The Symantec Intelligence report provides the latest analysis of cyber security threats, trends and insights from the Symantec Intelligence team concerning malware, spam, and other potentially harmful business risks.
The data used to compile the analysis for this combined report includes data from May 2011 through August 2012.
2. About the Symantec Intelligence Report
The Symantec Intelligence report provides the latest analysis of
cyber security threats, trends and insights from the Symantec
Intelligence team concerning malware, spam, and other
potentially harmful business risks.
The data used to compile the analysis for this combined report
includes data from May 2011 through August 2012.
Symantec Intelligence 2
3. August 2011 Highlights
ā¢ The state of data breaches to date in 2012
ā¢ A look at a malicious email scam that pretends to come from
Symantec
ā¢ A new Java zero-day vulnerability appears in the wild
ā¢ An overview of the Elderwood Project
ā¢ Spam ā 72.3 percent (an increase of 4.7 percentage points since July)
ā¢ Phishing ā One in 312.9 emails identified as phishing (an increase of
0.109 percentage points since July)
ā¢ Malware ā One in 233.1 emails contained malware (a decrease of
0.14 percentage points since July)
ā¢ Malicious Web sites ā 1 website blocked per day (a decrease of 49.8
percent since July)
Symantec Intelligence 3
4. Data Breaches
ā¢ We compared two 8-month data sets: May-December 2011 and
January-August of 2012.
ā¢ The average number of breaches per month was down (16.5 to
14 per month)
ā¢ Average number of identities stolen per breach is down, likely
due to fewer extremely large breaches, but the median is up
significantly: from 4,000 to 6,800 per breach.
ā¢ Hackers are responsible for most breaches, making up 40% of
all breaches and 88% of all identities exposed.
ā¢ The Retail industry accounts for the largest sector where
identities are exposed.
ā¢ Healthcare suffered the highest number of breaches so far in
2012.
Symantec Intelligence 4
5. Spam Rate & Sources
5
Spam Rate 83.3% Saudi Arabia 75.6% Education 73.3% 1-250
72.9% 251-500
78.1% Norway 74.3% Non-Profit
72.3% 77.6% China
77.3% Oman
74.3% Marketing/Media
74.3% Engineering
72.6% 501-1000
73.1% 1001-1500
72.5% 1501-2500
76.7% Brazil 73.7% Gov/Public Sector 72.8% 2501+
Last Month: 67.6%
Six MonthAvg.: 67.2% Top 5 Geographies Top 5 Verticals By Horizontal
72.3%
2006 2007 2008 2009 2010 2011 2012
Saudi Arabia 25.7%
Sources
India 15.2%
Turkey 5.3%
Canada 4.9%
United States 4.6%
Brazil 4.2%
Viet Nam 2.0%
Russian Federation 1.4%
Korea (South) 1.4%
Argentina 1.3%
August 2012
9. Additional Spam Metrics
Global Spam Categories
Category Name August 2012 July 2012
Sex/Dating 42.51% 23.46%
Pharma 32.61% 12.87%
Watches 8.55% 2.40%
Jobs 6.85% 1.52%
Software 5.86% 1.54%
Casino 1.60% 0.50%
419/scam/lotto 0.76% 0.08%
Degrees 0.60% 0.18%
Mobile 0.48% 0.07%
Weight Loss 0.11% 0.14%
Newsletters 0.07% 57.22%
Symantec Intelligence 9
10. Phishing Rate & Sources
Phishing Rate 1 in 122.6 Netherlands 1 in 83.1 Public Sector 1 in 295.8 1-250
1 in 571.0 251-500
1 in 140.3 South Africa 1 in 110.9 Finance
1 in 312.9 1 in 140.8 United Kingdom
1 in 343.6 Canada
1 in 232.5 Education
1 in 304.6 Accom/Catering
1 in 704.0 501-1000
1 in 629.0 1001-1500
1 in 1,109.9 1501-2500
1 in 464.0 Denmark 1 in 368.4 Building/Cons 1 in 232.5 2501+
Last Month: 1 in 475.3
Six MonthAvg.: 1 in 466.5 Top 5 Geographies Top 5 Verticals By Horizontal
1 in 312.9
2006 2007 2008 2009 2010 2011 2012
United States 37.3%
Sources
United Kingdom 28.9%
New Zealand 15.9%
Australia 4.8%
Canada 3.9%
India 3.5%
Korea, Republic of 1.7%
Sweden 1.0%
South Africa 0.7%
Hong Kong 0.3%
August 2012
10
11. Phishing Rate & Sources
Phishing Web Sites Locations
Country July* June
United States 52.0% 50.0%
Germany 6.0% 6.4%
United Kingdom 4.1% 4.4%
Canada 3.4% 2.9%
Brazil 3.2% 3.7%
France 2.9% 2.9%
Russia 2.5% 2.9%
Netherlands 2.3% 2.3%
Poland 1.4% 1.4%
*Note: Data lags one month Spain 1.2% 0.9%
August 2012
11
12. Tactics of Phishing Distribution
Automated Toolkits
Other Unique Domains
IP Address Domains
Free Web Hosting Sites
Typosquatting
Symantec Intelligence 12
13. Organizations Spoofed in Phishing Attacks, by Industry
Sector
E-Commerce 39.31%
Information Services 32.31%
Banking 27.01%
Telecommunications 0.52%
Retail 0.40%
Communications 0.27%
Government 0.17%
Insurance 0.009%
ISP 0.008%
Retail Trade 0.003%
Security 0.001%
Symantec Intelligence 13
14. Virus Rate
Virus Rate 1 in 107.7 Netherlands 1 in 54.0 Public Sector 1 in 251.0 1-250
1 in 283.8 251-500
1 in 115.1 United Kingdom 1 in 111.0 Education
1 in 233.1 1 in 178.3 Austria
1 in 212.0 Hungary
1 in 157.7 Accom/Catering
1 in 161.0 Finance
1 in 339.1 501-1000
1 in 262.6 1001-1500
1 in 474.1 1501-2500
1 in 276.3 Canada 1 in 200.9 Marketing/Media 1 in 188.9 2501+
Last Month: 1 in 340.9
Six MonthAvg.: 1 in 324.6 Top 5 Geographies Top 5 Verticals By Horizontal
1 in 233.1
2006 2007 2008 2009 2010 2011 2012
United Kingdom 53.2%
Sources
United States 23.3%
Brazil 5.1%
Australia 3.1%
Sweden 2.4%
South Africa 1.7%
Japan 1.6%
India 1.4%
Netherlands 1.4%
Hong Kong 1.3%
August 2012 14
16. New Malware and Spyware Sites Per Day
Web Security Services Activity:
New Malware Sites per Day
New sites with spyware 11/day
New sites with web viruses 1,088/day
Total 1,099/day
2008 2009 2010 2011 2012
August 2012
Symantec Intelligence 16
17. Policy, Malware & Potentially Unwanted Programs
Web Security Services Activity:
Policy-Based Filtering Web Viruses and Trojans Potentially Unwanted Programs
Social Networking 30.2% Trojan.JS.Iframe.BPN 11.8% PUP:Generic.183433 9.3%
Advertisement and Popups 30.0% Suspicious.Pythia 9.7% PUP:Clkpotato!gen3 7.4%
Streaming Media 8.4% Trojan.Generic.4315639 6.8% Gen:Application.Heur 6.0%
Computing and Internet 4.1% JS:Trojan.Crypt.FC 5.5% PUP:Mediafinder 4.3%
Chat 4.0% Trojan.JS.Iframe.BRV 5.1% PUP:Agent.NLK 4.1%
Peer-To-Peer 2.9% Gen:Trojan.Heur.PT.Ci4abmtlSyo 4.8% PUP:9231 3.8%
Hosting Sites 2.7% Trojan.Maljava!gen23 3.8% PUP:Crossid 3.6%
Search 1.9% Trojan.JS.Agent.GHF 2.6% PUP:Android/DroidRooter.G 3.6%
News 1.6% Trojan.JS.Agent.GLM 2.4% PUP:Relevant.BH 3.6%
Games 1.5% Trojan.Webkit!html 2.3% PUP:Generic.183457 3.1%
August 2012
Symantec Intelligence 17
18. Most Frequently Blocked Malware at the Endpoint
Malware Name % Malware
W32.Sality.AE 6.78%
W32.Ramnit!html 5.99%
W32.Ramnit.B 4.78%
W32.Downadup.B 4.54%
W32.Ramnit.B!inf 3.44%
W32.Virut.CF 2.15%
W32.Almanahe.B!inf 2.05%
W32.SillyFDC.BDP!lnk 1.40%
W32.Mabezat.B 1.06%
W32.Virut!html 1.05%
[1] For further information on these threats, please visit: http://www.symantec.com/business/security_response/landing/threats.jsp
Symantec Intelligence 18
19. Where to next?
ā¢ Web:
ā www.symanteccloud.com/intelligence
ā www.symantec.com/spam
ā¢ Twitter:
ā @symanteccloud
Symantec Intelligence 19