Internet Security Threat Report Reveals 81 Percent Increase in Malicious Attacks

The number of security vulnerabilities declined in 2011 but malicious attacks skyrocketed 81 percent from 2010, according a new Internet Security Threat Report by Symantec.

Advanced targeted attacks, in particular, were on the rise in 2011 and they are spreading to organizations of all sizes.

"Targeted attacks have changed," says Liam O Murchu, manager of security response operations for North America at Symantec. "The picture that we had before of targeted attacks was they went after CEOs or other top people in a company, and they went after very large companies and government agencies. Targeted attacks are now being spread out and used in far more scenarios."

O Murchu said the number of daily targeted attacks increased to an average of 94 per day by the end of November 2011. While targeted attacks have traditionally focused on the public sector and large organizations, more than 50 percent of targeted attacks in 2011 took aim at organizations with fewer than 2,500 employees. Nearly 18 percent of targeted attacks focused on companies with fewer than 250 employees.

O Murchu believes attackers may be targeting these smaller companies because they are in the supply chain or partner ecosystem of a larger company and are less well defended.

Attackers-who primarily use social engineering and malware to gain access to sensitive information-are also diversifying their targets within organizations. In the past, attackers largely focused their efforts on high-level executives, but 58 percent of attacks in 2011 targeted non-executives. O Murchu says many of the targets were in roles such as human resources, public relations and sales. While these workers may not have access to the data the attacker is ultimately after, they are often a convenient vector for penetrating an organization's defenses because they are easy to identify online and are used to being contacted and sent attachments (like resumes) from unknown sources.

Since many companies lack role-based access management that control what resources individual workers have access to depending on their role within the company, an attacker who successfully targets one of these workers often has access to a great deal of sensitive data.

"What companies need to realize right now is that once attackers get inside the perimeter of their network, they're going to spread out," O Murchu says. "Your defenses should not be focused primarily on the perimeter of the network. You should access controls set up correctly on all of your valuable data. And you should have applications in place that can watch for the loss of valuable data."

Symantec found more than 232.4 million identities were exposed overall in 2011, with an average of 1.1 million identities stolen per data breach. Attackers especially targeted the healthcare vertical. At 43 percent, Healthcare topped the list of sectors by number of data breaches. Government and education were numbers two and three, with 14 percent and 13 percent, respectively.

"We did see healthcare particularly targeted," O Murchu says. "It's likely that's because the attackers see healthcare providers as an easier target. They know they're going to have a large amount of information on their customers if they can get in."

But while the healthcare sector led the pack in number of data breaches, the picture is very different when measured by the number of identities exposed in breaches. There, healthcare was third, accounting for 8 percent of identities exposed in 2011. Instead, the Computer Software and Information Technology sectors were far and away the greatest culprits. The Computer Software sector accounted for 44 percent of the number of identities exposed, despite representing only 5 percent of the number of data breaches in 2011. The Information Technology sector accounted for 41 percent of the number of identities exposed, despite representing only 3 percent of the number of data breaches in 2011.

Hacking attacks were not the most frequent cause of data breaches, but they had the greatest effect. Hacking attacks exposed more than 187.2 million identities in 2011 according to the Norton Cybercrime Index. Lost or stolen devices-USB sticks, laptops, smartphones and tablets-accounted for 34.3 percent of breaches, making it the largest category. Theft or loss of these devices accounted for 18.5 million exposed identities.

Separately, Symantec said that spam levels dropped considerably in 2011, from 88.5 percent of all email in 2010 to 75.1 percent of all email in 2011. Symantec said that on average, 42 million spam messages were in global circulation per day in 2011, compared with 66.1 billion per day in 2010. Some of that may be the result of the takedown of the Rustock botnet. That botnet primarily pumped out pharmaceutical spam, and that category of spam was down 34 percent between 2010 and 2011. However, Symantec noted that the drop in spam may also be a result of attackers turning their attention to social networks as attack vectors. Recipients of such messages in social networks are often more apt to believe the links come from a trusted source.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.