IC B01: Internet Security Threat Report: How to Stay Protected Piero DePaoli Director, Product Marketing IC B01: Internet Security Threat Report: How to Stay Protected 1
Topics 1 Targeted Attacks 2 Spam Trends 3 Vulnerabilities 4 Mobile Trends 5 Mac Malware 2
TARGETED ATTACKS 3
Targeted Attacks in 2012 IC B01: Internet Security Threat Report: How to Stay Protected SYMANTEC VISION 2013 4
Targeted Attacks by Industry Manufacturing Finance, Insurance & Real Estate 19% 24% Services Non-Traditional 17% Government 12% Energy/Utilities 10% Services Professional 8% Wholesale Retail Aerospace Transportation, Communications, Electric, Gas 2% 2% 2% 1% Manufacturing moved to top position in 2012 But all industries are targeted 0% 5% 10% 15% 20% 25% 30% 5
Targeted Attacks by Company Size 50% 2,501+ 50% 1 to 2,500 Employees 2,501+ 9% 2% 3% 5% 1,501 to 2,500 1,001 to 1,500 501 to 1,000 251 to 500 50% 31% 1 to 250 18% in 2011 Greatest growth in 2012 is at companies with <250 employees 6
Targeted Attacks by Job Function 30% 25% R&D 27% Sales 24% 20% 15% Senior 12% C-Level 17% Shared Mailbox 13% 10% 5% 0% Recruitment 4% Media 3% PA 1% Attacks may start with the ultimate target but often look opportunistically for any entry into a company 7
Spear Phishing Watering Hole Attack Send an email to a person of interest Infect a website and lie in wait for them Targeted Attacks predominantly start as spear phishing attacks In 2012, Watering Hole Attacks emerged (Popularized by the Elderwood Gang) 8
Effectiveness of Watering Hole Attacks Watering Hole Attack in 2012 Infected 500 Companies All Within 24 Hours Watering Hole attacks are targeted at specific groups Can capture a large number of victims in a very short time 9
Recent Example of Watering Hole Attack In 2013 this type of attack will become widely used Several high profile companies fell victim to just such an attack 10
Watering Hole Targeted ios Developers In 2013 this type of attack will become widely used Several high profile companies fell victim to just such an attack 11
Thwarting Targeted Attacks: Defense Security Intelligence Holistic Security Monitoring Removable Media Device Control Email & Web Gateway Filtering Data Loss Prevention Encryption DeepSight Managed Security Services Endpoint Protection, Critical System Protection Email Security.cloud, Messaging Gateway Web Security.cloud, Web Gateway Data Loss Prevention Encryption Incident Preparedness & Response IC B01: Internet Security Threat Report: How to Stay Protected SYMANTEC VISION 2013 12
SPAM TRENDS Do I still need to worry about spam? 13 13
Spam Decline 90% 79% January 2011 Global Spam Rates 2011-2012 69% October 2012 80% 70% 60% 50% 40% 30% 20% 10% 0% Jan- 11 Apr Jul Oct Jan- 12 Apr Jul Oct Spam has declined for second year in a row (as % of email) Botnet takedowns continue to have an affect IC B01: Internet Security Threat Report: How to Stay Protected SYMANTEC VISION 2013 14
Pharmaceutical Spam Decline 70% Pharmaceutical Spam Rates 2011-2012 60% 50% 40% 30% 20% 10% 0% Jan- 11 Apr Jul Oct Jan- 12 Apr Jul Oct IC B01: Internet Security Threat Report: How to Stay Protected SYMANTEC VISION 2013 15
The Risk of Spam Continues 1 in 414 Emails are a phishing attack 1 in 283 Emails are a malware attack of all email is spam IC B01: Internet Security Threat Report: How to Stay Protected SYMANTEC VISION 2013 16
Thwarting Spam-borne Attacks: Defense Security Intelligence Email & Web Gateway Filtering Advanced Reputation Security Layered Endpoint Protection Holistic Network Monitoring & Layered Defenses DeepSight Messaging Gateway, Email Security.cloud Web Gateway, Web Security.cloud Endpoint Protection, Web Gateway Messaging Gateway, Email Security.cloud Endpoint Protection, Critical System Protection Managed Security Services, Web Gateway, Critical System Protection Security Awareness Training IC B01: Internet Security Threat Report: How to Stay Protected SYMANTEC VISION 2013 17
VULNERABILITIES 18 18
Zero-Day Vulnerabilities 16 14 12 10 8 6 13 15 9 12 14 2 8 14 Total Volume Stuxnet Elderwood 4 2 4 3 4 0 2006 2007 2008 2009 2010 2011 2012 One group can significantly affect yearly numbers Elderwood Gang drove the rise in zero-day vulnerabilities 19
All Vulnerabilities 7,000 6,000 6,253 5,000 4,000 4,842 4,644 5,562 4,814 4,989 5,291 3,000 2,000 1,000 0 2006 2007 2008 2009 2010 2011 2012 No significant rise or fall in discovery of new vulnerabilities in last 6 years 20
30% Increase in web attacks blocked 247,350 190,370 2011 2012 21
Our Websites are Being Used Against Us 61% 53% of legitimate websites have unpatched vulnerabilities of web sites serving malware are legitimate sites 25% have critical vulnerabilities unpatched 22
Our Websites are Being Used Against Us In 2012, one threat infected more than 1 million websites Its payload was FakeAV The next time it s likely to be ransomware Internet Security Threat Report 2013 :: Volume 18 SYMANTEC VISION 2013 23
24
SYMANTEC VISION 2013 25
Ransomware Number of criminal gangs involved in this cybercrime Estimated amount extorted from victims in 2012 Average number of attacks seen from one threat in 18 day period 26
Protecting Against Vulnerabilities: Defense Vulnerability Management Program Configuration & Patch Management Program Application Virtualization Advanced Reputation Security Layered Endpoint Protection Website Security Solutions, Managed Security Services, Control Compliance Suite, Endpoint Management Endpoint Management Workspace Virtualization Mobile Management Suite Endpoint Protection, Web Gateway Messaging Gateway, Email Security.cloud Endpoint Protection, Critical System Protection Layered Network Protection Web Gateway, Web Security.cloud IC B01: Internet Security Threat Report: How to Stay Protected SYMANTEC VISION 2013 27
MOBILE TRENDS 28 28
Android Malware Growth 200 5,000 180 4,500 160 4,000 140 3,500 120 3,000 100 2,500 80 2,000 60 1,500 40 1,000 20 500 0 Jan '11 Apr Jul Oct Jan '12 Apr Jul Oct 0 Cumulative Android Families 2011-2012 Cumulative Android Variants 2011-2012 Internet Security Threat Report 2013 :: Volume 18 SYMANTEC VISION 2013 29
Vulnerabilities & Mobile Malware Platform Vulnerabilities Device Type # of Threats Apple ios 387 Android 13 Blackberry 13 Windows Mobile 2 Apple ios Malware 1 Android Malware 103 Symbian Malware 3 Windows Malware 1 Today there is no significant link between mobile OS vulnerabilities and exploitation by malware In the future that may change 30
What Does Mobile Malware Do? Mobile Threats by Type Steal Information 32% Traditional Threats 25% Track User Send Content 13% 15% Adware/Annoyance Reconfigure device 8% 8% 0% 5% 10% 15% 20% 25% 30% 35% 31
Information Stealing Malware Android.Sumzand 1. User received email with link to download app 2. Steals contact information 3. Sends email promoting app to all contacts IC B01: Internet Security Threat Report: How to Stay Protected SYMANTEC VISION 2013 32
Mitigating Mobile Threats Device Management Mobile Management Suite Device Security Mobile Management Suite Content Security Mobile Management Suite Identity & Access Mobile Application Management Validation & Identity Protection Service Mobile Management Suite 33
MAC MALWARE IC B01: Internet Security Threat Report: How to Stay Protected SYMANTEC VISION 2013 34
Mac Malware Trend 10 new Mac families of malware in 2012 6 3 4 3 1 2007 2008 2009 2010 2011 2012 35
Mac Malware Only 2.5% of threats found on Macs are Mac malware 36
Flashback But in 2012 1 Mac Threat infected 600,000 Machines. 37
Thwarting Mac Attacks: Defense Advanced Reputation Security Endpoint Protection Layered Endpoint Protection Layered Network Protection Endpoint Protection Critical System Protection, Web Gateway, Managed Security Services Security Awareness Training Configuration & Patch Management Program Endpoint Management IC B01: Internet Security Threat Report: How to Stay Protected SYMANTEC VISION 2013 38
Summary TARGETED ATTACKS SPAM VULNERABILITIES MOBILE MALWARE MAC MALWARE 39
Upcoming Sessions You Won t Want To Miss: User Authentication & Beyond VIP: Citrix Today: 3:45pm Room 114 Best Practices for Server Protection: Ford & UHG Today: 5:00pm Room 114 Scaling the Information Security Program Maturity Curve: PwC & AARP Tomorrow: 9:00am Room 112 Symantec s Mobility Strategy & Roadmap Tomorrow: 9:00am Room 111 Roadmap: Symantec Endpoint Protection Tomorrow: 11:30am Room 119 Help! I Think I ve Been Hit with Malware Tomorrow: 1:00pm Room 112 40
Thank you! Piero DePaoli piero_depaoli@symantec.com @pierodepaoli +1 415 203 5991 http://go.symantec.com/istr Copyright 2013 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. IC B01: Internet Security Threat Report: How to Stay Protected 41