2013 Trends, Volume 19, Published April 2014 INTERNET SECURITY THREAT REPORT APPENDIX 2014 p. 2 Symantec Corporation Internet Security Threat Report 2014 :: Volume 19 CONTENTS 5 APPENDIX :: A 20 Malicious Web Activity: Malicious Code By Number of Infections per Site THREAT ACTIVITY TRENDS for Top-Five Most Frequently Exploited Categories 6 Threat Activity Trends 20 Malicious Web Activity: Malicious Code by Number of Infections per Site 7 Malicious Activity by Source 21 Malicious Web Activity: Fake Antivirus by Category 8 Malicious Activity by Source: 22 Malicious Web Activity: Browser Exploits by Category Overall Rankings, 2012–2013 23 Malicious Web Activity: Social Networking Attacks by Category 8 Malicious Activity by Source: Malicious Code, 2012–2013 24 Bot-Infected Computers 9 Malicious Activity by Source: 24 Top-Ten Bot Locations by Average Lifespan Phishing Hosts, 2012–2013 of Bot, 2012–2013 9 Malicious Activity by Source: Spam Zombies, 2012–2013 26 Denial of Service Attacks 10 Malicious Activity by Source: Web Attack Origins, 2012–2013 30 Analysis of Mobile Threats 30 Android Mobile Threats: 10 Malicious Activity by Source: Newly Discovered Malicious Code, 2012–2013 Bots, 2012–2013 31 Mobile Threats: Malicious Code by Platform, 2013 11 Malicious Activity by Source: Network Attack Origins, 2012–2013 31 Android Mobile Threats: Average Number of Malware Variants 12 Malicious Web-Based Attack Prevalence per Family, 2012–2013 12 Malicious Website Activity, 2012–2013 32 Mobile Threats: Malicious Code Actions in Malware, 2012–2013 14 Analysis of Malicious Web Activity 32 Mobile Threats: by Attack Toolkits Malicious Code Actions – Additional Detail, 2012–2013 14 Malicious Website Activity: 33 Mobile Threats: Attack Toolkit Trends Documented Mobile Vulnerabilities by Platform 15 Malicious Website Activity: 33 Mobile Threats: Overall Frequency of Major Attack Toolkits Documented Mobile Vulnerabilities by Month 16 Analysis of Web-Based Spyware, Adware, 36 Quantified Self – A Path to Self-Enlightenment and Potentially Unwanted Programs or Just Another Security Nightmare? 16 Potentially Unwanted Programs: Spyware and Adware Blocked 37 Data Breaches that could lead to Identity Theft 38 Timeline of Data Breaches 17 Analysis of Web Policy Risks Showing Identities Breached in 2013, Global from Inappropriate Use 39 Data Breach Incidents by Sector 17 Web Policies that Triggered Blocks, 2012–2013 40 Identities Exposed by Sector 19 Analysis of Website Categories Exploited 41 Average Number of Identities Exposed to Deliver Malicious Code per Data Breach by Notable Sector 19 Malicious Web Activity: 42 Top Causes for Data Breach by Number of Breaches Categories that Delivered Malicious Code 42 Top Causes for Data Breaches by Number of Identities Exposed p. 3 Symantec Corporation Internet Security Threat Report 2014 :: Volume 19 43 Types of Information Exposed by Data Breach 77 APPENDIX :: C 43 Average Number of Identities Exposed SPAM + FRAUD per Data Breach, by Cause ACTIVITY TRENDS 44 Threat of the Insider 78 Spam and Fraud Activity Trends 45 Gaming Attacks 79 Analysis of Spam Activity Trends 46 The New Black Market 79 Global Spam Volume in Circulation 80 Proportion of Email Traffic Identified as Spam, 2012–2013 48 Footnotes 81 Analysis of Spam Activity by Geography, Industry Sector, and Company Size 49 APPENDIX :: B 81 Proportion of Email Traffic Identified as Spam MALICIOUS CODE TRENDS by Industry Sector 82 Proportion of Email Traffic Identified as Spam 50 Malicious Code Trends by Organization Size 51 Top Malicious Code Families 82 Proportion of Email Traffic Identified as Spam by Geographic Location 52 Overall Top Malicious Code Families 53 Relative Proportion of Top-Ten Malicious Code Blocked 83 Analysis of Spam Delivered by Botnets in Email Traffic by Symantec.cloud in 2013, 83 Top Sources of Botnet Spam by Location by Percentage and Ratio 84 Analysis of Spam-Sending Botnet Activity 53 Malicious Code Blocked in Email Traffic at the End of 2013 by Symantec.cloud, 2012–2013 54 Relative Proportion of Top-Ten Malicious Code Blocked 85 Significant Spam Tactics in Web Traffic by Symantec.cloud in 2013, 85 Frequency of Spam Messages by Size by Percentage and Ratio 85 Proportion of Spam Messages Containing URLs 56 Analysis of Malicious Code Activity 86 Analysis of Top-Level Domains Used in Spam URLs by Geography, Industry Sector, and Company Size 57 Proportion of Email Traffic Identified as Malicious 87 Analysis of Spam by Categorization by Industry Sector 88 Spam by Category 57 Proportion of Email Traffic Identified as Malicious by Organization Size 89 Phishing Activity Trends 89 Phishing Rate, 2012–2013 58 Propagation Mechanisms 90 Phishing Category Types, Top 200 Organizations 58 Propagation Mechanisms 90 Tactics of Phishing Distribution 60 Email-Targeted Spear-Phishing Attacks Intelligence 92 Analysis of Phishing Activity by Geography, 68 Miniduke Sample of Email Subjects, Documents, and MD5s Industry Sector, and Company Size 71 Elderwood Sample of Email Subjects, 92 Proportion of Email Traffic Identified as Phishing Documents, and MD5s by Industry Sector 74 APT1 Sample of Email Subjects, Documents, and MD5s 92 Proportion of Email Traffic Identified as Phishing by Organization Size 76 Footnotes 93 Proportion of Email Traffic Identified as Phishing by Geographic Location 94 New Spam Trend: BGP Hijacking 99 Footnotes p. 4 Symantec Corporation Internet Security Threat Report 2014 :: Volume 19 100 APPENDIX :: D VULNERABILITY TRENDS 101 Vulnerability Trends 102 Total Number of Vulnerabilities 102 Total Vulnerabilities Identified 2006–2013 103 New Vulnerabilities Month-by-Month, 2012–2013 103 Most Frequently Attacked Vulnerabilities 105 Zero-Day Vulnerabilities 105 Volume of Zero-Day Vulnerabilities, 2006–2013 106 Zero-Day Vulnerabilities Identified 108 Web Browser Vulnerabilities 108 Browser Vulnerabilities, 2011–2013 109 Web Browser Plug-in Vulnerabilities 109 Browser Plug-In Vulnerabilities, 2012–2013 111 Web Attack Toolkits 112 SCADA Vulnerabilities 112 SCADA Vulnerabilities Identified 114 Footnotes 115 About Symantec 115 More Information p. 5 Symantec Corporation Internet Security Threat Report 2014 :: Volume 19 APPENDIX A :: THREAT ACTIVITY TRENDS THREAT ACTIVITY TRENDS THREAT APPENDIX :: A p. 6 Symantec Corporation Internet Security Threat Report 2014 :: Volume 19 APPENDIX A :: THREAT ACTIVITY TRENDS Threat Activity Trends The following section of the Symantec Global Internet Security Threat Report provides an analysis of threat activity, data breaches, and web-based attacks, as well as other malicious actions that Symantec observed in 2013. The malicious actions discussed in this section also include phishing, malicious code, spam zombies, bot-infected computers, and attack origins. Attacks are defined as any malicious activity carried out over a network that has been detected by an intrusion detection system (IDS) or firewall. Definitions for the other types of malicious activities can be found in their respective sections within this report. This section will discuss the following metrics, providing analysis and discussion of the trends indicated by the data: • Malicious Activity by Source • Malicious Web-Based Attack Prevalence • Analysis of Malicious Web Activity by Attack Toolkits • Analysis of Web-Based Spyware, Adware, and Potentially Unwanted Programs • Analysis of Web Policy Risks from Inappropriate Use • Analysis of Website Categories Exploited to Deliver Malicious Code • Bot-Infected Computers • Denial of Service Attacks • Analysis of Mobile Threats • Quantified Self – A Path to Self-Enlightenment or Just Another Security Nightmare? • Data Breaches That Could Lead to Identity Theft • Threat of the Insider • Gaming Attacks • The New Black Market p. 7 Symantec Corporation Internet Security Threat Report 2014 :: Volume 19 APPENDIX A :: THREAT ACTIVITY TRENDS Malicious Activity by Source Background Methodology Malicious activity usually affects computers that are connected These metrics assess the sources from which the largest to high-speed broadband Internet because these connections are amount of malicious activity originates. To determine malicious attractive targets for attackers. Broadband connections provide activity by source, Symantec has compiled geographical data on larger bandwidth capacities than other connection types, numerous malicious activities, namely: malicious code reports, including faster speeds, the potential of constantly connected spam zombies, phishing hosts, bot-infected computers, network systems, and a typically more stable connection. Symantec attack origins, and web-based attack origins. The proportion of categorizes malicious activities as follows: each activity originating in each source is then determined. The mean of the percentages of each malicious activity that origi- • Malicious code: This includes programs such as viruses, nates in each source is calculated. This average determines the worms, and Trojans that are covertly inserted into programs. proportion of overall malicious activity that originates from the The purpose of malicious code includes destroying data, source in question, and the rankings are determined by calcu- running destructive or intrusive programs, stealing sensitive lating the mean average of the proportion of these malicious information, and compromising the security or integrity of a activities that originated in each source. victim’s computer data. • Spam zombies: These are remotely controlled, compromised systems specifically designed to send out large volumes
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages116 Page
-
File Size-