Symantec has released its Global Internet Security Threat Report for 2009, a data packed report showing trends, impending threats, and the continuing evolution of the Internet threat landscape. The report shows that malicious activity is growing, with targeted attacks increasing on enterprises. Web-based attacks continue to be a favored method, with readily available malicious code kits making it simple for amateur attackers to launch attacks. Life is good in the online underground economy and cyber criminals are certainly benefiting from the downturn in the global economy. (Related content “2010, a Great Year to Be a Scammer”)
Symantec’s internal resources around the world, combined with several partnerships, have enabled an impressive collection of data and statistics, providing a comprehensive look into the global threat landscape. Here’s a look some of the numbers behind the report and where this data, collected in over 86 countries, is harvested from.
-
Symantec gathers malicious code intelligence from more than 133 million client, server, and gateway systems that have deployed its antivirus products
-
The Symantec’s Global Intelligence Network, with 240,000 sensors globally, monitors attack activity through a combination of Symantec enterprise and consumer products, as well as third-party data sources.
-
Symantec’s distributed honeypot network collects data from around the globe, capturing previously unseen threats and attacks and providing valuable insight into attacker methods.
-
Spam and phishing data is captured through a variety of sources including: the Symantec Probe Network, a system of more than 5 million decoy accounts; MessageLabs Intelligence, a source of data and analysis for messaging security issues, trends and statistics; and other Symantec technologies.
-
Over 8 billion email messages, as well as over 1 billion Web requests, are processed per day
-
Phishing data is collected through an extensive community of enterprises, security vendors and more than 50 million consumers.
The report shows that as businesses and governments around the world increase efforts to fight malicious activity, the threats are progressively shifting to emerging countries with rapidly growing Internet infrastructures such as India and Russia.
Targeted attacks against enterprises are not new, but the large-scale targeted attack against Google brought these types of incidents into the spotlight, encouraging organizations to re-examine their security postures and mitigation strategies. Google, while investigating the incident, discovered that at least twenty other large companies across several sectors were similarly targeted.
Symantec says that these targeted attacks are likely to continue and play a large part in the threat landscape in the near future. Attacks against enterprises and individuals that provide financial gain for cybercriminals remain a large part of the threat landscape.
The report has an overwhelming number of statistics and information on the global threat landscape. Here are a few highlights:
Interesting Facts & Figures from the 2009 Data
-
In 2009, 60 percent of identities exposed were compromised by hacking attacks.
-
75 percent of enterprises surveyed, experienced some form of cyber attack in 2009 (From Symantec State of the Enterprise Report 2010)
-
The top Web-based attacks observed in 2009 primarily targeted vulnerabilities in Internet Explorer and applications that process PDF files
-
Mozilla Firefox had the most reported vulnerabilities in 2009, with 169, while Internet Explorer had just 45, yet Internet Explorer was still the most attacked browser.
-
Symantec observed nearly 90,000 unique variants of the basic Zeus toolkit
-
There were over twice as many data breaches reported in 2008 than in 2007. Similarly, there were almost twice as many data breaches reported in 2008 than there were in 2009.
-
The United States was the top country of origin for Web-based attacks in 2009, accounting for 34 percent of the worldwide total.
-
In 2009, Symantec detected 59,526 phishing hosts, an increase of 7 percent over 2008 when Symantec detected 55,389 phishing hosts.
-
In 2009, botnets were responsible for sending approximately 85 percent of all spam email.
-
There were 321 browser plug-in vulnerabilities identified in 2009, fewer than the 410 identified in 2008. ActiveX technologies still constituted the majority of new browser plug-in vulnerabilities, with 134; however, this is a 53 percent decrease from the 287 ActiveX vulnerabilities identified in 2008.
The financial sector was the most heavily targeted by phishing attacks in 2009, accounting for 74 percent of the brands used in phishing campaigns. Phishing banks and financial services brands continues to be lucrative for cyber criminals.
“Attackers have evolved from simple scams to highly sophisticated espionage campaigns targeting some of the world’s largest corporations and government entities,” said Stephen Trilling, senior vice president, Security Technology and Response, Symantec. “The scale of these attacks and the fact that they originate from across the world, makes this a truly international problem requiring the cooperation of both the private sector and world governments.”
As the underground economy continues to flourish, cybercriminals have shifted their efforts toward creating kits, such as the popular Zeus kit, that they can sell to others looking to conduct attacks and steal personal data. This enables inexperienced attackers with little technical knowledge to mount attacks with ease. As these template based kits make it easier for more attackers to enter the online underground economy, Symantec expects attacks against Web browsers and malicious code variants installed through these attacks to increase.
The report shows credit card information as the most commonly advertised item for sale on underground economy servers known to Symantec, accounting for 19 percent of all goods and services advertised; this is a decrease from 2008 when credit card information accounted for 32 percent of the total.
As one of the most comprehensive reports covering the international threat landscape, the Symantec Global Internet Security Threat Report for 2009 is a must read for any information security executive. The full report (97 Pages) is available for download at:
http://www.symantec.com/business/theme.jsp?themeid=threatreport