INTERNET SECURITY THREAT REPORT - Icscsi
INTERNETSECURITYTHREATREPORT2011 TrendsVolume 17Published April 2012
INTERNET SECURITY THREAT REPORTPaul WoodExecutive EditorManager, Cyber Security IntelligenceSecurity Technology and ResponseGerry EganSr. Director, Product ManagementSecurity Technology and ResponseKevin HaleyDirector, Product ManagementSecurity Technology and ResponseTuan-Khanh TranGroup Product ManagerSecurity Technology and ResponseOrla CoxSr. Manager, Security OperationsSecurity Technology and ResponseHon LauManager, DevelopmentSecurity Technology and ResponseCandid WueestPrincipal Software EngineerSecurity Technology and ResponseDavid McKinneyPrincipal Threat AnalystSecurity Technology and ResponseTony MillingtonAssociate Software EngineerSecurity Technology and ResponseBenjamin NahorneySenior Information DeveloperSecurity Technology and ResponseJoanne MulcahyTechnical Product ManagerSecurity Technology and ResponseJohn HarrisonGroup Product ManagerSecurity Technology and ResponseThomas ParsonsDirector, DevelopmentSecurity Technology and ResponseAndrew WatsonSr. Software EngineerSecurity Technology and Response2Symantec CorporationMathew NisbetMalware Data AnalystSecurity Technology and ResponseNicholas JohnstonSr. Software EngineerSecurity Technology and ResponseBhaskar KrishnappaSr. Software EngineerSecurity Technology and ResponseIrfan AsrarSecurity Response ManagerSecurity Technology and ResponseSean HittelPrincipal Software EngineerSecurity Technology and ResponseEric ChienTechnical DirectorSecurity Technology and ResponseEric ParkSr. Business Intelligence AnalystAnti-Spam EngineeringMathew ManiyaraSecurity Response AnalystAnti-Fraud ResponseOlivier ThonnardSr. Research EngineerSymantec Research LaboratoriesPierre-Antoine VervierNetwork Systems EngineerSymantec Research LaboratoriesMartin LeeSr. Security AnalystSymantec.cloudDaren LewisPrincipal Strategic Planning SpecialstSymantec.cloudScott WallaceSr. Graphic Designer
INTERNET SECURITY THREAT REPORTTable Of ContentsIntroduction 52011 By Month 62011 In Numbers 9ConsumerizationAnd Mobile Computing:Balancing The RisksAnd Benefits In The Cloud 25Risks With ‘Bring Your Own Device’ 25Threats Against Mobile Devices 25Consumerization Of It And Cloud Computing 26Executive Summary 12Quick Response (QR) codes 27What Mobile Malware Does With Your Phone 27Confidence In The Cloud: Balancing Risks 28Safeguarding Secrets:Industrial EspionageIn Cyberspace 14Spam Activity Trends 29Cyber-Espionage In 2011 14Spam In 2011 29Advanced Persistent Threats 15Targeted Attacks 16Case Study 16Where Attacks Come From 19Impact Of Botnets On Spam 30The Changing Face Of Spam 30URL Shortening And Spam 31Malicious Code Trends 32Against The Breach:Securing TrustAnd Data Protection 20Malware In 2011 32Data Breaches In 2011 21Border Gateway Protocol(BGP) Hijacking 35Certificate Authorities Under Attack 23Building Trust And SecuringThe Weakest Links 24Website Malware 33Email-Borne Malware 34Polymorphic Threats 35Dangerous Web Sites 36Exploiting The Web: Attack Toolkits,Rootkits And Social Networking Threats 37Macs Are Not Immune 38Rootkits 39Social Media Threats 39Symantec Corporation3
INTERNET SECURITY THREAT REPORTClosing The WindowOf Vulnerability: ExploitsAnd Zero-Day Attacks 40Best Practice GuidelinesFor Businesses 44Number Of Vulnerabilities 40Best Practice GuidelinesFor Consumers 46Weaknesses in CriticalInfrastructure Systems 41Old Vulnerabilities Are Still Under Attack 41Web Browser Vulnerabilities 41New Zero-day VulnerabilitiesCreate Big Risks 42Conclusion:What’s Ahead In 2012 43More Information 48About Symantec 48Endnotes 49FiguresFigure 1Figure 10Targeted Attacks Trend Showing AverageNumber Of Attacks Identified Each Month, 2011 15Key Functionality Of Mobile Risks 27Figure 2Percentage Of Email Identified As Spam, 2011 30Targeted Email Attacks,By Top-Ten Industry Sectors, 2011 16Figure 3Attacks By Size Of Targeted Organization 17Figure 4Analysis Of Job FunctionsOf Recipients Being Targeted 18Figure 5Geographical LocationsOf Attackers’ IP Addresses 19Figure 6Figure 11Figure 12Top Ten Spam Email Categories, 2010-2011 31Figure 13Average Number Of Malicious Web SitesIdentified Per Day, 2011 33Figure 14Ratio Of Malware In Email Traffic, 2011 34Figure 15Rise In Email-Borne Bredolab PolymorphicMalware Attacks Per Month, 2011 35Timeline Of Data BreachesShowing Identities Breached In 2011 21Figure 16Figure 7Figure 17Top-Ten SectorsBy Number Of Data Breaches, 2011 22Macdefender Trojan Screenshot 38Figure 18Figure 8Total Number Of Vulnerabilities Identified,2006-2011 40Top-Ten SectorsBy Number Of Identities Exposed, 2011 andattacks on Certificate Authorities made the headlines in 2011. Looking back at the year, we saw a numberof broad trends, including (in roughly the order they are covered in the main report):Malicious Attacks Skyrocket By 81%In addition to the 81% surge in attacks, the number of uniquemalware variants also increased by 41% and the number ofWeb attacks blocked per day also increased dramatically, by36%. Greater numbers of more widespread attacks employedadvanced techniques, such as server-side polymorphism tocolossal effect. This technique enables attackers to generatean almost unique version of their malware for each potentialvictim.At the same time, Spam levels fell considerably and the report shows a decrease in total new vulnerabilities discovered(-20%). These statistics compared to the continued growthin malware paint an interesting picture. Attacks are rising, but the number of new vulnerabilities is decreasing.Unfortunately, helped by toolkits, cyber criminals are able toefficiently use existing vulnerabilities. The decrease in Spam- another popular and well known attack vector did not impactthe number of attacks. One reason is likely the vast adoptionof social networks as a propagation vector. Today these sitesattract millions of users and provide fertile ground for cybercriminals. The very nature of social networks make usersfeel that they are amongst friends and perhaps not at risk.Unfortunately, it’s exactly the opposite and attackers are turning to these sites to target new victims. Also, due to social engineering techniques and the viral nature social networks, it’smuch easier for threats to spread from one person to the next.12Symantec CorporationCyber Espionage And Business:Targeted Attacks Target EveryoneWe saw a rising tide of advanced targeted attacks in 2011 (94per day on average at the end of November 2011). The reportdata also showed that targeted threats are not limited to theEnterprises and executive level personnel. 50% of attacks focused on companies with less than 2500 employees, and 18%of attacks were focused on organizations with less than 250employees. It’s possible that smaller companies are now beingtargeted as a stepping stone to a larger organization becausethey may be in the partner ecosystem and less well-defended.Targeted attacks are a risk for businesses of all sizes – no one isimmune to these attacks.In terms of people who are being targeted, it’s no longer onlythe CEOs and senior level staff. 58% of the attacks are goingto people in other job functions such as Sales, HR, ExecutivesAssistants, and Media/Public Relations. This could representa trend in attackers focusing their attention on lower hangingfruit. If they cannot get to the CEOs and senior staff, they canget to other links inside the organizations. It is also interesting to note that these roles are highly public and also likely toreceive a lot of attachments from outside sources. For example,an HR or recruiter staff member would regularly receive andopen CVs and other attachments from strangers.
INTERNET SECURITY THREAT REPORTMobile Phones Under AttackGrowth of mobile malware requires a large installed base to attack and a profit motive to drive it. The analyst firm, Gartner,predicts sales of smartphones to end users will reach 461.5million in 2011 and rise to 645 million in 2012. In 2011, salesof smartphones will overtake shipments of PCs (364 million)2.And while profits remain lucrative in the PC space, mobile offers new opportunities to cybercriminals that potentially aremore profitable. A stolen credit card may go for as little as USD40-80 cents. Malware that sends premium SMS text messagescan pay the author USD 9.99 for each text and for victimsnot watching their phone bill could pay off the cybercriminalcountless times. With the number of vulnerabilities in themobile space rising (a 93.3% increase over 2010) and malwareauthors not only reinventing existing malware for mobiledevices but creating mobile specific malware geared to theunique opportunities mobile present, 2011 was the first yearthat mobile malware presented a tangible threat to enterprisesand consumers.Mobile also creates an urgent concern to organizations aroundthe possibility of breaches. Given the intertwining of work andpersonal information on mobile devices the loss of confidentialinformation presents a real risk to businesses. And unlike adesktop computer, or even a laptop, mobile devices are easily lost. Recent research by Symantec shows that 50% of lostphones will not be returned. And that for unprotected phones,96% of lost phones will have the data on that phone breached.Certificate Authorities And TransportLayer Security (TLS) V1.0 AreTargeted As SSL Use IncreasesHigh-profile hacks of Certificate Authorities, providers ofSecure Sockets layer (SSL) Certificates, threatened the systemsthat underpin trust in the internet itself. However, SSL technology wasn’t the weak link in the DigiNotar breach and othersimilar hacks; instead, these attacks highlighted the need fororganizations in the Certificate Authority supply chain toharden their infrastructures and adopt stronger security procedures and policies. A malware dependent exploit conceptagainst TLS 1.0 highlighted the need for the SSL ecosystem toupgrade to newer versions of TLS, such as TLS 1.2 or higher.Website owners recognized the need to adopt SSL more broadlyto combat Man-In-The-Middle (MITM) attacks, notably for securing non-transactional pages, as exemplified by Facebook,Google, Microsoft, and Twitter adoption of Always On SSL3.232 Million Identities StolenMore than 232.4 million identities were exposed overall during2011. Although not the most frequent cause of data breaches,breaches caused by hacking attacks had the greatest impactand exposed more than 187.2 million identities, the greatestnumber for any type of breach in 2011, according to analysisfrom the Norton Cybercrime Index4. The most frequent causeof data breaches (across all sectors) was theft or loss of a computer or other medium on which data is stored or transmitted,such as a USB key or a back-up medium. Theft or loss accounted for 34.3% of breaches that could lead to identities exposed.Botnet Takedowns ReduceSpam VolumesIt isn’t all bad news; the overall number of spam fell considerably in the year from 88.5% of all email in 2010 to 75.1% in2011. This was largely thanks to law enforcement action whichshut down Rustock, a massive, worldwide botnet that wasresponsible for sending out large amounts of spam. In 2010,Rustock was the largest spam-sending botnet in the world, andwith its demise, rival botnets were seemingly unable or unwilling to take its place. At the same time, spammers are increasing their focus on social networking, URL shorteners and othertechnology to make spam-blocking harder.Taken together, these changes suggest that a growing numberof untargeted but high-volume malware and spam attacks ismatched by an increasingly sophisticated hard core of targeted attacks, advanced persistent threats and attacks on theinfrastructure of the Internet itself. Organizations should takethis message to heart. They need to be successful every timeagainst criminals, hackers and spies. The bad guys only need tobe lucky once.Symantec Corporation13
INTERNET SECURITY THREAT REPORTTargeted attacks usecustomized malwareand refined targetedsocial engineeringto gain unauthorizedaccess to sensitiveinformation. This isthe next evolution ofsocial engineering,where victims areresearched in advanceand specificallytargeted.Safeguarding Secrets:Industrial Espionage In CyberspaceTCyber-Espionage In 2011he number of targeted attacks increaseddramatically during 2011 from an averageof 77 per day in 2010 to 82 per day in 2011.And advanced persistent threats (APTs) attractedmore public attention as the result of some wellpublicized incidents.Targeted attacks use customized malware andrefined targeted social engineering to gainunauthorized access to sensitive information. Thisis the next evolution of social engineering, wherevictims are researched in advance and specificallytargeted. Typically, criminals use targeted attacksto steal valuable information such as customerdata for financial gain. Advanced persistent threatsuse targeted attacks as part of a longer-termcampaign of espionage, typically targeting highvalue information or systems in government andindustry.14Symantec CorporationIn 2010, Stuxnet grabbed headlines. It is a wormthat spreads widely but carried a specializedpayload designed to target systems that control andmonitor industrial processes, creating suspicionthat it was being used to target nuclear facilities inIran. It showed that targeted attacks could be usedto cause physical damage in the real world, makingreal the specter of cyber-sabotage.In October 2011, Duqu came to light5. This is adescendent of Stuxnet. It used a zero-day exploitto install spyware that recorded keystrokes andother system information. It presages a resurgenceof Stuxnet-like attacks but we have yet to see anyversion of Duqu built to cause cyber-sabotage.Various long term attacks against the petroleumindustry, NGOs and the chemical industry6also came to light in 2011. And hactivism byAnonymous, LulzSec and others dominatedsecurity news in 2011.
INTERNET SECURITY THREAT REPORTFigure 1Targeted Attacks Trend Showing Average NumberTargetedAttacksTrend ShowingAverage2011NumberOf AttacksIdentifiedEach Month,Of Attacks Identified Each Month, YJUNJULAUGSEPOCTNOVDECSource: SymantecSource: Symantec.cloudAdvanced Persistent Threats3They aim to gather high-value, national objectivessuch as military, political or economic intelligence.Advanced persistent threats (APTs) have become a buzzwordused and misused by the media but they do represent a realdanger. For example, a reported attack in March 2011 resultedin the theft of 24,000 files from a US defense contractor. Thefiles related to a weapons system under development for theUS Department of Defense (DOD).4They are well-funded and well-staffed, perhapsoperating with the support of military or state intelligence organizations.5They are more likely to target organizations ofstrategic importance, such as government agencies, defense contractors, high profile manufacturers, critical infrastructure operators and theirpartner ecosystem.Government agencies take this type of threat very seriously.For example, the US DOD has committed at least 500 (USD)million to cyber security research and development and theUK Government recently released its Cyber Security Strategy,outlining a National Cyber Security Programme of work fundedby the GBP 650 million investments made to address thecontinuously evolving cyber risks, such as e-crime as well asthreats to national security7.All advanced persistent threats rely on targeted attacks astheir main delivery vehicle, using a variety of vectors such asdrive-by-downloads, SQL injection, malware, phishing andspam.APTs differ from conventional targeted attacks in significantways:1They use highly customized tools and intrusiontechniques.2They use stealthy, patient, persistent methods toreduce the risk of detection.The hype surrounding APTs masks an underlying reality—these threats are, in fact, a special case within the much broader category of attacks targeted at specific organizations of allkinds. As APTs continue to appear on the threat landscape, weexpect to see other cybercriminals learn new techniques fromthese attacks. For example, we’re already seeing polymorphiccode used in mass malware attacks and we see spammers exploit social engineering on social networks. Moreover, the factthat APTs are often aimed at stealing intellectual property suggests new roles for cybercriminals as information brokers inindustrial espionage schemes.While the odds of an APT affecting most organizations maybe relatively low, the chances that you may be the victim of
INTERNET SECURITY THREAT REPORT 2 Symantec Corporation Paul Wood Executive Editor Manager, Cyber Security Intelligence Security Technology and Response Gerry Egan Sr. Director, Product Management Security Technology and Response Kevin Haley Director, Product Management Security Tech
Shared third-party threat information via the Cyber Threat Alliance further enriches this knowledge base. The Cyber Threat Alliance is a consortium of 174 different threat intelligence and threat feed providers that crowdsource and share threat intelligence. Cyber Threat Alliance processes more than 500,000 file samples and 350,000 URLs daily.
AVG Internet Security 9 ESET Smart Security 4 F-Secure Internet Security 2010 Kaspersky Internet Security 2011 McAfee Internet Security Microsoft Security Essentials Norman Security Suite Panda Internet Security 2011 Sunbelt VIPRE Antivirus Premium 4 Symantec Norton Internet Security 20
The result is the annual Symantec Internet Security Threat Report, which gives enterprises, small businesses, and consumers essential information to secure their systems effectively now and into the future. MOBILE & IOT WEB THREATS SCAMS & SOCIAL MEDIA TARGETED ATTACKS 2015 Internet Security Threat Report 5
the result is the Symantec internet Security threat report, which gives enterprises and consumers essential information to effectively secure their systems now and into the future. this volume of the Symantec Government Internet Security Threat Report will alert readers to current trends and impending thre
AVG Internet Security 8.0 8.0.169 Avira Premium Security Suite 2009 8.2.0.247 BitDefender Internet Security 2009 12.0.10.3 BullGuard BullGuard 8.5 n/a ESET Smart Security 3.0 3.0.672 F-Secure Internet Security 2009 9.00 build 148 G DATA Internet Security 2009 19.0.0.49 Kaspersky Internet Security 2009 8.0.0.
The Symantec Internet Security Threat Reportprovides a six-month update about Internet threat activity1. It includes analysis of network-based attacks, a review of known vulnerabilities, and highlights of malicious code. This summary
threat mitigation program: Defining the Threat, Detecting and Identifying the Threat, Assessing the Threat, and Managing the Threat. On CISA.gov, visitors will find extensive tools, training, and information on the arra
Pipe Size ASTM Designation (in) (mm) (D2310) (D2996) 2 - 6 50 - 150 RTRP 11FX RTRP 11FX-5430 8 - 16 200 - 400 RTRP 11FX RTRP 11FX-3210 Fittings 2 to 6-inch Compression-molded fiberglass reinforced epoxy elbows and tees Filament-wound and/or mitered crosses, wyes, laterals and reducers 8 to 16-inch Filament-wound fiberglass reinforced epoxy elbows Filament-wound and/or mitered crosses, wyes .
