LAS VEGAS, Symantec Vision 2013 – April 16, 2013 — / — Symantec Corp.’s (Nasdaq: SYMC) Internet Security Threat Report, Volume 18 (ISTR) today revealed a 42 percent surge during 2012 in targeted attacks compared to the prior year. Designed to steal intellectual property, these targeted cyberespionage attacks are increasingly hitting the manufacturing sector as well as small businesses, which are the target of 31 percent of these attacks. Small businesses are attractive targets themselves and a way in to ultimately reach larger companies via “watering hole” techniques. In addition, consumers remain vulnerable to ransomware and mobile threats, particularly on the Android platform.

“This year’s ISTR shows that cybercriminals aren’t slowing down, and they continue to devise new ways to steal information from organizations of all sizes,” said Stephen Trilling, chief technology officer, Symantec. “The sophistication of attacks coupled with today’s IT complexities, such as virtualization, mobility and cloud, require organizations to remain proactive and use ‘defense in depth’ security measures to stay ahead of attacks.”

Read more detailed blog posts:

  • Information Unleashed: Internet Security Threat Report Volume 18
  • Threat Intel: 2013 ISTR Shows Changing Cybercriminal Tactics
  • The Confident SMB: SMBs – No Longer Invisible to the Bad Guys
  • Ask Marian: Debunking Cyber Security Myths
  • Click to Tweet: #ISTR #SYMC 42 percent increase in targeted attacks in 2012:
  • Click to Tweet: Small businesses are now the target of 31 percent of all attacks, a threefold increase from 2011
  • Click to Tweet: Ransomware is an emerging threat because of its high profitability for attackers:
  • Click to Tweet: Web-based attacks increased 30 percent in 2012 #ISTR #SYMC:
  • Click to Tweet: One watering hole attack infected 500 organizations in a single day:
  • Click to Tweet: #ISTR #SYMC Mobile malware increased by 58% in 2012:

Small Businesses Are the Path of Least Resistance
Targeted attacks are growing the most among businesses with fewer than 250 employees. Small businesses are now the target of 31 percent of all attacks, a threefold increase from 2011. While small businesses may feel they are immune to targeted attacks, cybercriminals are enticed by these organizations’ bank account information, customer data and intellectual property. Attackers hone in on small businesses that may often lack adequate security practices and infrastructure.

Web-based attacks increased by 30 percent in 2012, many of which originated from the compromised websites of small businesses. These websites were then used in massive cyber-attacks as well as “watering hole” attacks. In a watering hole attack, the attacker compromises a website, such as a blog or small business website, which is known to be frequently visited by the victim of interest. When the victim later visits the compromised website, a targeted attack payload is silently installed on their computer. The Elderwood Gang pioneered this class of attack; and, in 2012, successfully infected 500 organizations in a single day. In these scenarios, the attacker leverages the weak security of one business to circumvent the potentially stronger security of another business.

Manufacturing Sector and Knowledge Workers Become Primary Targets
Shifting from governments, manufacturing has moved to the top of the list of industries targeted for attacks in 2012. Symantec believes this is attributed to an increase in attacks targeting the supply chain – cybercriminals find these contractors and subcontractors susceptible to attacks and they are often in possession of valuable intellectual property. Often by going after manufacturing companies in the supply chain, attackers gain access to sensitive information of a larger company. In addition, executives are no longer the leading targets of choice. In 2012, the most commonly targeted victims of these types of attacks across all industries were knowledge workers (27 percent) with access to intellectual property as well as those in sales (24 percent).

Mobile Malware and Malicious Websites Put Consumers and Businesses at Risk
Last year, mobile malware increased by 58 percent, and 32 percent of all mobile threats attempted to steal information, such as e-mail addresses and phone numbers. Surprisingly, these increases cannot necessarily be attributed to the 30 percent increase in mobile vulnerabilities. While Apple’s iOS had the most documented vulnerabilities, it only had one threat discovered during the same period. Android, by contrast, had fewer vulnerabilities but more threats than any other mobile operating system. Android’s market share, its open platform and the multiple distribution methods available to distribute malicious apps, make it the go-to platform for attackers.

In addition, 61 percent of malicious websites are actually legitimate websites that have been compromised and infected with malicious code. Business, technology and shopping websites were among the top five types of websites hosting infections. Symantec attributes this to unpatched vulnerabilities on legitimate websites. In years passed, these websites were often targeted to sell fake antivirus to unsuspecting consumers. However, ransomware, a particularly vicious attack method, is now emerging as the malware of choice because of its high profitability for attackers. In this scenario, attackers use poisoned websites to infect unsuspecting users and lock their machines, demanding a ransom in order to regain access. Another growing source of infections on websites is malvertisements—this is when criminals buy advertising space on legitimate websites and use it to hide their attack code.

About the Internet Security Threat Report
The Internet Security Threat Report provides an overview and analysis of the year in global threat activity. The report is based on data from Symantec’s Global Intelligence Network, which Symantec analysts use to identify, analyze, and provide commentary on emerging trends in attacks, malicious code activity, phishing, and spam.

About Symantec
Symantec protects the world’s information, and is a global leader in security, backup and availability solutions. Our innovative products and services protect people and information in any environment – from the smallest mobile device, to the enterprise data center, to cloud-based systems. Our world-renowned expertise in protecting data, identities and interactions gives our customers confidence in a connected world. More information is available at or by connecting with Symantec at:

Note to Editors: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at All prices noted are in U.S. dollars and are valid only in the United States.

Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

Forward-looking Statements: Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and are subject to change. Any future release of the product or planned modifications to product capability, functionality, or feature are subject to ongoing evaluation by Symantec, and may or may not be implemented and should not be considered firm commitments by Symantec and should not be relied upon in making purchasing decisions.

TECHNORATI TAGS: Symantec, cybercrime, data breaches, malicious code, targeted attacks, hackers, Internet security, mobile threats, malware, watering hole attacks

Media Contacts:

Source: Symantec


General Tags: compare online backups, online file storage, data security, online backup reviews, online backup, CEO interviews, data storage, software as a service, online backup companies, online backup news, online file backup, online backup providers directory, online data backup, online backup services, backing up online, top rated online backups, cloud computing, SaaS

Like us on Facebook

Do you like this post? Subscribe to our RSS feed ===========================


Related posts:

  1. Kaspersky Lab IT Threat Evolution Report: Attacks Leveraging Microsoft Office Exploits Grew Fourfold in Q1 2018
  2. Kaspersky Lab Reports Malicious Attack Increase in Q1 IT Threat Evolution Report
  3. Kaspersky Lab Reveals Latest Cyberespionage Tactics: Complexity Versus Functionality
  4. Kaspersky Lab Survey: Substantial Increase in Targeted Attacks Against Businesses
  5. Symantec-Sponsored Ponemon Report Finds Negligent Employees Top Cause of Data Breaches in the U.S. While Malicious Attacks Most Costly
  6. Kaspersky Lab Releases Q2 IT Threat Evolution Report for 2015
  7. Symantec Survey Reveals Online File Sharing Poses Great Security Risks to SMBs
  8. Akamai Publishes Q2 2011 State of the Internet Report, Including 100 Fastest Cities Worldwide
  9. Botnet DDoS Attacks in Q1: Decrease in Length, Increase in Number
  10. Report Finds 18% Rise in DDoS Attacks in Q2 2019