View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Vulnerabilities down but attacks up in 2011: Symantec

Security giant's internet security report reveals a huge increase in attacks aimed at mobile devices

By Steve Evans

Apple iPad
Devices like Apple’s iPad will be targeted

Symantec’s latest report into the state of internet security has revealed a huge increase in the number of malicious attacks during 2011, particularly those targeting mobile platforms.

The Internet Security Threat Report for 2011 revealed that while the number of vulnerabilities decreased by 20%, the number of malicious attacks increased by a massive 81% over 2010. Symantec blocked more than 5.5 billion malicious attacks in 2011, the security company says.

2011 also saw the number of unique malware variants rise to 403 million, while number of Web attacks blocked per day increased by 36%.

While the revelation that vulnerabilities have decreased by 20% may seem like good news, it seems that it is not having that much of an impact. Symantec says that cyber criminals are increasingly using easy to use and freely available toolkits to launch attacks aimed at existing vulnerabilities. This echoes what Imperva found when looking at the anatomy of an Anonymous attack.

The report also highlighted a huge increase in threats aimed at the mobile space, particularly at Google’s open source Android OS. Android does not place such tight controls of the apps uploaded to its App Store as Apple does, which means malicious apps are common.

Vulnerabilities on mobile devices increased 93% during 2011 and Symantec said last year represented the first year mobile malware presented a "tangible" threat to businesses and consumers.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

Cyber criminals are not only rehashing malware for mobile devices but also writing new mobile-specific malware, Symantec says. These include threats designed for activities including data collection, the sending of content and user tracking.

One of the central themes running throughout the recent InfoSec conference in London was the rise of targeted attacks, and Symantec’s report backs that up. 2011 saw the number of targeted attacks rise to 82 per day, up from 77 per day the year before.

Targeted attacks use social engineering to lure a specific person within a business into clicking links or opening files that contain malware. People are much more likely to click these links as they will not look like regular spam; instead they will be relevant to a person’s job or look like the link has been sent by a friend.

2011 saw targeted attacks diversify away from the traditional government target. Now more than half of the reported targeted attacks were aimed at organisations with fewer than 2,500 employees, and almost 18% targeted companies with fewer than 250 employees.

"These organisations may be targeted because they are in the supply chain or partner ecosystem of a larger company and because they are less well-defended. Furthermore, 58% of attacks target non-execs, employees in roles such as human resources, public relations and sales," the report stated.

These targets are chosen as a route into the company and because their details may be freely available online, the report added.

The report also looked at data breaches and the impact they had during 2011. On average each data breach exposed 1.1 million identities, well up on the previous year.

Hacking incidents posed the greatest threat, exposing 187 million identities in 2011, while the most frequent cause of data breaches was the loss of a computer or mobile device that contained sensitive information. Nearly 20 million identities were exposed that way, Symantec said.

Symantec warned that as the BYOD craze continues over the next few years, even more sensitive data will be stored on them, making smartphones and tablets an even more attractive target for cyber criminals.

"In 2011 cybercriminals greatly expanded their reach, with nearly 20% of targeted attacks now directed at companies with fewer than 250 employees," said Stephen Trilling, chief technology officer, Symantec.

"We’ve also seen a large increase in attacks on mobile devices, making these devices a viable platform for attackers to leverage in targeting sensitive data. Organisations of all sizes need to be vigilant about protecting their information," he added.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU