Symantec Corp.'s Internet Security Threat Report, Volume 18 (ISTR) has revealed a 42 percent surge during 2012 in targeted attacks compared to the prior year.
The report said the attacks were designed to steal intellectual property and were increasingly hitting the manufacturing sector as well as small businesses, which are the target of 31 percent of the attacks.
In addition, consumers remain vulnerable to ransomware and mobile threats, particularly on the Android platform, the report said.
"Cyber-criminals aren't slowing down at all and instead, they are continuing to innovate new ways to steal valuable information from organizations of all sizes. This year's ISTR shows that the growing sophistication of attacks coupled with today's IT complexities, such as virtualization, mobility and cloud, require businesses to remain proactive and use 'defence in depth' security measures to stay ahead of the threat curve," said Eric Hoh, Symantec's vice president for Asia South Region.
Pramut Sriwichian, Symantec's country manager for Thailand the Internet security threat profile in Thailand has remained fairly constant (ranked 30th in 2011 and 2012 respectively) but threats to online security have grown and evolved.
"SMBs in particular, are more susceptible to targeted attacks than larger ones and cyber-criminals are showing increased interest in them. In Thailand, we are observing a similar trend - 64.61 percent of businesses with fewer than 250 employees are hit by spam attacks. SMBs need to realize that they are not immune to attacks targeted at them and adopt security best practices to protect their information assets," Pramut said.
ISTR 18 Key Highlights Include:
Small Businesses Are the Path of Least Resistance
Targeted attacks are growing the most among businesses with fewer than 250 employees. Small businesses are now the target of 31 percent of all attacks, a threefold increase from 2011. While small businesses may feel they are immune to targeted attacks, cyber-criminals are enticed by these organizations' bank account information, customer data and intellectual property. Attackers hone in on small businesses that may often lack adequate security practices and infrastructure.
Web-based attacks increased by 30 percent in 2012, many of which originated from the compromised websites of small businesses. These websites were then used in massive cyber-attacks as well as "watering hole" attacks. In a watering hole attack, the attacker compromises a website, such as a blog or small business website, which is known to be frequently visited by the victim of interest. When the victim later visits the compromised website, a targeted attack payload is silently installed on their computer. The Elderwood Gang pioneered this class of attack; and, in 2012, successfully infected 500 organizations in a single day. In these scenarios, the attacker leverages the weak security of one business to circumvent the potentially stronger security of another business.
Manufacturing Sector and Knowledge Workers Become Primary Targets
Shifting from governments, manufacturing has moved to the top of the list of industries targeted for attacks in 2012. Symantec believes this is attributed to an increase in attacks targeting the supply chain - cyber-criminals find these contractors and subcontractors susceptible to attacks and they are often in possession of valuable intellectual property. Often by going after manufacturing companies in the supply chain, attackers gain access to sensitive information of a larger company. In addition, executives are no longer the leading targets of choice. In 2012, the most commonly targeted victims of these types of attacks across all industries were knowledge workers (27 percent) with access to intellectual property as well as those in sales (24 percent).
Mobile Malware and Malicious Websites Put Consumers and Businesses at Risk
Last year, mobile malware increased by 58 percent, and 32 percent of all mobile threats attempted to steal information, such as e-mail addresses and phone numbers. Surprisingly, these increases cannot necessarily be attributed to the 30 percent increase in mobile vulnerabilities. While Apple's iOS had the most documented vulnerabilities, it only had one threat discovered during the same period. Android, by contrast, had fewer vulnerabilities but more threats than any other mobile operating system. Android's market share, its open platform and the multiple distribution methods available to distribute malicious apps, make it the go-to platform for attackers.
In addition, 61 percent of malicious websites are actually legitimate websites that have been compromised and infected with malicious code. Business, technology and shopping websites were among the top five types of websites hosting infections. Symantec attributes this to unpatched vulnerabilities on legitimate websites. In years passed, these websites were often targeted to sell fake antivirus to unsuspecting consumers. However, ransomware, a particularly vicious attack method, is now emerging as the malware of choice because of its high profitability for attackers. In this scenario, attackers use poisoned websites to infect unsuspecting users and lock their machines, demanding a ransom in order to regain access. Another growing source of infections on websites is malvertisements—this is when criminals buy advertising space on legitimate websites and use it to hide their attack code.
Latest stories in this category
- Symantec Internet Security Threat Report reveals increase in..
- Symantec Corp.'s Internet Security Threat Report,..
- Why SaaS makes sense!
- IBM Research makes world's smallest movie using..
We Recommend
- Social media is becoming a great leveller
- The latest and most controversial speech of Prime..
- BOT, Finance agree on forex policy
- Thai society sees women 'as lowly'
Comments conditions
Users are solely responsible for their comments.We reserve the right to remove any comment and revoke posting rights for any reason withou prior notice.
Article source: http://www.thethailandlinks.com/2013/05/10/symantec-internet-security-threat-report-reveals-increase-in-cyber-espionage/
0 comments:
Post a Comment