symantec internet security threat report 2011 trends volume 17 april 2012
Post on 19-Oct-2014
5.499 Views
Preview:
DESCRIPTION
TRANSCRIPT
2011: The Year in Numbers
Internet Security Threat Report, Vol. 17 2
Internet Security Threat Report, Vol. 17 3
Internet Security Threat Report, Vol. 17 4
Internet Security Threat Report, Vol. 17 5
Internet Security Threat Report, Vol. 17 6
Internet Security Threat Report, Vol. 17 7
Internet Threat Report 17 8
Internet Threat Report 17 9
Internet Threat Report 17 10
Four Key Trends
Internet Security Threat Report, Vol. 17
Malware Attacks
81% ↑
Targeted Attacks Expand
Mobile Threats
Expose All
Data Breaches on Rise
Internet Threat Report 17 11
Malware Activity at a Glance
Internet Security Threat Report, Vol. 17 12
Internet Threat Report 17 13
The Big Numbers for 2011
5.5B Attacks blocked by Symantec +81%
403M Unique variants of malware +41%
4,597 Web attacks per day +36%
4,989 New vulnerabilities -20%
8 Zero-day vulnerabilities -43%
315 New mobile vulnerabilities +93%
75% Spam rate -34%
Internet Security Threat Report, Vol. 17 14
Malware Attacks Continue to Grow
Internet Security Threat Report, Vol. 17 15
Top Families Dominate Malicious Code
Internet Security Threat Report, Vol. 17
• 10 families account for 45% of all unique malware variants
16
Spam Still Effective, but Changes Underway
Internet Security Threat Report, Vol. 17 17
Vulnerabilities Not Being Discovered at Previous Rate
• Zero-day vulnerabilities also down in 2011
– Stuxnet affected 2010 numbers
Internet Security Threat Report, Vol. 17 18
Why is Malware Continuing to Rise?
• Attack tool kits continue to flourish
• Increase efficacy of known vulnerabilities
Internet Security Threat Report, Vol. 17 19
Why is Malware Continuing to Rise?
• Web attacks are increasing
Internet Security Threat Report, Vol. 17 20
Which Website is More Dangerous?
Internet Security Threat Report, Vol. 17 21
Most Harmful Websites by Categories
Internet Security Threat Report, Vol. 17
• Sites with poor security become easy targets for malware authors
• Some businesses understand that customers will visit sites that infect them
22
• Cybercriminals taking advantage of social media
– Social media is viral in nature
– People are less suspicious of content from friends
Internet Security Threat Report, Vol. 17
Why is Malware Continuing to Rise?
23
Social Engineering is Effective in Social Media
• Users willing to help infect themselves
Internet Security Threat Report, Vol. 17 24
Targeted Attacks Have Expanded
Internet Security Threat Report, Vol. 17 25
Advanced Targeted Threats
Internet Security Threat Report, Vol. 17
Your Assumptions are Wrong
26
Only large corporations, governments and defense
industries are targeted for attack
Internet Security Threat Report, Vol. 17
Assumption #1
27
Organizations of All Sizes at Risk of Targeted Attacks
Internet Security Threat Report, Vol. 17
2,500+
13,428 13,518
1501-2500
1001-1500
501-1000
250-500
<250 18%
28
Targeted Attacks by Sector
Internet Security Threat Report, Vol. 17
Government & Public Sector
Manufacturing
Finance
IT Services
Chemical & Pharmaceutical
Transport & Utilities
Non-Profit
Marketing & Media
Education
Retail
29
Targeted Attacks by Sector
Internet Security Threat Report, Vol. 17
Government & Public Sector
Manufacturing
Finance
IT Services
Chemical & Pharmaceutical
Transport & Utilities
Non-Profit
Marketing & Media
Education
Retail
30
Only CEOs and senior managers are targeted
Internet Security Threat Report, Vol. 17
Assumption #2
31
Targeted Attacks by Job Function
Internet Security Threat Report, Vol. 17
C-Level
Senior
R&D
Sales
Media
Shared Mailbox
PA
Recruitment
32
Targeted Attacks by Job Function
Internet Security Threat Report, Vol. 17
C-Level
Senior
R&D
Sales
Media
Shared Mailbox
PA
Recruitment
33
A targeted attack is a single attack
Internet Security Threat Report, Vol. 17
Assumption #3
34
Use Case: Taidoor
• One target was attacked for 9 straight months
• In June, attacks occurred almost once a day
Internet Security Threat Report, Vol. 17 35
Number of Data Breaches Continues to Rise
Internet Security Threat Report, Vol. 17 36
Data Breaches
• Hactivism helped drive this dramatic increase over 2010
Internet Security Threat Report, Vol. 17 37
Data Breaches
Internet Security Threat Report, Vol. 17 38
Data Breaches
Internet Security Threat Report, Vol. 17
• 232 million identities were stolen in 2011 (1.1 million/breach avg.)
39
Mobile Threats Expose Organizations and Consumers
Internet Security Threat Report, Vol. 17 40
Mobile Malware on the Rise
• This represents families of mobile malware
• There are 3,000-4,000 variants in the wild today and growing
Internet Security Threat Report, Vol. 17 41
Mobile Threats Focus Areas for Malware Authors
• Stealing information, spying and sending SMS messages
• Malware authors porting old threats and working on new ones
• Most popular way to make money? Sending premium SMS
Internet Security Threat Report, Vol. 17 42
Sending Content = Dialing for Dollars
Internet Security Threat Report, Vol. 17 43
Mobile Phones: A New Source of Data Breaches
• Mobile devices contain work and personal information
• Unlike a desktop computer they are easily stolen
• …. and often lost
Internet Security Threat Report, Vol. 17 44
Los Angeles
San Francisco
Washington, D. C.
New York
Ottawa, Canada
Project Honey Stick
Internet Threat Report 17 45
Internet Threat Report 17 46
Internet Threat Report 17 47
What’s Ahead in 2012?
Internet Security Threat Report, Vol. 17
Macs are not immune
Targeted attacks will continue
Attackers will capitalize on
work/personal info on mobiles
Cloud computing and mobile will
force IT to rethink security
48
Internet Security Threat Report, Vol. 17
Best Practices for Protection
49
Thwarting Malware Attacks: Defense
Internet Security Threat Report, Vol. 17
• More than just AV – need to use full functionality of endpoint protection • Restrict removable devices and turn off auto-run to prevent malware infection Layered Endpoint Protection
• Ensure employees become the first line of defense against socially engineered attacks Security Awareness Training
• Detect and block new and unknown threats based on reputation and ranking Advanced Reputation Security
• Monitor for network intrusions, propagation attempts and other suspicious traffic patterns Layered Network Protection
50
Thwarting Targeted Attacks
Internet Security Threat Report, Vol. 17
• Detect and block new and unknown threats based on reputation and ranking
• Set strong permissions around apps, servers and clusters, according to sensitivity of information processed
• Restrict removable devices and functions to prevent malware infection
Advanced Reputation Security
Employ Offensive Protection Strategies
Removable Media Device Control
• Scan and monitor inbound/outbound email and web traffic and block accordingly
• Discover data spills of confidential information that are targeted by attackers
• Create and enforce security policy so all confidential information is encrypted
Email & Web Gateway Filtering
Data Loss Prevention
Encryption
• Monitor for network intrusions, propagation attempts and other suspicious traffic patterns
Network Threat and Vulnerability Monitoring
51
Avoiding Data Breaches
Internet Security Threat Report, Vol. 17
• Which information should you protect?
• Discover data spills of confidential information that are targeted by attackers • Enforce rules prohibiting access of confidential data using applications
• Locks down key systems that contain confidential information • Prevents any unauthorized code to run — independent of AV signatures
Data Classification
Data Loss Prevention
Host-based Intrusion Prevention
• Scan and monitor inbound/outbound email and web traffic and block accordingly
• Create and enforce security policy so all confidential information is encrypted
Email & Web Gateway Filtering
Encryption
• Two-factor authentication to protect against credential theft Strong Authentication
52
Mitigating Mobile Threats
Internet Security Threat Report, Vol. 17
• Remotely wipe devices in case of theft or loss • Update devices with applications as needed without physical access • Get visibility and control of devices, users and applications
• Guard mobile device against malware and spam • Prevent the device from becoming a vulnerability
• Identify confidential data on mobile devices • Encrypt mobile devices to prevent lost devices from turning into lost
confidential data
Device Management
Device Security
Content Security
• Strong authentication and authorization for access to enterprise applications and resources
• Allow access to right resources from right devices with right postures Identity and Access
53
Stay Informed
Internet Security Threat Report, Vol. 17
www.symantec.com/threatreport
Security Response Website
Twitter.com/threatintel
54
Thank you! Thank you!
Copyright © 2012 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Internet Security Threat Report, Vol. 17
Presenter Information Here
55
top related