companies with fewer than 250 employees. These organisations may be targeted because they are in the supply chain or partner ecosystem of a larger company and because they are less well-defended
  • 58% of attacks target non-execs, employees in roles such as human resources, public relations, and sales
  • Approximately 1.1 million identities were stolen per data breach on average in 2011
  • Hacking incidents posed the greatest threat, exposing 187 million identities in 2011.
  • The most frequent cause of data breaches that could facilitate identity theft was theft or loss of a device such as a smartphone, USB key or a backup device. These theft-or loss-related breaches exposed 18.5 million identities.
  •  As more people move towards mobile devices, data breaches may increase as lost mobile devices present risks to information if not properly protected.
  • Recent research by Symantec shows that 50 percent of lost phones will not be returned and 96 percent (including those returned) will experience a data breach.
  • Mobile vulnerabilities increased by 93 percent in 2011.
  • Rise in threats targeting the Android operating system
  • 2011 was the first year that mobile malware presented a tangible threat to businesses and consumers. These threats are designed for activities including data collection, the sending of content, and user tracking.

For more info on the items above, do follow the links below:

[spoiler title=”Read full Official Press Release”]

Annual Symantec Internet Security Threat Report Reveals 81 Percent Increase in Malicious Attacks

Malaysia ranked 38th among countries globally on Internet Threat Activities 

KUALA LUMPUR, Malaysia – May 18, 2012– Symantec Corp. (Nasdaq: SYMC) today announced the findings of its Internet Security Threat Report, Volume 17, which shows that while the number of vulnerabilities decreased by 20 percent, the number of malicious attacks continued to skyrocket by 81 percent globally.  In addition, the report highlights that advanced targeted attacks are spreading to organisations of all sizes and variety of personnel, data breaches are increasing, and that attackers are focusing on mobile threats.

“Symantec has observed a large increase in malicious Internet attacks through mobile devices, making these devices a viable platform for attackers to leverage in targeting sensitive data, especially if they are used to store corporate information.  With the increasing mobile penetration in Malaysia, organisations need to be vigilant in protecting their confidential information on these devices as cybercriminals are latching on to this growing mobility trend and taking advantage of the ubiquity of smart mobile devices to gain access to sensitive corporate information,” said Raymond Goh, Symantec’s senior regional director for systems engineering and alliances in Asia South Region.

“While Malaysia is ranked 38th among countries globally on Internet threat activities, we should continue to take proactive initiatives to secure and manage critical information from a variety of security risks today. Top growing trends that organisations in Malaysia should watch out for in today’s threat landscape includes advanced targeted attacks, mobile threats, malware attacks and data breaches,” he added.

Nigel Tan, Symantec’s principal consultant for Asia South Region said, “Cybercriminals have greatly widened their reach beyond large enterprises, with nearly 20 percent of targeted attacks now directed at companies with fewer than 250 employees. Smaller companies are now being targeted as a stepping stone to a larger organisation because they may be in the partner ecosystem and less well-defended. Targeted attacks are a risk for businesses of all sizes – no one is immune to these attacks. Therefore, having a comprehensive security policy and keeping up with industry-standard best practices would go a long way towards ensuring that Malaysian organisations stay safe in the connected world.”

Malicious Attacks Continue to Grow Rapidly

Symantec blocked more than 5.5 billion malicious attacks in 2011, an increase of 81 percent over the previous year.  In addition, the number of unique malware variants increased to 403 million and the number of Web attacks blocked per day increased by 36 percent.

At the same time, spam levels fell considerably and new vulnerabilities discovered decreased by 20 percent.  These statistics, compared to the continued growth in malware, paint an interesting picture. Attackers have embraced easy to use attack toolkits to efficiently leverage existing vulnerabilities.  Moving beyond spam, cyber criminals are then turning to social networks to launch their attacks.  The very nature of these networks makes users incorrectly assume they are not at risk and attackers are using these sites to target new victims.  Due to social engineering techniques and the viral nature of social networks, it’s much easier for threats to spread from one person to the next.  

Advanced Targeted Attacks Spread to Organisations of All Sizes

Targeted attacks are growing, with the number of daily targeted attacks increasing from 77 per day to 82 per day by the end of 2011.  Targeted attacks use social engineering and customised malware to gain unauthorised access to sensitive information.  These advanced attacks have traditionally focused on public sector and government; however, in 2011, targeted attacks diversified.

Targeted attacks are no longer limited to large organisations.  More than 50 percent of such attacks target organisations with fewer than 2,500 employees, and almost 18 percent target companies with fewer than 250 employees. These organisations may be targeted because they are in the supply chain or partner ecosystem of a larger company and because they are less well-defended. Furthermore, 58 percent of attacks target non-execs, employees in roles such as human resources, public relations, and sales.  Individuals in these jobs may not have direct access to information, but they can serve as a direct link into the company.  They are also easy for attackers to identify online and are used to getting proactive inquiries and attachments from unknown sources. 

Rise of Data Breaches, Lost Devices Concern for the Future

Approximately 1.1 million identities were stolen per data breach on average in 2011, a dramatic increase over the amount seen in any other year.  Hacking incidents posed the greatest threat, exposing 187 million identities in 2011—the greatest number for any type of breach last year.  However, the most frequent cause of data breaches that could facilitate identity theft was theft or loss of a computer or other medium on which data is stored or transmitted, such as a smartphone, USB key or a backup device. These theft-or loss-related breaches exposed 18.5 million identities.  

As tablets and smartphones continue to outsell PCs, more sensitive information will be available on mobile devices.  Workers are bringing their smartphones and tablets into the corporate environment faster than many organisations are able to secure and manage them.  This may lead to an increase in data breaches as lost mobile devices present risks to information if not properly protected.   Recent research by Symantec shows that 50 percent of lost phones will not be returned and 96 percent (including those returned) will experience a data breach.

Mobile Threats Expose Businesses and Consumers

Mobile vulnerabilities increased by 93 percent in 2011. At the same time, there was a rise in threats targeting the Android operating system.  With the number of vulnerabilities in the mobile space rising and malware authors not only reinventing existing malware for mobile devices, but creating mobile-specific malware geared to the unique mobile opportunities, 2011 was the first year that mobile malware presented a tangible threat to businesses and consumers. These threats are designed for activities including data collection, the sending of content, and user tracking. 

Symantec blocked more than 5.5 billion attacks in 2011: http://bit.ly/K8NeJ8

#ISTR 1.1 million identities stolen per breach last year: http://bit.ly/K8NeJ8

Hackers exposed 187 million identities in 2011: http://bit.ly/K8NeJ8

Mobile vulnerabilities increased by 93% in 2011, #ISTR: http://bit.ly/K8NeJ8

Advanced targeted attacks spread to organisations of all sizes and information workers: http://bit.ly/K8NeJ8

Multimedia:

•         Video: Did You Know: Internet Security Threat Report, Volume 17

•         Podcast: Symantec Internet Security Threat Report Volume 17

•         Webcast: Threat Update:  Top Trends to Focus on for 2012

•         SlideShare: Symantec Internet Security Threat Report 2011, Volume 17, April 2012  

•         Infographic: 2011 in Numbers  

•         Infographic: 2011 by Month

Resources:

•         Full Report Home Page: Internet Security Threat Report, Volume 17

•         Internet Security Threat Report Press Kit

•         Build Your Own Customisable Version of the Internet Security Threat Report

•         Blog Post: The 2011 Internet Security Threat Report – There Is No Panacea to Protect Against All Attacks  

•         Blog Post: Keep Your SMB Safe from Internet-Based Threats

•         The Symantec Smartphone Honey Stick Project

[/spoiler]

Vernon
Vernon is the founder and chief editor of Vernonchan.com. A graphic designer by profession, he has a deep love for technology, cars, gadgets, food, and travel. He tweets too much and is also known as a caffeine bacterium ("life's too short for bad coffee"). Bleeds Blue (go Chelsea FC!) and considers BMW, Porsche, Alfa Romeo cars to have in the garage--hallmarks of a true petrolhead.