Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012

2011: The Year in Numbers

Internet Security Threat Report, Vol. 17 2






Internet Threat Report 17 8



Four Key Trends

Internet Security Threat Report, Vol. 17

Malware Attacks

81% ↑

Targeted Attacks Expand

Mobile Threats

Expose All

Data Breaches on Rise


Malware Activity at a Glance



The Big Numbers for 2011

5.5B Attacks blocked by Symantec +81%

403M Unique variants of malware +41%

4,597 Web attacks per day +36%

4,989 New vulnerabilities -20%

8 Zero-day vulnerabilities -43%

315 New mobile vulnerabilities +93%

75% Spam rate -34%


Malware Attacks Continue to Grow


Top Families Dominate Malicious Code


• 10 families account for 45% of all unique malware variants

16

Spam Still Effective, but Changes Underway


Vulnerabilities Not Being Discovered at Previous Rate

• Zero-day vulnerabilities also down in 2011

– Stuxnet affected 2010 numbers


Why is Malware Continuing to Rise?

• Attack tool kits continue to flourish

• Increase efficacy of known vulnerabilities



• Web attacks are increasing


Which Website is More Dangerous?


Most Harmful Websites by Categories


• Sites with poor security become easy targets for malware authors

• Some businesses understand that customers will visit sites that infect them

22

• Cybercriminals taking advantage of social media

– Social media is viral in nature

– People are less suspicious of content from friends



23

Social Engineering is Effective in Social Media

• Users willing to help infect themselves


Targeted Attacks Have Expanded


Advanced Targeted Threats


Your Assumptions are Wrong

26

Only large corporations, governments and defense

industries are targeted for attack


Assumption #1

27

Organizations of All Sizes at Risk of Targeted Attacks


2,500+

13,428 13,518

1501-2500

1001-1500

501-1000

250-500

<250 18%

28

Targeted Attacks by Sector


Government & Public Sector

Manufacturing

Finance

IT Services

Chemical & Pharmaceutical

Transport & Utilities

Non-Profit

Marketing & Media

Education

Retail

29

Targeted Attacks by Sector


Government & Public Sector

Manufacturing

Finance

IT Services

Chemical & Pharmaceutical

Transport & Utilities

Non-Profit

Marketing & Media

Education

Retail

30

Only CEOs and senior managers are targeted


Assumption #2

31

Targeted Attacks by Job Function


C-Level

Senior

R&D

Sales

Media

Shared Mailbox

PA

Recruitment

32

Targeted Attacks by Job Function


C-Level

Senior

R&D

Sales

Media

Shared Mailbox

PA

Recruitment

33

A targeted attack is a single attack


Assumption #3

34

Use Case: Taidoor

• One target was attacked for 9 straight months

• In June, attacks occurred almost once a day


Number of Data Breaches Continues to Rise


Data Breaches

• Hactivism helped drive this dramatic increase over 2010


Data Breaches


Data Breaches


• 232 million identities were stolen in 2011 (1.1 million/breach avg.)

39

Mobile Threats Expose Organizations and Consumers


Mobile Malware on the Rise

• This represents families of mobile malware

• There are 3,000-4,000 variants in the wild today and growing


Mobile Threats Focus Areas for Malware Authors

• Stealing information, spying and sending SMS messages

• Malware authors porting old threats and working on new ones

• Most popular way to make money? Sending premium SMS


Sending Content = Dialing for Dollars


Mobile Phones: A New Source of Data Breaches

• Mobile devices contain work and personal information

• Unlike a desktop computer they are easily stolen

• …. and often lost


Los Angeles

San Francisco

Washington, D. C.

New York

Ottawa, Canada

Project Honey Stick




What’s Ahead in 2012?


Macs are not immune

Targeted attacks will continue

Attackers will capitalize on

work/personal info on mobiles

Cloud computing and mobile will

force IT to rethink security

48


Best Practices for Protection

49

Thwarting Malware Attacks: Defense


• More than just AV – need to use full functionality of endpoint protection • Restrict removable devices and turn off auto-run to prevent malware infection Layered Endpoint Protection

• Ensure employees become the first line of defense against socially engineered attacks Security Awareness Training

• Detect and block new and unknown threats based on reputation and ranking Advanced Reputation Security

• Monitor for network intrusions, propagation attempts and other suspicious traffic patterns Layered Network Protection

50

Thwarting Targeted Attacks


• Detect and block new and unknown threats based on reputation and ranking

• Set strong permissions around apps, servers and clusters, according to sensitivity of information processed

• Restrict removable devices and functions to prevent malware infection

Advanced Reputation Security

Employ Offensive Protection Strategies

Removable Media Device Control

• Scan and monitor inbound/outbound email and web traffic and block accordingly

• Discover data spills of confidential information that are targeted by attackers

• Create and enforce security policy so all confidential information is encrypted

Email & Web Gateway Filtering

Data Loss Prevention

Encryption

• Monitor for network intrusions, propagation attempts and other suspicious traffic patterns

Network Threat and Vulnerability Monitoring

51

Avoiding Data Breaches


• Which information should you protect?

• Discover data spills of confidential information that are targeted by attackers • Enforce rules prohibiting access of confidential data using applications

• Locks down key systems that contain confidential information • Prevents any unauthorized code to run — independent of AV signatures

Data Classification

Data Loss Prevention

Host-based Intrusion Prevention

• Scan and monitor inbound/outbound email and web traffic and block accordingly

• Create and enforce security policy so all confidential information is encrypted

Email & Web Gateway Filtering

Encryption

• Two-factor authentication to protect against credential theft Strong Authentication

52

Mitigating Mobile Threats


• Remotely wipe devices in case of theft or loss • Update devices with applications as needed without physical access • Get visibility and control of devices, users and applications

• Guard mobile device against malware and spam • Prevent the device from becoming a vulnerability

• Identify confidential data on mobile devices • Encrypt mobile devices to prevent lost devices from turning into lost

confidential data

Device Management

Device Security

Content Security

• Strong authentication and authorization for access to enterprise applications and resources

• Allow access to right resources from right devices with right postures Identity and Access

53

Stay Informed


www.symantec.com/threatreport

Security Response Website

Twitter.com/threatintel

54

http://www.symantec.com/threatreport

http://www.symantec.com/security_response/

http://www.twitter.com/threatintel

http://www.twitter.com/threatintel

Thank you! Thank you!

Copyright © 2012 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.


Presenter Information Here

55

Date post:	19-Oct-2014
Category:	Technology
View:	5,494 times
Download:	3 times

Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012

Technology