Security Experts:

Connect with us

Hi, what are you looking for?



Symantec unveils Global Internet Security Threat Report for 2009

Symantec has released its Global Internet Security Threat Report for 2009, a data packed report showing trends, impending threats, and the continuing evolution of the Internet threat landscape.

Symantec has released its Global Internet Security Threat Report for 2009, a data packed report showing trends, impending threats, and the continuing evolution of the Internet threat landscape. The report shows that malicious activity is growing, with targeted attacks increasing on enterprises. Web-based attacks continue to be a favored method, with readily available malicious code kits making it simple for amateur attackers to launch attacks. Life is good in the online underground economy and cyber criminals are certainly benefiting from the downturn in the global economy. (Related content “2010, a Great Year to Be a Scammer”)

Symantec’s internal resources around the world, combined with several partnerships, have enabled an impressive collection of data and statistics, providing a comprehensive look into the global threat landscape. Here’s a look some of the numbers behind the report and where this data, collected in over 86 countries, is harvested from.

A Look behind the Numbers

  • Symantec gathers malicious code intelligence from more than 133 million client, server, and gateway systems that have deployed its antivirus products

  • The Symantec’s Global Intelligence Network, with 240,000 sensors globally, monitors attack activity through a combination of Symantec enterprise and consumer products, as well as third-party data sources.

  • Symantec’s distributed honeypot network collects data from around the globe, capturing previously unseen threats and attacks and providing valuable insight into attacker methods.

  • Spam and phishing data is captured through a variety of sources including: the Symantec Probe Network, a system of more than 5 million decoy accounts; MessageLabs Intelligence, a source of data and analysis for messaging security issues, trends and statistics; and other Symantec technologies.

  • Over 8 billion email messages, as well as over 1 billion Web requests, are processed per day

  • Phishing data is collected through an extensive community of enterprises, security vendors and more than 50 million consumers.

The report shows that as businesses and governments around the world increase efforts to fight malicious activity, the threats are progressively shifting to emerging countries with rapidly growing Internet infrastructures such as India and Russia.

Malicious Activity by Country (Source: Symantec)

Targeted attacks against enterprises are not new, but the large-scale targeted attack against Google brought these types of incidents into the spotlight, encouraging organizations to re-examine their security postures and mitigation strategies. Google, while investigating the incident, discovered that at least twenty other large companies across several sectors were similarly targeted.

Symantec says that these targeted attacks are likely to continue and play a large part in the threat landscape in the near future. Attacks against enterprises and individuals that provide financial gain for cybercriminals remain a large part of the threat landscape.

The report has an overwhelming number of statistics and information on the global threat landscape. Here are a few highlights:

Interesting Facts & Figures from the 2009 Data

  • In 2009, 60 percent of identities exposed were compromised by hacking attacks.

  • 75 percent of enterprises surveyed, experienced some form of cyber attack in 2009 (From Symantec State of the Enterprise Report 2010)

  • The top Web-based attacks observed in 2009 primarily targeted vulnerabilities in Internet Explorer and applications that process PDF files

  • Mozilla Firefox had the most reported vulnerabilities in 2009, with 169, while Internet Explorer had just 45, yet Internet Explorer was still the most attacked browser.

  • Symantec observed nearly 90,000 unique variants of the basic Zeus toolkit

  • There were over twice as many data breaches reported in 2008 than in 2007. Similarly, there were almost twice as many data breaches reported in 2008 than there were in 2009.

  • The United States was the top country of origin for Web-based attacks in 2009, accounting for 34 percent of the worldwide total.

  • In 2009, Symantec detected 59,526 phishing hosts, an increase of 7 percent over 2008 when Symantec detected 55,389 phishing hosts.

  • In 2009, botnets were responsible for sending approximately 85 percent of all spam email.

  • There were 321 browser plug-in vulnerabilities identified in 2009, fewer than the 410 identified in 2008. ActiveX technologies still constituted the majority of new browser plug-in vulnerabilities, with 134; however, this is a 53 percent decrease from the 287 ActiveX vulnerabilities identified in 2008.

The financial sector was the most heavily targeted by phishing attacks in 2009, accounting for 74 percent of the brands used in phishing campaigns. Phishing banks and financial services brands continues to be lucrative for cyber criminals.

“Attackers have evolved from simple scams to highly sophisticated espionage campaigns targeting some of the world’s largest corporations and government entities,” said Stephen Trilling, senior vice president, Security Technology and Response, Symantec. “The scale of these attacks and the fact that they originate from across the world, makes this a truly international problem requiring the cooperation of both the private sector and world governments.”

As the underground economy continues to flourish, cybercriminals have shifted their efforts toward creating kits, such as the popular Zeus kit,  that they can sell to others looking to conduct attacks and steal personal data. This enables inexperienced attackers with little technical knowledge to mount attacks with ease. As these template based kits make it easier for more attackers to enter the online underground economy, Symantec expects attacks against Web browsers and malicious code variants installed through these attacks to increase.

The report shows credit card information as the most commonly advertised item for sale on underground economy servers known to Symantec, accounting for 19 percent of all goods and services advertised; this is a decrease from 2008 when credit card information accounted for 32 percent of the total.

Underground Economy

As one of the most comprehensive reports covering the international threat landscape, the Symantec Global Internet Security Threat Report for 2009 is a must read for any information security executive. The full report (97 Pages) is available for download at:

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.