|
Tuesday, May 1, 2012
Symantec Report Reveals Increase in Malicious
Attacks in 2011
|
|
You are sending an email that contains the article
and a private message for your recipient(s). |
Your Name: |
|
Your e-mail: |
* Required! |
Recipient (e-mail): |
* |
Subject: |
* |
Introductory Message: |
|
HTML/Text
(Photo: Yes/No) |
(At the moment, only Text is allowed...)
|
|
|
Message Text: |
Symantec on Monday announced the findings of its
Internet Security Threat Report, Volume 17, which shows
that while the number of vulnerabilities decreased by 20
percent, the number of malicious attacks continued to
skyrocket by 81 percent.
In addition, the report
highlights that advanced targeted attacks are spreading
to organizations of all sizes and variety of personnel,
data breaches are increasing, and that attackers are
focusing on mobile threats.
Symantec said it had blocked more than 5.5 billion malicious attacks
in 2011, an increase of 81 percent over the previous
year. In addition, the number of unique malware variants
increased to 403 million and the number of Web attacks
blocked per day increased by 36 percent.
At the same time, spam levels fell considerably and new
vulnerabilities discovered decreased by 20 percent.
"Attackers have
embraced easy to use attack toolkits to efficiently
leverage existing vulnerabilities," Symantec said. "Moving beyond spam,
cyber criminals are then turning to social networks to
launch their attacks. The very nature of these networks
makes users incorrectly assume they are not at risk and
attackers are using these sites to target new victims.
Due to social engineering techniques and the viral
nature of social networks, it's much easier for threats
to spread from one person to the next," the company added.
Targeted attacks are growing, with the number of daily
targeted attacks increasing from 77 per day to 82 per
day by the end of 2011. Targeted attacks use social
engineering and customized malware to gain unauthorized
access to sensitive information. These advanced attacks
have traditionally ocused on public sector and
government; however, in 2011, targeted attacks
diversified.
Targeted attacks are no longer limited to large
organizations. More than 50 percent of such attacks
target organizations with fewer than 2,500 employees,
and almost 18 percent target companies with fewer than
250 employees. These organizations may be targeted
because they are in the supply chain or partner
ecosystem of a larger company and because they are less
well-defended. Furthermore, 58 percent of attacks target
non-execs, employees in roles such as human resources,
public relations, and sales. Individuals in these jobs
may not have direct access to information, but they can
serve as a direct link into the company. They are also
easy for attackers to identify online and are used to
getting proactive inquiries and attachments from unknown
sources.
Approximately 1.1 million identities were stolen per
data breach on average in 2011, a dramatic increase over
the amount seen in any other year. Hacking incidents
posed the greatest threat, exposing 187 million
identities in 2011 - the greatest number for any type of
breach last year. However, the most frequent cause of
data breaches that could facilitate identity theft was
theft or loss of a computer or other medium on which
data is stored or transmitted, such as a smartphone, USB
key or a backup device. These theft-or loss-related
breaches exposed 18.5 million identities.
As tablets and smartphones continue to outsell PCs, more
sensitive information will be available on mobile
devices. Workers are bringing their smartphones and
tablets into the corporate environment faster than many
organizations are able to secure and manage them. "This
may lead to an increase in data breaches as lost mobile
devices present risks to information if not properly
protected," Symantec said. Recent research by Symantec shows that 50
percent of lost phones will not be returned and 96
percent (including those returned) will experience a
data breach.
Mobile vulnerabilities increased by 93 percent in 2011.
At the same time, there was a rise in threats targeting
the Android operating system. With the number of
vulnerabilities in the mobile space rising and malware
authors not only reinventing existing malware for mobile
devices, but creating mobile-specific malware geared to
the unique mobile opportunities, 2011 was the first year
that mobile malware presented a tangible threat to
businesses and consumers. These threats are designed for
activities including data collection, the sending of
content, and user tracking. |
|
|
|
|