Symantec's newly released Internet Security Threat Report found that there was a 42 percent rise during 2012 in targeted attacks in comparison to the previous year.
SMBs -- companies with fewer than 250 employees -- were particularly impacted by this spike in cybercrime, finding themselves on the receiving end of 31 percent of all targeted attacks, a threefold increase from 2011. Cybercriminals appear drawn to these businesses since they still hold valuable customer bank account information and other personal data, yet sometimes lack adequate security practices and infrastructure, according to the report.
Stephen Trilling, chief technology officer of Symantec said in a press statement that regardless of organizational size, the fast pace of threat evolution is continuing to impact all sectors.
“This year’s Internet Security Threat Report shows that cybercriminals aren’t slowing down, and they continue to devise new ways to steal information from organizations of all sizes,” he said.
Due to often lax security, SMBs were also found to unintentionally initiate attacks against organizations with stronger security measures by being the victims of so-called "watering hole" incidents. This sort of activity led in part to a 30 percent increase in Web-based attacks, according to the report. During these types of attacks, any website -- such as a small not-for-profit, business site or blog -- is compromised by an attacker. When a visitor then arrives to visit the site, a targeted attack payload is silently installed on their computer. This exploit was recently used to target visitors to the Washington D.C.-based think tank, The Council on Foreign Relations website.
The compromised website was a common theme in the report. Symantec found that 61 percent of malicious websites are actually legitimate websites that have been compromised and infected with malicious code (business, technology and shopping websites were the most exploited). A trend the report attributes to unpatched vulnerabilities. These compromised sites have been increasingly serving up ransomware as the predominant malware variant, mainly due to its ability to rustle up more profit for attackers, according to the report.
The report seems to indicate a shift away from government targeted attacks. In 2012, the manufacturing sector vaulted to the top of the list of industries targeted for attack. Symantec believes that this is due to vulnerabilities in the supply chain, attacking the various subcontractors who, while often in possession of the same high valued intellectual property at the parent organization, sometimes have lesser security measures in place. The most commonly targeted victims of these types of attacks across all industries were knowledge workers (27 percent) with access to intellectual property as well as those in sales (24 percent), according to the report.
Other key findings include:
- 14 zero-day vulnerabilities.
- 32% of all mobile threats steal information.
- A single threat infected 600,000 Macs in 2012.
- Spam volume continued to decrease, with 69% of all email being spam.
- The number of phishing sites spoofing social networking sites increased 125%.
- 5,291 new vulnerabilities discovered in 2012, 415 of them on mobile operating systems.
Trilling wrote that the sheer number and variation of threats in 2012 should compel all members of the enterprise to shore up their defenses.
“The sophistication of attacks coupled with today’s IT complexities, such as virtualization, mobility and cloud, require organizations to remain proactive and use ‘defense in depth’ security measures to stay ahead of attacks,” added Trilling.
To download a complete copy of the report, go HERE [PDF].
Symantec's Internet Security Threat Report provides an overview and analysis of the year in global threat activity. The report is based on data from Symantec’s Global Intelligence Network, which Symantec analysts use to identify, analyze, and provide commentary on emerging trends in attacks, malicious code activity, phishing, and spam.