View
234
Download
6
Tags:
Embed Size (px)
Citation preview
Symantec Internet Security Threat Report 1
Symantec Security Intelligence
Internet Security Threat ReportVolume XVI
June, 2011
Tiffany JonesDirector – Programs and StrategySymantec Public Sector Division
Global Intelligence NetworkIdentifies more threats, takes action faster & prevents impact
Information ProtectionPreemptive Security Alerts Threat Triggered Actions
Global Scope and ScaleWorldwide Coverage 24x7 Event Logging
Rapid Detection
Attack Activity• 240,000 sensors• 200+ countries
Malware Intelligence• 133M client, server,
gateways monitored• Global coverage
Vulnerabilities• 40,000+ vulnerabilities• 14,000 vendors• 105,000 technologies
Spam/Phishing• 5M decoy accounts• 8B+ email messages/day• 1B+ web requests/day
Austin, TXMountain View, CACulver City, CA
San Francisco, CA
Taipei, Taiwan
Tokyo, Japan
Dublin, IrelandCalgary, Alberta
Chengdu, China
Chennai, India
Pune, India
3Symantec Internet Security Threat Report
Threat Activity TrendsAV Signatures in Perspective
Symantec Internet Security Threat Report 5
3.1B
286M
Malware Variants Malware AttacksSignatures10M
10M
Threat Landscape2010 Trends
Symantec Internet Security Threat Report (ISTR), Volume 16 7
Social Networking
+ social engineering = compromise
Attack Kits get a caffeine boost
Targeted Attacks continued to evolve
Hide and Seek
(zero-day vulnerabilities and rootkits)
Mobile Threats increase
Threat Landscape Targeted attacks continue to evolve
Symantec Internet Security Threat Report 8
• High profile targeted attacks in 2010 – Hydraq and Stuxnet – raised awareness of the consequences of APTs
• Stuxnet signaled a leap in the sophistication of these types of attacks– Four zero-day vulnerabilities
– Stolen digital signatures
– Ability to “leap” the air gap
– Potential damage to infrastructure
Detailed review in the:W32.Stuxnet Dossier& W32.Stuxnet
More Info:
Threat Landscape Targeted attacks continue to evolve
Symantec Internet Security Threat Report 9
• Less sophisticated attacks also cause significant damage
• The average cost to resolve a data breach in 2010 was $7.2 million USD.
Average Number of Identities Exposed per Data Breach by Cause
Threat Landscape Social networking + social engineering = compromise
Symantec Internet Security Threat Report 10
• Hackers have adopted social networking – Use profile information to create targeted social engineering
– Impersonate friends to launch attacks
– Leverage news feeds to spread SPAM, scams and massive attacks
Detailed review of Social Media threats available in The Risks of Social Networking
More Info:
Threat Landscape Social networking + social engineering = compromise
Symantec Internet Security Threat Report 11
• Shortened URLs hide malicious links, increasinginfections
• Shortened URLS leading to malicious websites observed on social networking sites, 73% were clicked 11 times or more
Regular URL35%
Short URL65%
Threat Landscape Hide and seek (zero-day vulnerabilities and rootkits)
• Although the short term trend in exploitsof zero-days vulnerabilities is up, the long term is not
• Nevertheless, zero daysare being used in amore aggressive way, e.g. they featured heavilyin the targeted attacksof 2010
• Attack toolkits help to spread knowledge of exploits that leverage vulnerabilities• Rootkits taking more aggressive hold
– Tidserv, Mebratix, and Mebroot are current front-runners
Symantec Internet Security Threat Report 12
Number of documented ‘zero-day’ vulnerabilities
Threat Landscape Attack kits get a caffeine boost
Symantec Internet Security Threat Report 13
• Attack kits continue to see widespread use – 61% of web based attacks are due to toolkits.
• Java exploits added to many existing kits• Kits exclusively exploiting Java vulnerabilities appeared
More Info:
Detailed information available in ISTR Mid-Term: Attack Toolkits and Malicious Websites
Threat Landscape Mobile threats• Currently most malicious code for mobile devices consists of
Trojans that pose as legitimate applications
• Will be increasingly targeted as they are used for financial transactions
Symantec Internet Security Threat Report 14
More Info:
Security Issues for Mobile Devices and a review of Apple iOS and Google Android
163 vulnerabilities
2010
115 vulnerabilities
2009
42% increase
Threat Activity TrendsMalicious Activity by Country
Symantec Internet Security Threat Report (ISTR), Volume 16 16
Threat Activity TrendsMalicious Activity by Country
Symantec Internet Security Threat Report 17
• The US is the main source of bot-infected computers
• Higher broadband capacity allows more attacks per second
• Large-scale attacks using the ZeuS attack kit contributed to the high-ranking of China for Web-based attacks.
For the botnet associated with the Tidserv Trojan over half of all infected computers are in the US.
Threat Activity TrendsMalicious Activity by Country
Symantec Internet Security Threat Report 18
• Spam zombies dropped significantly in China but continue to be a major source of malicious activity in Brazil.
• Phishing host in a country are tied to the broadband connectivity in that country as well as web hosting providers. Many phishing sites are hosted on free web space provided by ISPs.
New regulations requiring ISPs to register email servers and maintain logs in China likely contributed to this drop
Threat Activity TrendsData Breaches by Sector• Top three sectors only accounted for a
quarter of all identities exposed
• The average cost to resolve a data breach in 2010 was $7.2 million USD
• Customer data accounted for 85% of identities exposed
Symantec Internet Security Threat Report 19
Average Number of Identities Exposed per Data Breach by Sector
Average Number of Identities Exposed per Data Breach by Cause
Volume of Data Breaches by Sector
Malicious Code TrendsThreats to confidential information• 64% of potential infections by the top 50 malicious code
samples were threats to confidential information • Malicious code that allows remote access accounted for 92% of
threats to confidential information in 2010, up from 85%
Symantec Internet Security Threat Report 22
Fraud Activity TrendsPhishing categories• Banks were spoofed by 56% of phishing attacks• Many email-based fraud attempts referred to major events in
2010
Symantec Internet Security Threat Report 23
Fraud Activity TrendsSpam by category• Approximately three quarters of all spam in 2010 was related to
pharmaceutical products • Symantec estimates that 95.5 billion spam emails were sent
globally each day in 2010
Symantec Internet Security Threat Report 25
Defenses Against Targeted Attacks
• Detect and block new and unknown threats based on reputation and ranking
Advanced Reputation Security
• Implement host lock-down as a means of hardening against malware infiltration
Host Intrusion Prevention
• Restrict removable devices and functions to prevent malware infection
Removable Media Device Control
• Scan and monitor inbound/outbound email and web traffic and block accordingly
Email & Web Gateway Filtering
• Discover data spills of confidential information that are targeted by attackers
Data Loss Prevention
• Create and enforce security policy so all confidential information is encrypted
Encryption
• Monitor for network intrusions, propagation attempts and other suspicious traffic patterns
Network Threat and Vulnerability Monitoring
Symantec Internet Security Threat Report (ISTR), Volume 16 27