Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Symantec: Malicious Attacks Spiked, Vulnerabilities Dropped in 2011

Symantec Threat Report Reveals 81 Percent Increase in Malicious Attacks, Drop In Number of Vulnerabilities

In its latest threat report released on Monday, Symantec revealed that while the number of vulnerabilities fell by 20% in 2011, it saw a significant increase in the number of malicious attacks. In addition, the report notes the fact that targeted attacks are spreading to organizations of all types and sizes.

Symantec Threat Report Reveals 81 Percent Increase in Malicious Attacks, Drop In Number of Vulnerabilities

In its latest threat report released on Monday, Symantec revealed that while the number of vulnerabilities fell by 20% in 2011, it saw a significant increase in the number of malicious attacks. In addition, the report notes the fact that targeted attacks are spreading to organizations of all types and sizes.

Symantec LogoVolume 17 of Symantec’s annual Threat Report spotlights a drop in vulnerabilities last year, but unfortunately the number of malicious attacks jumped by 81% and the number of Web-based attacks that the company blocked jumped by 36%. Moreover, the number of unique malware variants surpassed 400 million. In all, Symantec said it blocked more than 5 billion last year.

The drop in vulnerabilities echo recent findings in HP’s recently released 2011 Top Cyber Security Risks Report. According to HP, disclosure of new vulnerabilities in commercial applications has slowly declined since 2006, noting a drop of nearly 20 percent in 2011 from the previous year. HP warned that while newly reported vulnerabilities in commercial software applications have seen a downward trend, a large number of vulnerabilities are unaccounted for, and are therefore undisclosed to the broader security industry.

HP believes the decline in vulnerabilities is due to a number of factors, including the increase in private market for sharing vulnerabilities. In addition, HP’s report notes that the proliferation of custom web applications has created a market for unique vulnerability exploits that require advanced expertise to locate and address.

Symantec’s report also shows that spam levels fell by some 20% during 2011. This, Symantec says, paints an interesting picture, as it shows that attackers are embracing the easier to use attack kits (think SpyEye) in order to target existing and often un-patched vulnerabilities. Further, these attack kits and the wide pool of potential targets explains why social networks became the spot of choice for criminals launching scams and focused attacks.

Another interesting takeaway from the report is the fact that targeted attacks are growing. Symantec notes that the number of daily targeted attacks increased from 77 per day to 82 per day by the end of 2011. Additionally, the observed targeted attacks weren’t limited to large organizations. More than 50 percent of such attacks target organizations with fewer than 2,500 employees, and almost 18 percent target companies with fewer than 250 employees. When it comes to the actual targets, 58 percent of attacks focused on employees in roles such as human resources, public relations, and sales.

Targeted Cyber Attacks Spike

Other highlights from Symantec’s Internet Security Threat Report, Volume 17 include:

• Approximately 1.1 million identities were stolen per data breach on average in 2011, a dramatic increase over the amount seen in any other year.

Advertisement. Scroll to continue reading.

• Hacking incidents posed the greatest threat, exposing 187 million identities in 2011 — the greatest number for any type of breach last year.

• Mobile vulnerabilities increased by 93 percent in 2011. At the same time, there was a rise in threats targeting the Android operating system.

The full report is available here.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.