Join Symantec Security Response experts on Twitter (using the #ISTR hashtag) on Tuesday, April 30, at 9 a.m. PT / 12 p.m. ET to chat about the key trends highlighted in Symantec’s recently released Internet Security Threat Report (ISTR), Volume 18.

The ISTR, which covers the major threat trends observed by Symantec in 2012, reveals a significant increase in cyberespionage to gain access to confidential formation and valuable intellectual property, and the criminals methods of obtain this information are shifting. In fact, the largest growth area for targeted attacks in 2012 was businesses with fewer than 250 employees; 31 percent of all attacks targeted them, representing a threefold increase from 2011.

Mark your calendars to join #ISTR chat and plan to discuss the latest attack vectors and techniques used by cybercriminals to gain access to your intellectual property.

Topic: Internet Security Threat Report: Volume 18—what does the data tell us?

The Symantec Internet Security Threat Report (ISTR) 2013 reveals how the threat landscape is evolving, compiling information from more than 69 million attack sensors in 157 countries around the world. This year’s report shows more targeted attacks, inceasing focus on smaller businesses, and the continued development of new threats.

Targeted attacks, hacktivism, and data breaches

Targeted attacks saw a 42 percent increase in 2012, to 116 per day on average, with a corresponding increase in data theft and incidents of industrial espionage. Attackers are changing their targets, as well. Small businesses make up a larger percentage of those targeted for attack then in 2011—a threefold increase–with 31 percent of all targeted attacks directed at companies with less than 250 employees. Attackers are finding valuable data to steal from small companies and fewer defenses in place to stop them. Manufacturing is now the most targeted business sector, making up 24 percent of targeted attacks. One of the most significant innovations in targeted attacks is the emergence of watering hole attacks. The attackers compromise the security of a website that an intended target is likely to visit, once the target visits the website their computer becomes infected with malware. This successful tactic, popularized by a group known as the Elderwood Gang, has infected up to 500 companies in a single day.

Over the past several weeks I’ve had the opportunity to present Symantec’s Internet Security Threat Reports to several of our customers.  It has been interesting to see the different reactions and feedback to various sections of the report, but one particular statistic in the report seems to consistently receive positive feedback and general agreement.

The statistic in question is from The Top Causes for Data Breach by Number of Incidents, 2011.  The specific statistic is that 34% of all incidents are due to Theft or Loss.   When I’ve discussed this particular statistic with customers, I have proposed that these incidents are entirely unnecessary.

At the root of nearly all of these types of incidents is a failure to properly implement, utilize, and enforce the judicious use of encryption on laptops, mobile devices, back tapes, USB storage, and other removable media.  If encryption is not in place on these devices and they are lost or stolen, most organizations have to assume that sensitive data was exposed and, depending on applicable laws and regulatory requirements report it as a data breach event.

Join Symantec security experts on Twitter (using the #ISTR hashtag) on Tuesday, May 15, at 10 a.m. PT / 1 p.m. ET to chat about the key trends highlighted in Symantec’s recently released Internet Security Threat Report, Volume 17.

This year’s report, which covers the major threat trends observed by Symantec in 2011, highlights several troubling developments. For example:

• Symantec blocked more than 5.5 billion malicious attacks in 2011, an increase of 81 percent over the previous year.
• The number of unique malware variants increased to 403 million and the number of Web attacks blocked per day increased by 36 percent.
• Targeted attacks are growing, with the number of daily targeted attacks increasing from 77 per day to 82 per day by the end of 2011. The targets of these attacks are also becoming more diverse, with SMBs being targeted in addition to large enterprises.

(Cross-posted from Symantec Connect)

The Internet is now a veritable minefield of malware, and it’s becoming more and more difficult to navigate.  Every year hundreds of millions of new threats appear and cybercriminals are constantly changing tactics hoping to catch users off-guard.

On Tuesday, April 26 at 10 a.m. PT, join me and Marc Fossi for a live Twitter discussion on the latest Internet Security Threat Report.  We will discuss the report and answer your questions using the #SecChat hash tag.

This year’s report notes that Symantec detected more than 286 million new threats in 2010. This number grows every year and in 2011 some of these threats will be pointed toward you.  Many companies found that to be the case last year and the ISTR covers the trends and tricks used in targeted and massive attacks by cybercriminals.  Among the trends from the report to be discussed will be the proliferation of attack kits – pre-written malicious code that purchasers can use to exploit vulnerabilities in Internet browsers and operating systems, the exploitation of social networks and URL shortening services to social engineer attacks, and the increased in zero-day  vulnerabilities in 2010.

(Cross-posted from Symantec Connect)

The Symantec Internet Security Threat Report Volume 16 covers trends in the Internet security threat landscape during 2010. It has been an interesting year, to say the least. We saw vulnerabilities implicated in major events such as the Trojan.Hydraq Incident, the Stuxnet attacks, and numerous zero-day attacks.

Here are some highlights:

• In terms of the sheer number of new vulnerabilities discovered, 2010 was a record year. At the time of writing, we documented 6,253 new vulnerabilities over the year.
• The rise in vulnerabilities was influenced by an increase in the number of new vendors that were affected by vulnerabilities in 2010. In 2010, Symantec documented 1,914 new vendors that were impacted by vulnerabilities, compared to 734 new vendors in 2009.
• This also means that the total number of vendors reporting vulnerabilities has increased, along with the number of security researchers reporting vulnerabilities.

As many speculate on the attack method used for the Epsilon data breach, it’s important to focus on what we do know. In the early phases of any data breach, it’s really hard to know who the perpetrators are and some hacker teams are pretty good at covering their tracks.  I think it’s prudent to refrain from speculation on means at this point, but I think we can discern motives at this point.

In many cases of course, an attacker’s motive is financial gain. Research from Symantec shows that customer data is often a favorite target. Symantec’s latest Internet Security Threat Report (ISTR), released today, indicates that customer-related information was the most exposed type of data in 2010. The ISTR found that exposure of information that can be used or sold for monetary gain is an integral aspect of cybercrime that uses malicious code.  Here too in this case, it appears the target of theft was data with significant market value: valid email addresses of customers of name brand enterprises.

(Cross-posted from Symantec Connect)

We are pleased to announce that Volume 16 of the Symantec Internet Security Threat Report (ISTR) is now available. There are some significant changes to the report this year, including several new metrics, a revamping of existing metrics, and a revised format. Aspects of the new format were first seen in the Report on Attack Kits and Malicious Websites, which was released earlier this year.

One point of interest in this most recent report is the continued prevalence of malicious code propagation through the sharing of malicious executables on removable media. This propagation mechanism has been ranked at the top for quite some time now, with no signs of coming down. However, in February 2011, right in midst of writing the report, we read an announcement by Microsoft that AutoPlay functionality (used extensively for this propagation mechanism) was getting an update that would significantly restrict its use. The update limits AutoPlay to CD and DVD media only, and as users adopt the update, we may see a substantial decline in the success rates of malicious code that makes use of it, such as SillyFDC and Sality.AE.