B intelligence report-10-2013

325
-1

Published on

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
325
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

B intelligence report-10-2013

  1. 1. SYMANTEC INTELLIGENCE REPORT OCTOBER 2013
  2. 2. p. 2 Symantec Corporation Symantec Intelligence Report :: OCTOBER 2013 CONTENTS CONTENTS 3 Executive Summary 4 BIG NUMBERS 7 TARGETED ATTACKS 8 Targeted Attacks in 2013 8 Targeted Attacks per Day 8 First Attacks Logged by Month 9 Attacks by Size of Targeted Organization 9 Top 10 Industries Attacked 9 First Attacks Logged by Size 9 File Extensions of Attachments 10 Social Media 11 Social Media 11 Top 5 Social Media Attacks, 2013 12 DATA BREACHES 13 Data Breaches 13 Top 5 Types of Information Exposed 13 Timeline of Data Breaches, 2013 14 MOBILE 19 SPAM, PHISHING, & MALWARE 20 Spam 20 Top 5 Activity for Spam Destination by Geography 20 Top 5 Activity for Spam Destination by Industry 21 Top 10 Sources of Spam 21 Average Spam Message Size* 21 Top 5 Activity for Spam Destination by Company Size 21 Spam by Category 21 Spam URL Distribution Based on Top Level Domain Name* 22 Phishing 22 Top 10 Sources of Phishing 22 Top 5 Activity for Phishing Destination by Company Size 22 Top 5 Activity for Phishing Destination by Industry 22 Top 5 Activity for Phishing Destination by Geography 23 Phishing Distribution in September 23 Organizations Spoofed in Phishing Attacks 24 Malware 24 Proportion of Email Traffic in Which Virus Was Detected 24 Top 10 Email Virus Sources 25 Top 5 Activity for Malware Destination by Industry 25 Top 5 Activity for Malware Destination by Geographic Location 25 Top 5 Activity for Malware Destination by Company Size 26 Endpoint Security 26 Top 10 Most Frequently Blocked Malware 15 Mobile 15 Mobile Malware by Type 16 Cumulative Mobile Android Malware 27 Policy Based Filtering 27 Policy Based Filtering 17 VULNERABILITIES 28 More Information 18 Vulnerabilities 18 Total Vulnerabilities Disclosed by Month 18 Browser Vulnerabilities 18 Plug-in Vulnerabilities 28 About Symantec
  3. 3. p. 3 Symantec Corporation Symantec Intelligence Report :: OCTOBER 2013 Executive Summary Welcome to the October edition of the Symantec Intelligence report. Symantec Intelligence aims to provide the latest analysis of cyber security threats, trends, and insights concerning malware, spam, and other potentially harmful business risks. This month we saw one of the largest data breaches in a number of years, where 150 million identities were exposed due to this one breach. This has more than doubled the number of identities exposed so far this year, when compared to our previous numbers through September. October also saw an increase in the number of targeted attacks. These numbers are up fivefold compared to September, and even surpassing previous Octobers in 2011 and 2012, though still much lower than their peaks this summer. When comparing the size of the targeted organizations, we see that a majority of attack attempts are against large corporations with 2500-plus employees. However, when looking at the first time an organization registers a targeted attack attempt, this number is much higher for organizations with fewer than 250 employees. This indicates that more new attack attempts are being made across the smaller business spectrum, though larger organizations are more likely to be targeted continuously. Also, the total number of mobile vulnerabilities disclosed dropped significantly in October. September’s number was unusually high due to the release of a major update to a popular mobile operating system, which addressed a number of vulnerabilities in the software. In other news, fake offerings continue to dominate Social Media attacks, disclosed vulnerability numbers are up 17 percent compared to the same period last year, and email spam rates have increased slightly over a three-month period, while phishing attempts and viruses attachments through email have decreased slightly. We hope that you enjoy this month’s report and feel free to contact us with any comments or feedback. Ben Nahorney, Cyber Security Threat Analyst symantec_intelligence@symantec.com
  4. 4. p. 4 Symantec Corporation Symantec Intelligence Report :: OCTOBER 2013 BIG NUMBERS
  5. 5. p. 5 Symantec Corporation Symantec Intelligence Report :: OCTOBER 2013 Overall Email Phishing Rate: Estimated Global Email Spam Rate Per Day HIGHER NUMBER = LOWER RISK SPAM AS PERCENT OF ALL EMAIL Aug Sep Oct 1 in 626 1 in 1,056 1 in 1,135 100 90 80 70 60 65 % 66 % 68% 50 40 30 Overall Email Virus Rate: 20 10 HIGHER NUMBER = LOWER RISK 1 in 340 1 in 383 1 in 437 Aug Sep Oct 0 Aug Sep Oct New Vulnerabilities Aug Mobile Vulnerabilities Aug Sep Oct 2 45 5 Sep Oct 469 549 663
  6. 6. p. 6 Symantec Corporation Symantec Intelligence Report :: OCTOBER 2013 Mobile Malware Variants 10000 VARIANTS (CUMULATIVE) 9000 7,294 8000 7000 6000 213 5000 249 4000 161 3000 2000 193 213 1000 O N D JAN 2013 F M A M J J A S O Aug Sep Oct Data Breaches Number of Breaches (Year-to-Date) 165 Number of Identities Exposed (Year-to-Date) 248,282,045
  7. 7. p. 7 Symantec Corporation Symantec Intelligence Report :: OCTOBER 2013 TARGETED ATTACKS
  8. 8. p. 8 Symantec Corporation Symantec Intelligence Report :: OCTOBER 2013 Targeted Attacks in 2013 At a Glance Targeted Attacks per Day Source: Symantec • More companies logged their first targeted attack in October than previous months, making it the second largest month for new attacks this year. • Large organizations of 2500+ continue to make up the lion’s share of the total number of targeted attacks by organization size, though organizations with fewer than 250 employees are targeted more often, based on first attacks. 250 225 200 TARGETED ATTACKS • The number of targeted attacks in October were up since last month, even surpassing the number of attacks recorded in October of both 2011 and 2012. 175 150 125 100 75 50 25 JAN FEB MAR APR 2011 MAY JUN 2012 JUL AUG SEP 2013 OCT NOV DEC 2013 TREND (Projected) First Attacks Logged by Month Source: Symantec 1200 1100 1000 900 800 700 600 500 400 300 200 100 JAN 2013 F M A M J J A S O
  9. 9. p. 9 Symantec Corporation Symantec Intelligence Report :: OCTOBER 2013 Attacks by Size of Targeted Organization First Attacks Logged by Size Source: Symantec Source: Symantec Company Size Percent Company Size Percent 1-250 26.1% 1-250 50.2% 251-500 11.3% 251-500 11.0% 501-1000 10.2% 501-1000 9.4% 1001-1500 3.1% 1001-1500 5.1% 1501-2500 8.6% 1501-2500 5.2% 2500+ 40.8% 2500+ 19.0% Top 10 Industries Attacked File Extensions of Attachments Source: Symantec Source: Symantec Industry Percent Services - Professional File Extension Percent 22.2% .exe 31.17% Public Administration 19.2% .scr 20.52% Services - Non-Traditional 14.8% .doc 8.12% Finance, Insurance & Real Estate 13.0% .pdf 6.07% Transportation, Communications, Electric, & Gas 9.1% .class 5.41% .dmp 3.12% Manufacturing 8.7% .dll 2.09% Wholesale 4.2% .jpg 1.64% Logistics 2.1% .xls 1.43% Retail 1.0% .pif 1.24% Mining 1.0% The “Professional” services category includes services such as Legal, Accounting, Health, and Education. “Non-Traditional” services include Hospitality, Recreational, and Repair services.
  10. 10. p. 10 Symantec Corporation Symantec Intelligence Report :: OCTOBER 2013 SOCIAL MEDIA
  11. 11. p. 11 Symantec Corporation Symantec Intelligence Report :: OCTOBER 2013 Social Media At a Glance Top 5 Social Media Attacks, 2013 Source: Symantec • 82 percent of all social media attacks so far in 2013 have been fake offerings. This is up from 56 percent in 2012. • Fake Plug-ins are the second-most common type of social media attacks at 7 percent, up from fifth place in 2012, at 5 percent. • Fake Apps have risen overall in 2013, now making up 2 percent of social media attacks. In 2012, this category was ranked sixth. Top 5 Social Media Attacks 82% Fake Offering 7% Fake Plug-in 5% Likejacking 2% Fake Apps 2% Manual Sharing Methodology Fake Offering. These scams invite social network users to join a fake event or group with incentives such as free gift cards. Joining often requires the user to share credentials with the attacker or send a text to a premium rate number. Fake Plug-in Scams. Users are tricked into downloading fake browser extensions on their machines. Rogue browser extensions can pose like legitimate extensions but when installed can steal sensitive information from the infected machine. Likejacking. Using fake “Like” buttons, attackers trick users into clicking website buttons that install malware and may post updates on a user’s newsfeed, spreading the attack. Fake Apps. Applications provided by attackers that appear to be legitimate apps; however, they contain a malicious payload. The attackers often take legitimate apps, bundle malware with them, and then re-release it as a free version of the app. Manual Sharing Scams. These rely on victims to actually do the hard work of sharing the scam by presenting them with intriguing videos, fake offers or messages that they share with their friends.
  12. 12. p. 12 Symantec Corporation Symantec Intelligence Report :: OCTOBER 2013 DATA BREACHES
  13. 13. p. 13 Symantec Corporation Symantec Intelligence Report :: OCTOBER 2013 Data Breaches Timeline of Data Breaches, 2013 At a Glance Source: Symantec • October saw the largest single breach in a number of years, with reports of 150 million identities exposed in a single breach. 40 120 105 32 90 24 75 60 16 45 30 NUMBER OF INCIDENTS • Of the reported breaches so far in this year, the top three types of information exposed are a person’s real name, government ID number (e.g. Social Security), and birth date. 135 IDENTITIES BREACHED (MILLIONS) • There were a number of breaches reported during October that occurred earlier in the year. This brings the total number of breaches to 165 for so far in 2013. 48 150 8 15 0 O N D JAN 2013 F M A M J J IDENTITIES BREACHED A S O INCIDENTS Top 5 Types of Information Exposed Source: Symantec Information Exposed in Breaches % OF ALL BREACHES Real Names 89% Gov ID numbers (Soc Sec) 49% Birth Dates 48% Home Address 45% Medical Records 39% Methodology This data is procured from the Norton Cybercrime Index (CCI). The Norton CCI is a statistical model that measures the levels of threats, including malicious software, fraud, identity theft, spam, phishing, and social engineering daily. The data breach section of the Norton CCI is derived from data breaches that have been reported by legitimate media sources and have exposed personal information. In some cases a data breach is not publicly reported during the same month the incident occurred, or an adjustment is made in the number of identities reportedly exposed. In these cases, the data in the Norton CCI is updated. This causes fluctuations in the numbers reported for previous months when a new report is released. Norton Cybercrime Index http://us.norton.com/protect-yourself
  14. 14. p. 14 Symantec Corporation Symantec Intelligence Report :: OCTOBER 2013 MOBILE
  15. 15. p. 15 Symantec Corporation Symantec Intelligence Report :: OCTOBER 2013 Mobile At a Glance Mobile Malware by Type Source: Symantec • So far in 2013, 37 percent of mobile malware tracks users, up from 15 percent in 2012. • Traditional threats, such as back doors and downloaders are present in 22 percent of all mobile malware threats. • Risks that collect data, the most common risk in 2012, is down 11 percentage points to 21 percent of risks. • Four new mobile malware families were discovered in October, along with 193 new variants. 37% 21% Track User Collect Data Risks that spy on the individual using the device, collecting SMS messages or phone call logs, tracking GPS coordinates, recording phone calls, or gathering pictures and video taken with the device. This includes the collection of both device- and user-specific data, such as device information, configuration data, or banking details. 22% Traditional Threats Threats that carry out traditional malware functions, such as back doors and downloaders. 24% 13% Change Settings These types of risks attempt to elevate privileges or simply modify various settings within the operating system. 7% Adware/Annoyance Send Content Mobile risks that display advertising or generally perform actions to disrupt the user. These risks will send text messages to premium SMS numbers, ultimately appearing on the bill of the device’s owner. Other risks can be used to send spam messages.
  16. 16. p. 16 Symantec Corporation Symantec Intelligence Report :: OCTOBER 2013 Cumulative Mobile Android Malware Source: Symantec 9000 320 8000 280 7000 240 6000 200 5000 160 4000 120 3000 80 2000 40 1000 O N D JAN 2013 F M A M J J FAMILIES A S O VARIANTS VARIANTS (CUMULATIVE) 10000 360 FAMILIES (CUMULATIVE) 400
  17. 17. p. 17 Symantec Corporation Symantec Intelligence Report :: OCTOBER 2013 VULNERABILITIES
  18. 18. p. 18 Symantec Corporation Symantec Intelligence Report :: OCTOBER 2013 Vulnerabilities At a Glance Total Vulnerabilities Disclosed by Month Source: Symantec • There were 663 new vulnerabilities discovered in October, bringing the total for the year up to 5527, a 17 percent increase compared to the same period in 2012. • There were 5 vulnerabilities discovered in mobile operating systems during the month of October. • Google’s Chrome browser continues to lead in reporting browser vulnerabilities, while Oracle’s Java leads in reported plug-in vulnerabilities. 800 700 600 500 400 300 200 100 O N D JAN 2013 F M A M J J Browser Vulnerabilities S Plug-in Vulnerabilities Source: Symantec A Source: Symantec 60% Apple Safari Google Chrome Microsoft Internet Explorer Mozilla Firefox Opera Adobe Acrobat Reader Adobe Flash Player Apple QuickTime Oracle Sun Java 60% 50% 50% 40% 40% 30% 30% 20% 20% 10% 10% O
  19. 19. p. 19 Symantec Corporation Symantec Intelligence Report :: OCTOBER 2013 SPAM, PHISHING, & MALWARE
  20. 20. p. 20 Symantec Corporation Symantec Intelligence Report :: OCTOBER 2013 Spam At a Glance Top 5 Activity for Spam Destination by Geography Source: Symantec • The global spam rate increased 1.3 percentage points in October to 67.7 percent, up from 66.4 percent in September. • Education was the most commonly targeted industry, knocking Pharmaceuticals from the top spot this month. Geography Percent • The top-level domain (TLD) for Russia, .ru, continues to top the list of malicious TLDs in October. Sri Lanka 81.2% Saudi Arabia 77.0% Hungary 76.9% China 72.5% Egypt 72.4% • Pharmaceutical spam is the most common category, at 69.4 percent. Sex/Dating spam comes in second at 23.6 percent. Top 5 Activity for Spam Destination by Industry Source: Symantec Industry Percent Education 68.8% Chem/Pharm 68.6% Non-Profit 68.3% Marketing/Media 68.2% Manufacturing 68.2%
  21. 21. p. 21 Symantec Corporation Symantec Intelligence Report :: OCTOBER 2013 Top 10 Sources of Spam Top 5 Activity for Spam Destination by Company Size Source: Symantec Source: Symantec Source Percent of All Spam Company Size Percent United States 6.90% 1-250 67.4% Finland 6.87% 251-500 67.9% India 5.96% 501-1000 67.6% Peru 5.47% 1001-1500 67.9% Italy 5.39% 1501-2500 67.6% Spain 5.04% 2501+ 67.8% Canada 4.95% Brazil 4.88% Argentina 4.25% Iran 3.45% Spam by Category Source: Symantec Category Pharma *Month 0Kb – 5Kb 5Kb – 10Kb >10Kb Sep 19.6% 20.4% 60.0% Aug 33.1% 34.1% 23.6% Jobs Source: Symantec 69.4% Sex/Dating Average Spam Message Size* Percent 3.9% Watches 1.2% Software 0.8% 32.9% *Data lags one month Spam URL Distribution Based on Top Level Domain Name* Source: Symantec *Month .ru .com .biz .info Sep 37.92% 30.82% 13.83% 4.2% *Data lags one month
  22. 22. p. 22 Symantec Corporation Symantec Intelligence Report :: OCTOBER 2013 Phishing Top 5 Activity for Phishing Destination by Company Size At a Glance Source: Symantec • The global phishing rate is down in October, comprising one in 1 in 1,134.9 email messages. In September this rate was one in 1 in 1,055.7. Company Size Rate • Financial themes continue to be the most frequent subject matter, with 78.9 percent of phishing scams containing this theme. 1-250 1 in 763.6 • Australia has the highest rate in October, where one in 370.9 emails was a phishing scam. 251-500 1 in 1,383.8 • The United States tops the list of sources of phishing emails, responsible for distributing 32.8 percent of phishing scams. 501-1000 1 in 1,941.8 • The Public Sector was the most targeted industry in October, with one in every 460.2 emails received in this industry being a phishing scam. 1001-1500 1 in 1,478.4 1501-2500 1 in 2,370.0 2501+ 1 in 1,114.2 Top 10 Sources of Phishing Top 5 Activity for Phishing Destination by Industry Source: Symantec Source: Symantec Source Percent Industry Rate United States 31.84% Public Sector 1 in 460.2 Germany 18.70% Finance 1 in 631.5 United Kingdom 16.22% Education 1 in 651.7 South Africa 15.23% Marketing/Media 1 in 739.5 Australia 6.26% Accom/Catering 1 in 825.5 Sweden 3.80% Brazil 2.11% Hong Kong 0.88% Netherlands 0.77% Canada 0.63% Top 5 Activity for Phishing Destination by Geography Source: Symantec Geography Rate Australia 1 in 370.9 Monaco 1 in 486.3 South Africa 1 in 534.2 United Kingdom 1 in 726.7 Denmark 1 in 809.9
  23. 23. p. 23 Symantec Corporation Symantec Intelligence Report :: OCTOBER 2013 Phishing Distribution Organizations Spoofed in Phishing Attacks Source: Symantec Source: Symantec Organizations Spoofed in Phishing Attacks: Phishing Distribution: Automated Toolkits 52.9% Financial Other Unique Domains 34.8% 78.9% Information Services IP Address Domains 8.4% Free Web Hosting Sites 2.8% Typosquatting 1.1% 15.3% Retail 4.3% Computer Software 1.2% Communications 0.6%
  24. 24. p. 24 Symantec Corporation Symantec Intelligence Report :: OCTOBER 2013 Malware Top 10 Email Virus Sources At a Glance Source: Symantec • The global average virus rate in October was one in 436.7 emails, compared to one in 383.1 in September. Geography 33.31% Australia 6.17% India 2.39% Netherlands 2.33% South Africa 2.30% Japan 1.78% Hong Kong 1.78% Canada 1.70% France • Small-to-medium size businesses with 1-250 employees were the most targeted company size, where one and 369.6 emails contained a virus. 38.18% United States • The United Kingdom was also the largest source of virus-laden emails, making up 38.2 percent of all email-based viruses. Percent United Kingdom • The United Kingdom topped the list of geographies, with one in 240.7 emails containing a virus. 1.68% Proportion of Email Traffic in Which Virus Was Detected Source: Symantec 1 in 50 1 in 100 1 in 150 1 in 200 1 in 250 1 in 300 1 in 350 1 in 400 1 in 450 1 in 500 O N D JAN 2013 F M A M J J A S O
  25. 25. p. 25 Symantec Corporation Symantec Intelligence Report :: OCTOBER 2013 Top 5 Activity for Malware Destination by Industry Top 5 Activity for Malware Destination by Geographic Location Source: Symantec Source: Symantec Industry Rate Geography Rate Public Sector 1 in 179.4 United Kingdom 1 in 240.7 Telecoms 1 in 186.2 United Arab Emirates 1 in 278.1 Other 1 in 231.6 Australia 1 in 297.5 Transport/Util 1 in 303.9 Austria 1 in 325.7 Accom/Catering 1 in 317.9 Hungary 1 in 342.8 Top 5 Activity for Malware Destination by Company Size Source: Symantec Company Size Rate 1-250 1 in 369.6 251-500 1 in 447.4 501-1000 1 in 601.9 1001-1500 1 in 469.5 1501-2500 1 in 718.6 2501+ 1 in 413.8
  26. 26. p. 26 Symantec Corporation Symantec Intelligence Report :: OCTOBER 2013 Endpoint Security At a Glance Top 10 Most Frequently Blocked Malware Source: Symantec • Variants of W32.Ramnit accounted for 13.7 percent of all malware blocked at the endpoint. • In comparison, 6.7 percent of all malware were variants of W32.Sality. • Approximately 40.5 percent of the most frequently blocked malware last month was identified and blocked using generic detection. Malware Percent W32.Sality.AE 5.96% W32.Ramnit!html 5.34% W32.Ramnit.B 4.62% W32.Almanahe.B!inf 3.80% W32.Downadup.B 3.60% W32.Ramnit.B!inf 3.22% Trojan.Malscript 2.22% W32.Virut.CF 2.04% Trojan.Zbot 1.55% W32.SillyFDC 1.49%
  27. 27. p. 27 Symantec Corporation Symantec Intelligence Report :: OCTOBER 2013 Policy Based Filtering At a Glance Policy Based Filtering Source: Symantec • The most common trigger for policy-based filtering applied by Symantec Web Security .cloud for its business clients was for the “Social Networking” category, which accounted for 51.6 percent of blocked Web activity in October. • “Advertisement & Popups” was the second-most common trigger, comprising 19.7 percent of blocked Web activity. Category Percent Social Networking 51.63% Advertisement & Popups 19.67% Streaming Media 3.86% Hosting Sites 3.70% Computing & Internet 3.21% Chat 2.67% Peer-To-Peer 2.49% Search 2.13% Gambling 0.94% News 0.87%
  28. 28. p. 28 Symantec Corporation Symantec Intelligence Report :: OCTOBER 2013 About Symantec Symantec protects the world’s information and is a global leader in security, backup, and availability solutions. Our innovative products and services protect people and information in any environment—from the smallest mobile device to the enterprise data center to cloudbased systems. Our world-renowned expertise in protecting data, identities, and interactions gives our customers confidence in a connected world. More information is available at www.symantec.com or by connecting with Symantec at go.symantec.com/socialmedia. More Information •  Security Response Publications: http://www.symantec.com/security_response/publications/ •  Internet Security Threat Report Resource Page: http://www.symantec.com/threatreport/ •  Symantec Security Response: http://www.symantec.com/security_response/ •  Norton Threat Explorer: http://us.norton.com/security_response/threatexplorer/ •  Norton Cybercrime Index: http://us.norton.com/cybercrimeindex/
  29. 29. Confidence in a connected world. For specific country offices and contact numbers, please visit our website. For product information in the U.S., call toll-free 1 (800) 745 6054. Symantec Corporation World Headquarters 350 Ellis Street Mountain View, CA 94043 USA +1 (650) 527 8000 1 (800) 721 3934 www.symantec.com Copyright © 2013 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

×