Join Symantec security experts on Twitter (using the #ISTR hashtag) on Tuesday, May 15, at 10 a.m. PT / 1 p.m. ET to chat about the key trends highlighted in Symantec’s recently released Internet Security Threat Report, Volume 17.

This year’s report, which covers the major threat trends observed by Symantec in 2011, highlights several troubling developments. For example:

• Symantec blocked more than 5.5 billion malicious attacks in 2011, an increase of 81 percent over the previous year.
• The number of unique malware variants increased to 403 million and the number of Web attacks blocked per day increased by 36 percent.
• Targeted attacks are growing, with the number of daily targeted attacks increasing from 77 per day to 82 per day by the end of 2011. The targets of these attacks are also becoming more diverse, with SMBs being targeted in addition to large enterprises.

(Cross-posted from Symantec Connect)

The Internet is now a veritable minefield of malware, and it’s becoming more and more difficult to navigate.  Every year hundreds of millions of new threats appear and cybercriminals are constantly changing tactics hoping to catch users off-guard.

On Tuesday, April 26 at 10 a.m. PT, join me and Marc Fossi for a live Twitter discussion on the latest Internet Security Threat Report.  We will discuss the report and answer your questions using the #SecChat hash tag.

This year’s report notes that Symantec detected more than 286 million new threats in 2010. This number grows every year and in 2011 some of these threats will be pointed toward you.  Many companies found that to be the case last year and the ISTR covers the trends and tricks used in targeted and massive attacks by cybercriminals.  Among the trends from the report to be discussed will be the proliferation of attack kits – pre-written malicious code that purchasers can use to exploit vulnerabilities in Internet browsers and operating systems, the exploitation of social networks and URL shortening services to social engineer attacks, and the increased in zero-day  vulnerabilities in 2010.

(Cross-posted from Symantec Connect)

The Symantec Internet Security Threat Report Volume 16 covers trends in the Internet security threat landscape during 2010. It has been an interesting year, to say the least. We saw vulnerabilities implicated in major events such as the Trojan.Hydraq Incident, the Stuxnet attacks, and numerous zero-day attacks.

Here are some highlights:

• In terms of the sheer number of new vulnerabilities discovered, 2010 was a record year. At the time of writing, we documented 6,253 new vulnerabilities over the year.
• The rise in vulnerabilities was influenced by an increase in the number of new vendors that were affected by vulnerabilities in 2010. In 2010, Symantec documented 1,914 new vendors that were impacted by vulnerabilities, compared to 734 new vendors in 2009.
• This also means that the total number of vendors reporting vulnerabilities has increased, along with the number of security researchers reporting vulnerabilities.

As many speculate on the attack method used for the Epsilon data breach, it’s important to focus on what we do know. In the early phases of any data breach, it’s really hard to know who the perpetrators are and some hacker teams are pretty good at covering their tracks.  I think it’s prudent to refrain from speculation on means at this point, but I think we can discern motives at this point.

In many cases of course, an attacker’s motive is financial gain. Research from Symantec shows that customer data is often a favorite target. Symantec’s latest Internet Security Threat Report (ISTR), released today, indicates that customer-related information was the most exposed type of data in 2010. The ISTR found that exposure of information that can be used or sold for monetary gain is an integral aspect of cybercrime that uses malicious code.  Here too in this case, it appears the target of theft was data with significant market value: valid email addresses of customers of name brand enterprises.

(Cross-posted from Symantec Connect)

We are pleased to announce that Volume 16 of the Symantec Internet Security Threat Report (ISTR) is now available. There are some significant changes to the report this year, including several new metrics, a revamping of existing metrics, and a revised format. Aspects of the new format were first seen in the Report on Attack Kits and Malicious Websites, which was released earlier this year.

One point of interest in this most recent report is the continued prevalence of malicious code propagation through the sharing of malicious executables on removable media. This propagation mechanism has been ranked at the top for quite some time now, with no signs of coming down. However, in February 2011, right in midst of writing the report, we read an announcement by Microsoft that AutoPlay functionality (used extensively for this propagation mechanism) was getting an update that would significantly restrict its use. The update limits AutoPlay to CD and DVD media only, and as users adopt the update, we may see a substantial decline in the success rates of malicious code that makes use of it, such as SillyFDC and Sality.AE.