Symantec's 2011 Internet Security Threat Report, Volume 17 shows that while the number of vulnerabilities decreased by 20 percent, the number of malicious attacks continued to skyrocket by 81 percent. In addition, the report highlights that advanced targeted attacks are spreading to organizations of all sizes and variety of personnel, data breaches are increasing, and that attackers are focusing on mobile threats.
11. Four Key Trends
Malware Targeted Mobile Data
Attacks Attacks
Internet Security Threat Report, Vol. 17
Threats Breaches
81% ↑ Expand Expose All on Rise
Internet Threat Report 17 11
14. The Big Numbers for 2011
5.5B Attacks blocked by Symantec +81%
403M Unique variants of malware +41%
4,597 Web attacks per day +36%
4,989 New vulnerabilities -20%
8 Zero-day vulnerabilities -43%
315 New mobile vulnerabilities +93%
75% Spam rate -34%
Internet Security Threat Report, Vol. 17 14
16. Top Families Dominate Malicious Code
• 10 families account for 45% of all unique malware variants
Internet Security Threat Report, Vol. 17 16
17. Spam Still Effective, but Changes Underway
Internet Security Threat Report, Vol. 17 17
18. Vulnerabilities Not Being Discovered at Previous Rate
• Zero-day vulnerabilities also down in 2011
– Stuxnet affected 2010 numbers
Internet Security Threat Report, Vol. 17 18
19. Why is Malware Continuing to Rise?
• Attack tool kits continue to flourish
• Increase efficacy of known vulnerabilities
Internet Security Threat Report, Vol. 17 19
20. Why is Malware Continuing to Rise?
• Web attacks are increasing
Internet Security Threat Report, Vol. 17 20
21. Which Website is More Dangerous?
Internet Security Threat Report, Vol. 17 21
22. Most Harmful Websites by Categories
• Sites with poor security become easy targets for malware authors
• Some businesses understand that customers will visit sites that infect them
Internet Security Threat Report, Vol. 17 22
23. Why is Malware Continuing to Rise?
• Cybercriminals taking advantage of social media
– Social media is viral in nature
– People are less suspicious of content from friends
Internet Security Threat Report, Vol. 17 23
24. Social Engineering is Effective in Social Media
• Users willing to help infect themselves
Internet Security Threat Report, Vol. 17 24
27. Assumption #1
Only large corporations,
governments and defense
industries are targeted
for attack
Internet Security Threat Report, Vol. 17 27
28. Organizations of All Sizes at Risk of Targeted Attacks
13,428 13,518
1501-2500
1001-1500
501-1000
250-500
<250
18%
2,500+
Internet Security Threat Report, Vol. 17 28
29. Targeted Attacks by Sector
Government & Public Sector
Manufacturing
Finance
IT Services
Chemical & Pharmaceutical
Transport & Utilities
Non-Profit
Marketing & Media
Education
Retail
Internet Security Threat Report, Vol. 17 29
30. Targeted Attacks by Sector
Government & Public Sector
Manufacturing
Finance
IT Services
Chemical & Pharmaceutical
Transport & Utilities
Non-Profit
Marketing & Media
Education
Retail
Internet Security Threat Report, Vol. 17 30
31. Assumption #2
Only CEOs and senior
managers are targeted
Internet Security Threat Report, Vol. 17 31
32. Targeted Attacks by Job Function
C-Level
Senior
R&D
Sales
Media
Shared Mailbox
PA
Recruitment
Internet Security Threat Report, Vol. 17 32
33. Targeted Attacks by Job Function
C-Level
Senior
R&D
Sales
Media
Shared Mailbox
PA
Recruitment
Internet Security Threat Report, Vol. 17 33
34. Assumption #3
A targeted attack is a
single attack
Internet Security Threat Report, Vol. 17 34
35. Use Case: Taidoor
• One target was attacked for 9 straight months
• In June, attacks occurred almost once a day
Internet Security Threat Report, Vol. 17 35
36. Number of Data Breaches Continues to Rise
Internet Security Threat Report, Vol. 17 36
37. Data Breaches
• Hactivism helped drive this dramatic increase over 2010
Internet Security Threat Report, Vol. 17 37
39. Data Breaches
• 232 million identities were stolen in 2011 (1.1 million/breach avg.)
Internet Security Threat Report, Vol. 17 39
40. Mobile Threats Expose Organizations and
Consumers
Internet Security Threat Report, Vol. 17 40
41. Mobile Malware on the Rise
• This represents families of mobile malware
• There are 3,000-4,000 variants in the wild today and growing
Internet Security Threat Report, Vol. 17 41
42. Mobile Threats Focus Areas for Malware Authors
• Stealing information, spying and sending SMS messages
• Malware authors porting old threats and working on new ones
• Most popular way to make money? Sending premium SMS
Internet Security Threat Report, Vol. 17 42
43. Sending Content = Dialing for Dollars
Internet Security Threat Report, Vol. 17 43
44. Mobile Phones: A New Source of Data Breaches
• Mobile devices contain work and personal information
• Unlike a desktop computer they are easily stolen
• …. and often lost
Internet Security Threat Report, Vol. 17 44
45. Project
Honey
Stick
Los Angeles
San Francisco
Washington, D. C.
New York
Ottawa, Canada
Internet Threat Report 17 45
48. What’s Ahead in 2012?
Attackers will
capitalize on
work/personal
Macs are not info on mobiles
immune
Cloud computing
and mobile will
Targeted attacks force IT to rethink
will continue security
Internet Security Threat Report, Vol. 17 48
49. Best Practices for Protection
Internet Security Threat Report, Vol. 17 49
50. Thwarting Malware Attacks: Defense
Advanced Reputation Security • Detect and block new and unknown threats based on reputation and ranking
• More than just AV – need to use full functionality of endpoint protection
Layered Endpoint Protection • Restrict removable devices and turn off auto-run to prevent malware infection
• Monitor for network intrusions, propagation attempts and other suspicious
Layered Network Protection traffic patterns
• Ensure employees become the first line of defense against socially engineered
Security Awareness Training attacks
Internet Security Threat Report, Vol. 17 50
51. Thwarting Targeted Attacks
Advanced Reputation Security • Detect and block new and unknown threats based on reputation and ranking
Employ Offensive Protection • Set strong permissions around apps, servers and clusters, according to
Strategies sensitivity of information processed
Removable Media Device • Restrict removable devices and functions to prevent malware infection
Control
• Scan and monitor inbound/outbound email and web traffic and block
Email & Web Gateway Filtering accordingly
Data Loss Prevention • Discover data spills of confidential information that are targeted by attackers
Encryption • Create and enforce security policy so all confidential information is encrypted
Network Threat and • Monitor for network intrusions, propagation attempts and other suspicious
Vulnerability Monitoring traffic patterns
Internet Security Threat Report, Vol. 17 51
52. Avoiding Data Breaches
Data Classification • Which information should you protect?
• Discover data spills of confidential information that are targeted by attackers
Data Loss Prevention • Enforce rules prohibiting access of confidential data using applications
• Locks down key systems that contain confidential information
Host-based Intrusion Prevention • Prevents any unauthorized code to run — independent of AV signatures
• Scan and monitor inbound/outbound email and web traffic and block
Email & Web Gateway Filtering accordingly
Encryption • Create and enforce security policy so all confidential information is encrypted
Strong Authentication • Two-factor authentication to protect against credential theft
Internet Security Threat Report, Vol. 17 52
53. Mitigating Mobile Threats
• Remotely wipe devices in case of theft or loss
Device Management • Update devices with applications as needed without physical access
• Get visibility and control of devices, users and applications
• Guard mobile device against malware and spam
Device Security • Prevent the device from becoming a vulnerability
• Identify confidential data on mobile devices
Content Security • Encrypt mobile devices to prevent lost devices from turning into lost
confidential data
• Strong authentication and authorization for access to enterprise applications
Identity and Access and resources
• Allow access to right resources from right devices with right postures
Internet Security Threat Report, Vol. 17 53