2012 Trends, Volume 18, Published April 2013 INTERNET SECURITY THREAT REPORT GOVERNMENT 2013 p. 2 Symantec Corporation Internet Security Threat Report 2013 :: Volume 18 CONTENTS 03 Introduction 31 Social Networking, Mobile, and the Cloud 04 Executive Summary 32 Introduction 32 Data 06 2012 Security Timeline 35 Analysis 09 2012 in Numbers 35 Spam and Phishing Move to Social Media 37 Mobile Threats 13 Targeted Attacks, Hacktivism, and Data Breaches 38 Cloud Computing Risks 14 Introduction 14 Data 40 Malware, Spam, and Phishing 17 DDoS Used as a Diversion 41 Introduction 17 Data Breaches 42 Data 19 Analysis 42 Spam 19 Cyberwarfare, Cybersabotage, and Industrial Espionage 45 Phishing 20 Advanced Persistent Threats and Targeted Attacks 46 Malware 20 Social Engineering and Indirect Attacks 48 Website Exploits by Type of Website 21 Watering Hole Attacks 49 Analysis 49 Macs Under Attack 23 Vulnerabilities, Exploits, and Toolkits 50 Rise of Ransomware 24 Introduction 51 Long-term Stealthy Malware 24 Data 51 Email Spam Volume Down 26 Analysis 51 Advanced Phishing 26 Web-based Attacks on the Rise 27 The Arms Race to Exploit New Vulnerabilities 53 Looking ahead 27 Malvertising and Website Hacking 56 Endnotes 28 Web Attack Toolkits 57 Appendix 29 Website Malware Scanning and Website Vulnerability Assessment 29 The Growth of Secured Connections 29 Norton Secured Seal and Trust Marks 29 Stolen Key-signing Certificates p. 3 Symantec Corporation Internet Security Threat Report 2013 :: Volume 18 Introduction Symantec has established some of the most In addition, Symantec maintains one of the world’s most comprehensive vulnerability databases, currently consisting of comprehensive sources of Internet threat more than 51,644 recorded vulnerabilities (spanning more than data in the world through the Symantec™ two decades) from over 16,687 vendors representing over 43,391 Global Intelligence Network, which is made products. Spam, phishing, and malware data is captured through a variety up of approximately 69 million attack of sources, including the Symantec Probe Network, a system sensors and records thousands of events of more than 5 million decoy accounts; Symantec.cloud and per second. This network monitors threat a number of other Symantec security technologies. Skeptic™, the Symantec.cloud proprietary heuristic technology, is able to activity in over 157 countries and territories detect new and sophisticated targeted threats before reaching through a combination of Symantec customers’ networks. Over 3 billion email messages and more than 1.4 billion Web requests are processed each day across products and services such as Symantec 14 data centers. Symantec also gathers phishing information DeepSight™ Threat Management System, through an extensive antifraud community of enterprises, Symantec™ Managed Security Services and security vendors, and more than 50 million consumers. Norton™ consumer products, and other Symantec Trust Services provides 100 percent availability and processes over 4.5 billion Online Certificate Status Protocol third-party data sources. (OCSP) look-ups per day, which are used for obtaining the revocation status of X.509 digital certificates around the world. These resources give Symantec’s analysts unparalleled sources of data with which to identify, analyze, and provide informed commentary on emerging trends in attacks, malicious code activity, phishing, and spam. The result is the annual Symantec Internet Security Threat Report, which gives enterprises, small businesses, and consumers the essential information to secure their systems effectively now and into the future. p. 4 Symantec Corporation Internet Security Threat Report 2013 :: Volume 18 Executive Summary Internet security threats are a growing and unique challenge to governments and public sector organizations. First, they must protect themselves against the same threats as the business sector: malware, data theft, vandalism, and hacktivism. Then they are targets in their own right for persistent attacks, espionage, and potentially even cyber attacks. Finally, government bodies, in collaboration with the private sector, have a responsibility to protect citizens, the economy, and national infrastructure against attack by hostile governments and non-state actors such as terrorist groups, often in collaboration with the private sector. 1 In a recent speech to business executives, the U.S. Secretary of Defense summarized the 01 See http://www.defense. threat in powerful terms: gov/transcripts/transcript. aspx?transcriptid=5136. “I know that when people think of cybersecurity today, they worry about hackers and criminals who prowl the Internet, steal people’s identities, steal sensitive business information, steal even national security secrets. Those threats are real and they exist today. But the even greater danger – the greater danger facing us in cyberspace goes beyond crime and it goes beyond harassment. A cyber attack perpetrated by nation states [and] violent extremists groups could be as destructive as the terrorist attack on 9/11. Such a destructive cyber- terrorist attack could virtually paralyze the nation.” The most important trends in 2012 were: Cyberespionage and Targeted Attacks on the Rise Specialist Information Brokers We saw a 42 percent increase in targeted attacks with more It looks increasingly likely that specialist information brokerage attacks aimed at smaller businesses, perhaps using them businesses are the hired guns of cyberespionage. The scope and as a Trojan horse into their customers. This suggests that scale of attacks suggest that well-resourced organizations are organizations need to pay attention to the security of their able to attack dozens of targets simultaneously and continuously entire supplier ecosystem as well as their own systems. research new zero-day attacks and attack software. Attackers focus their attacks on junior employees just as much (if not more) as they do on executives and VIPs, often because their accounts are less well protected. Attackers Moving Away from Email Attackers continued to develop increasingly sophisticated ways Spam rates are down 29 percent, phishing attempts are down to to infiltrate protected systems. For example, they started using one in 608 emails, and one in 291 emails contains a virus. While watering hole attacks, a technique where malware on infected these attacks are in relative decline, social media is a new and third-party websites is used to target employees who might visit growing battlefield. On the face of it, social networking doesn’t those websites. In this type of attack, attackers might infect appear to be a threat for the public sector but in reality it gives lobby groups or policy think tanks to infect government workers attackers a treasure trove of personal information for identity who might browse their sites. theft and targeted attacks. It’s also a new way to install malware on people’s computers. p. 5 Symantec Corporation Internet Security Threat Report 2013 :: Volume 18 Ill-protected Websites Put Us at Risk Data Breaches Gain Focus We saw a threefold increase in the number of Web-based At first glance, the numbers for data breaches paint a picture attacks. Online criminals are using different techniques of an attack method in decline: there were fewer high-profile to infect legitimate websites, including attack toolkits and attacks, and the average number of identities exposed is down malvertising. A line or two of code on a Web page can be very significantly. Where there were 1.1 million identities exposed difficult to detect and it can infect thousands of visitors a day. per breach in 2011, this number decreased by nearly half, Websites that are not well protected put other Web users at to 604,826 in 2012. These numbers are likely down due to a risk. As with watering hole attacks, the vulnerability of websites concerted effort by hacker groups Anonymous and LULZSec to provides attackers with new and rapidly evolving ways to target publicize hacks during 2011—something that was not seen to individuals and organizations. the same extent in 2012. However, the global median is up, from 2,400 to 8,350 identities stolen per breach. Government agencies are particularly attractive targets for data thieves because they Zero-day Vulnerabilities often hold valuable intellectual property (for example, patent There were more zero-day vulnerabilities found actively being offices) or personal information (for example, tax offices). exploited in the wild than in years past. These are cases where an attack exploits a previously unknown vulnerability, as opposed to after a patch is made available by the vendor. While there were 8 zero-day vulnerabilities discovered in 2011, 14 were found in The U.S. government has been warning public sector 2012. The rise of zero-day attacks and polymorphic malware organizations for several years about the whole spectrum of renders moot any defense based purely on virus signature Internet security threats. More recently, other governments recognition; organizations need multi-layered defenses. have started addressing the issue. Governments around the world are waking up to the need to educate their constituents Mac Attacks about security and devote resources to improving defenses. Failure threatens more than a “cyber Pearl Harbor”; it could 2012 was the end of the era in which Mac® computer users mean a loss of economic competitiveness and long-term could plausibly claim immunity from malware. At least 600,000 economic decline. Mac users were infected
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages160 Page
-
File Size-