Small Is Beautiful for Cyber Criminals

By | May 24, 2013

Posted in: Network Security Trends

Hackers are increasingly targeting small companies for cyber-attack and the amount of malware directed at mobile operating systems is rapidly escalating, according to Symantec’s Internet Security Threat Report for 2012.

The report, issued last month, said half of all targeted attacks last year were aimed at businesses with fewer than 2,500 employees. The largest growth area for targeted attacks was businesses with fewer than 250 employees; 31 percent of all attacks targeted them.

“This is especially bad news because based on surveys conducted by Symantec, small businesses believe they are immune to attacks targeted at them,” said the report, based on the company’s threat-monitoring network which covers more than 150 countries.

Symantec said some small businesses assumed they had nothing a targeted attacker would want to steal, but in fact they had customer information, intellectual property, and money in the bank. “While it can be argued that the rewards of attacking a small business are less than what can be gained from a large enterprise, this is more than compensated by the fact that many small companies are typically less careful in their cyber-defenses,” the report said.

“Criminal activity is often driven by crimes of opportunity. With cybercrimes, that opportunity appears to be with small businesses. Even worse, the lack of adequate security practices by small businesses threatens all of us. Attackers deterred by a large company’s defenses often choose to breach the lesser defenses of a small business that has a business relationship with the attacker’s ultimate target, using the smaller company to leapfrog into the larger one.”

Symantec reported a 58 percent increase in mobile malware families last year compared to 2011, with the Android system being the most popular target.

“With a 32 percent increase in the number of vulnerabilities reported in mobile operating systems, it might be tempting to blame them for the increase,” the cybersecurity firm said. “However, this would be wrong. In the PC space, a vulnerability drives attacks as new vulnerabilities are incorporated into commonly available toolkits. The more they’re used, the faster they spread. This is not occurring in the mobile space.”

Symantec said that while Apple’s iOS had the most documented vulnerabilities in 2012, there was only one threat created for the platform. However the Android OS, with only 13 vulnerabilities reported, led all mobile operating systems in the amount of  malware written for it.

“Android’s market share, the openness of the platform, and the multiple distribution methods available to applications embedded with malware make it the go-to platform of malware authors,” the report said.

Symantec also sounded a warning about the so-called Elderwood Gang, a group of hackers that the company has been tracking for several years. It reported that the gang was responsible for four of the 14 zero-day vulnerabilities discovered last year.

“They’ve used at least one so far in 2013,” the report said. “The gang has used one zero-day exploit  in each attack, using it continually until that exploit becomes public. Once that occurs they move on to a new exploit. This makes it seem that the Elderwood Gang has a limitless supply of zero-day vulnerabilities and is able to move to a new exploit as soon as one is needed. It is our hope that this is not the case.”

You May Also Be Interested In: