The Symantec Internet Security Threat Report (ISTR) 2013 reveals how the threat landscape is evolving, compiling information from more than 69 million attack sensors in 157 countries around the world. This year’s report shows more targeted attacks, inceasing focus on smaller businesses, and the continued development of new threats.

Targeted attacks, hacktivism, and data breaches

Targeted attacks saw a 42 percent increase in 2012, to 116 per day on average, with a corresponding increase in data theft and incidents of industrial espionage. Attackers are changing their targets, as well. Small businesses make up a larger percentage of those targeted for attack then in 2011—a threefold increase–with 31 percent of all targeted attacks directed at companies with less than 250 employees. Attackers are finding valuable data to steal from small companies and fewer defenses in place to stop them. Manufacturing is now the most targeted business sector, making up 24 percent of targeted attacks. One of the most significant innovations in targeted attacks is the emergence of watering hole attacks. The attackers compromise the security of a website that an intended target is likely to visit, once the target visits the website their computer becomes infected with malware. This successful tactic, popularized by a group known as the Elderwood Gang, has infected up to 500 companies in a single day.

I came across this article not too long ago and it really got me thinking about not only the places where I put my information on the Internet, but the reasons I put my information out there.  Most sites we put our information seem really innocuous and quasi-safe because we don’t think the site is very interesting to anyone but ourselves and a hand full of others with similar interests.  It seems like it almost becomes a “second nature” activity to just blindly assume that Internet sites that don’t ask for your credit card are okay cause well, it’s just my name, and maybe my phone number and/or address.

If you have kids you know how much they like jelly beans. Other than them being candy, I believe the multitude of colors and flavors greatly adds to their attraction. So I find myself in a large retail chain the other day walking past the aisle with USB drives. The store had all kind of USB drives in various colors, shapes and capacities, so I begin thinking of jelly beans. We all know if we do not pay attention and let our kids eat too many jelly beans that they can become sick, so I believe we are well beyond that point with USB drives. For our Enterprise organizations eating USB drives is most likely not an issue, but the public consumption / ownership of multiple drives is an issue. I personally know that I have over eight lying around in my household alone. Well I don’t believe the average consumer may have that many, however I would bet that most people own two or more.

With the end of 2011 upon us, one thing is sure: the mobile revolution is in full swing. Smartphones and tablets are everywhere.

In fact, according to the analyst firm Gartner, sales of smartphones will exceed 461 million this year – surpassing PC shipments in the process – and rise to 645 million in 2012. Combined sales of smartphones and tablets will be 44 percent greater than the PC market by the end of the year. Beyond 2011, Gartner says the rise in tablet use will jump to 900 million by 2016.

These devices are not just becoming mainstream, they are penetrating nearly every aspect of our lives. More importantly, for many the line between personal and business devices has been blurred, or erased altogether. More often than not, a single device is used for both personal and business activities, with Gartner also predicting that 80 percent of professionals will use at least two personal devices to access corporate systems and data by 2014.

A couple weeks ago, a preview for a new movie by a famous actor playing himself as both the lead man and woman caught my attention. I like this actor and his movies are pretty funny, but it got me thinking…How many of these same movies have there been in the past with just a slight variation? How many people have paid to see, rent or own roughly the same movie with some alterations to make it seem new – either the actors change, the motivation for the characters change, the plot is slightly different? And, if this happens with movies then what about TV, music and books? I continued to ponder this, then it hit me that the same can be said for most of these art forms. We’ve seen countless TV shows about a group of friends living in close proximity to each other sharing life’s events, songs with the same message or similar notes and rhythms, books about spies, double crosses, wizards, vampires, but the stories all have strong commonalities.

The Internet has grown to be one of the most important information and business conduits the world has ever seen.  While it’s brought us amazing, new capabilities over the past 15 years or so, the Internet comes with its downside.  Much like the days when America was stretching itself from the east to the west, the “wild west” was a ripe playground for “bad” people. The same goes for the Internet.

It is a double-edged sword. We have amazing capabilities, but also a perfect landscape for lawlessness.  Hackers and cybercriminals have taken note. Today, they leverage the Internet to target specific individuals or groups of individuals at specific companies, get them to react to an email message thereby directing them to an attacker’s site and silently download malware to begin the process of gaining access and stealing data or IP.  What’s more, they’re automating their attacks. Sophisticated attackers are leveraging the power of scripting tools and computing power to call together vast amounts of computers to aide in perpetrating automated attacks.

The first half of 2011 has seen cybercriminals making headlines and wreaking havoc with major data breaches. For IT folks, every day likely feels like a fight to protect your company’s valuable data and you may begin to wonder if this is a battle that the good guys can win. My take is yes we can. But to do so, requires being one step ahead of the criminal minds.

The latest news on the malicious attacks front involves W32.Qakbot. Even though this worm has been around since at least 2009, people and organizations continue to be affected by this threat on an ongoing basis. Why? Because the malware authors behind Qakbot are aggressively seeking means to push this threat to a wider number of victims.

During the past few months, there have been high levels of active development from the malware author’s side with the intent of circumventing detection techniques used by various security software.