190 likes | 437 Views
Symantec Security Intelligence Internet Security Threat Report Volume XVI June , 2011. Tiffany Jones. Director – Programs and Strategy Symantec Public Sector Division. Global Intelligence Network Identifies more threats, takes action faster & prevents impact. Calgary, Alberta.
E N D
Symantec Security IntelligenceInternet Security Threat ReportVolume XVIJune, 2011 Tiffany Jones Director – Programs and StrategySymantec Public Sector Division Symantec Internet Security Threat Report
Global Intelligence NetworkIdentifies more threats, takes action faster & prevents impact Calgary, Alberta Dublin, Ireland Tokyo, Japan San Francisco, CA Chengdu, China Mountain View, CA Austin, TX Culver City, CA Taipei, Taiwan Chennai, India Pune, India Worldwide Coverage Global Scope and Scale 24x7 Event Logging RapidDetection • Attack Activity • 240,000 sensors • 200+ countries • Malware Intelligence • 133M client, server, gateways monitored • Global coverage • Vulnerabilities • 40,000+ vulnerabilities • 14,000 vendors • 105,000 technologies • Spam/Phishing • 5M decoy accounts • 8B+ email messages/day • 1B+ web requests/day Information Protection Threat Triggered Actions Preemptive Security Alerts Symantec Internet Security Threat Report
Threat Activity TrendsAV Signatures in Perspective 3.1B 10M 286M 10M Signatures Malware Variants Malware Attacks Symantec Internet Security Threat Report
Threat Landscape2010 Trends Targeted Attacks continued to evolve Social Networking + social engineering = compromise Hide and Seek (zero-day vulnerabilities and rootkits) Attack Kits get a caffeine boost Mobile Threats increase Symantec Internet Security Threat Report (ISTR), Volume 16
Threat LandscapeTargeted attacks continue to evolve • High profile targeted attacks in 2010 – Hydraq and Stuxnet – raised awareness of the consequences of APTs • Stuxnet signaled a leap in the sophistication of these types of attacks • Four zero-day vulnerabilities • Stolen digital signatures • Ability to “leap” the air gap • Potential damage to infrastructure More Info: Detailed review in the:W32.Stuxnet Dossier& W32.Stuxnet Symantec Internet Security Threat Report
Threat LandscapeTargeted attacks continue to evolve • Less sophisticated attacks also cause significant damage • The average cost to resolve a data breach in 2010 was $7.2 million USD. Average Number of Identities Exposed per Data Breach by Cause Symantec Internet Security Threat Report
Threat Landscape Social networking + social engineering = compromise More Info: • Hackers have adopted social networking • Use profile information to create targeted social engineering • Impersonate friends to launch attacks • Leverage news feeds to spread SPAM, scams and massive attacks Detailed review of Social Media threats available inThe Risks of Social Networking Symantec Internet Security Threat Report
Threat Landscape Social networking + social engineering = compromise • Shortened URLs hide malicious links, increasinginfections • Shortened URLS leading to malicious websites observed on social networking sites, 73% were clicked 11 times or more Regular URL 35% Short URL 65% Symantec Internet Security Threat Report
Threat Landscape Hide and seek (zero-day vulnerabilities and rootkits) • Although the short term trend in exploitsof zero-days vulnerabilities is up, the long term is not • Nevertheless, zero daysare being used in amore aggressive way, e.g. they featured heavilyin the targeted attacksof 2010 • Attack toolkits help to spread knowledge of exploits that leverage vulnerabilities • Rootkitstaking more aggressive hold • Tidserv, Mebratix, and Mebroot are current front-runners Number of documented ‘zero-day’ vulnerabilities Symantec Internet Security Threat Report
Threat Landscape Attack kits get a caffeine boost • Attack kits continue to see widespread use – 61% of web based attacks are due to toolkits. • Java exploits added to many existing kits • Kits exclusively exploiting Java vulnerabilities appeared More Info: Detailed information available inISTR Mid-Term: Attack Toolkits and Malicious Websites Symantec Internet Security Threat Report
Threat Landscape Mobile threats • Currently most malicious code for mobile devices consists of Trojans that pose as legitimate applications • Will be increasingly targeted as they are used for financial transactions 163 vulnerabilities 2010 115 vulnerabilities 2009 More Info: 42% increase Security Issues for Mobile Devices and a review of Apple iOS and Google Android Symantec Internet Security Threat Report
Threat Activity TrendsMalicious Activity by Country Symantec Internet Security Threat Report (ISTR), Volume 16
Threat Activity TrendsMalicious Activity by Country • The US is the main source of bot-infected computers • Higher broadband capacity allows more attacks per second • Large-scale attacks using the ZeuS attack kit contributed to the high-ranking of China for Web-based attacks. • For the botnet associated with the Tidserv Trojan over half of all infected computers are in the US. Symantec Internet Security Threat Report
Threat Activity TrendsMalicious Activity by Country • Spam zombies dropped significantly in China but continue to be a major source of malicious activity in Brazil. • Phishing host in a country are tied to the broadband connectivity in that country as well as web hosting providers. Many phishing sites are hosted on free web space provided by ISPs. • New regulations requiring ISPs to register email servers and maintain logs in China likely contributed to this drop Symantec Internet Security Threat Report
Threat Activity TrendsData Breaches by Sector • Top three sectors only accounted for a quarter of all identities exposed • The average cost to resolve a data breach in 2010 was $7.2 million USD • Customer data accounted for 85% of identities exposed Average Number of Identities Exposed per Data Breach by Cause Average Number of Identities Exposed per Data Breach by Sector Volume of Data Breaches by Sector Symantec Internet Security Threat Report
Malicious Code TrendsThreats to confidential information • 64% of potential infections by the top 50 malicious code samples were threats to confidential information • Malicious code that allows remote access accounted for 92% of threats to confidential information in 2010, up from 85% Symantec Internet Security Threat Report
Fraud Activity TrendsPhishing categories • Banks were spoofed by 56% of phishing attacks • Many email-based fraud attempts referred to major events in 2010 Symantec Internet Security Threat Report
Fraud Activity TrendsSpam by category • Approximately three quarters of all spam in 2010 was related to pharmaceutical products • Symantec estimates that 95.5 billion spam emails were sent globally each day in 2010 Symantec Internet Security Threat Report
Defenses Against Targeted Attacks Symantec Internet Security Threat Report (ISTR), Volume 16