Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012

2011: The Year in NumbersInternet Security Threat Report, Vol. 17 2

Internet Security Threat Report, Vol. 17 3

Internet Threat Report 17 8

Four Key TrendsMalware Targeted Mobile DataAttacks AttacksInternet Security Threat Report, Vol. 17 Threats Breaches81% ↑ Expand Expose All on Rise Internet Threat Report 17 11

Malware Activity at a GlanceInternet Security Threat Report, Vol. 17 12

The Big Numbers for 2011 5.5B Attacks blocked by Symantec +81% 403M Unique variants of malware +41% 4,597 Web attacks per day +36% 4,989 New vulnerabilities -20% 8 Zero-day vulnerabilities -43% 315 New mobile vulnerabilities +93% 75% Spam rate -34%Internet Security Threat Report, Vol. 17 14

Malware Attacks Continue to GrowInternet Security Threat Report, Vol. 17 15

Top Families Dominate Malicious Code• 10 families account for 45% of all unique malware variantsInternet Security Threat Report, Vol. 17 16

Spam Still Effective, but Changes UnderwayInternet Security Threat Report, Vol. 17 17

Vulnerabilities Not Being Discovered at Previous Rate• Zero-day vulnerabilities also down in 2011 – Stuxnet affected 2010 numbersInternet Security Threat Report, Vol. 17 18

Why is Malware Continuing to Rise?• Attack tool kits continue to flourish• Increase efficacy of known vulnerabilitiesInternet Security Threat Report, Vol. 17 19

Why is Malware Continuing to Rise?• Web attacks are increasingInternet Security Threat Report, Vol. 17 20

Which Website is More Dangerous?Internet Security Threat Report, Vol. 17 21

Most Harmful Websites by Categories• Sites with poor security become easy targets for malware authors• Some businesses understand that customers will visit sites that infect themInternet Security Threat Report, Vol. 17 22

Why is Malware Continuing to Rise?• Cybercriminals taking advantage of social media – Social media is viral in nature – People are less suspicious of content from friendsInternet Security Threat Report, Vol. 17 23

Social Engineering is Effective in Social Media• Users willing to help infect themselvesInternet Security Threat Report, Vol. 17 24

Targeted Attacks Have ExpandedInternet Security Threat Report, Vol. 17 25

Advanced Targeted Threats Your Assumptions are WrongInternet Security Threat Report, Vol. 17 26

Assumption #1 Only large corporations, governments and defense industries are targeted for attackInternet Security Threat Report, Vol. 17 27

Organizations of All Sizes at Risk of Targeted Attacks 13,428 13,5181501-25001001-1500 501-1000 250-500 <250 18% 2,500+ Internet Security Threat Report, Vol. 17 28

Targeted Attacks by Sector Government & Public Sector Manufacturing Finance IT Services Chemical & Pharmaceutical Transport & Utilities Non-Profit Marketing & Media Education RetailInternet Security Threat Report, Vol. 17 29

Targeted Attacks by Sector Government & Public Sector Manufacturing Finance IT Services Chemical & Pharmaceutical Transport & Utilities Non-Profit Marketing & Media Education RetailInternet Security Threat Report, Vol. 17 30

Assumption #2 Only CEOs and senior managers are targetedInternet Security Threat Report, Vol. 17 31

Targeted Attacks by Job Function C-Level Senior R&D Sales Media Shared Mailbox PA RecruitmentInternet Security Threat Report, Vol. 17 32

Targeted Attacks by Job Function C-Level Senior R&D Sales Media Shared Mailbox PA RecruitmentInternet Security Threat Report, Vol. 17 33

Assumption #3 A targeted attack is a single attackInternet Security Threat Report, Vol. 17 34

Use Case: Taidoor• One target was attacked for 9 straight months• In June, attacks occurred almost once a dayInternet Security Threat Report, Vol. 17 35

Number of Data Breaches Continues to RiseInternet Security Threat Report, Vol. 17 36

Data Breaches• Hactivism helped drive this dramatic increase over 2010Internet Security Threat Report, Vol. 17 37

Data BreachesInternet Security Threat Report, Vol. 17 38

Data Breaches• 232 million identities were stolen in 2011 (1.1 million/breach avg.)Internet Security Threat Report, Vol. 17 39

Mobile Threats Expose Organizations and ConsumersInternet Security Threat Report, Vol. 17 40

Mobile Malware on the Rise• This represents families of mobile malware• There are 3,000-4,000 variants in the wild today and growingInternet Security Threat Report, Vol. 17 41

Mobile Threats Focus Areas for Malware Authors• Stealing information, spying and sending SMS messages• Malware authors porting old threats and working on new ones• Most popular way to make money? Sending premium SMSInternet Security Threat Report, Vol. 17 42

Sending Content = Dialing for DollarsInternet Security Threat Report, Vol. 17 43

Mobile Phones: A New Source of Data Breaches• Mobile devices contain work and personal information• Unlike a desktop computer they are easily stolen• …. and often lostInternet Security Threat Report, Vol. 17 44

Project Honey Stick Los Angeles San Francisco Washington, D. C. New York Ottawa, CanadaInternet Threat Report 17 45

What’s Ahead in 2012? Attackers will capitalize on work/personal Macs are not info on mobiles immune Cloud computing and mobile will Targeted attacks force IT to rethink will continue securityInternet Security Threat Report, Vol. 17 48

Best Practices for ProtectionInternet Security Threat Report, Vol. 17 49

Thwarting Malware Attacks: Defense Advanced Reputation Security • Detect and block new and unknown threats based on reputation and ranking • More than just AV – need to use full functionality of endpoint protection Layered Endpoint Protection • Restrict removable devices and turn off auto-run to prevent malware infection • Monitor for network intrusions, propagation attempts and other suspicious Layered Network Protection traffic patterns • Ensure employees become the first line of defense against socially engineered Security Awareness Training attacksInternet Security Threat Report, Vol. 17 50

Thwarting Targeted Attacks Advanced Reputation Security • Detect and block new and unknown threats based on reputation and ranking Employ Offensive Protection • Set strong permissions around apps, servers and clusters, according to Strategies sensitivity of information processed Removable Media Device • Restrict removable devices and functions to prevent malware infection Control • Scan and monitor inbound/outbound email and web traffic and block Email & Web Gateway Filtering accordingly Data Loss Prevention • Discover data spills of confidential information that are targeted by attackers Encryption • Create and enforce security policy so all confidential information is encrypted Network Threat and • Monitor for network intrusions, propagation attempts and other suspicious Vulnerability Monitoring traffic patternsInternet Security Threat Report, Vol. 17 51

Avoiding Data Breaches Data Classification • Which information should you protect? • Discover data spills of confidential information that are targeted by attackers Data Loss Prevention • Enforce rules prohibiting access of confidential data using applications • Locks down key systems that contain confidential informationHost-based Intrusion Prevention • Prevents any unauthorized code to run — independent of AV signatures • Scan and monitor inbound/outbound email and web traffic and block Email & Web Gateway Filtering accordingly Encryption • Create and enforce security policy so all confidential information is encrypted Strong Authentication • Two-factor authentication to protect against credential theftInternet Security Threat Report, Vol. 17 52

Mitigating Mobile Threats • Remotely wipe devices in case of theft or loss Device Management • Update devices with applications as needed without physical access • Get visibility and control of devices, users and applications • Guard mobile device against malware and spam Device Security • Prevent the device from becoming a vulnerability • Identify confidential data on mobile devices Content Security • Encrypt mobile devices to prevent lost devices from turning into lost confidential data • Strong authentication and authorization for access to enterprise applications Identity and Access and resources • Allow access to right resources from right devices with right posturesInternet Security Threat Report, Vol. 17 53

Stay Informed www.symantec.com/threatreportSecurity Response Website Twitter.com/threatintelInternet Security Threat Report, Vol. 17 54

Thank you! Presenter Information Here Copyright © 2012 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.Internet Security Threat Report, Vol. 17 55

Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012

by Symantec

Accessibility

Categories

Upload Details

Usage Rights

2 Embeds 7

Statistics

Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012 Presentation Transcript

http://ilccyberreport.wordpress.com	6
https://twitter.com	1