ic b01: internet security threat report: how to stay...

IC B01: Internet Security Threat Report: How to Stay Protected 1

IC B01: Internet Security Threat Report: How to Stay Protected

Piero DePaoli Director, Product Marketing

SYMANTEC VISION 2013

Topics


Targeted Attacks 1

Spam Trends 2

Vulnerabilities 3

Mobile Trends 4

Mac Malware 5


TARGETED ATTACKS


SYMANTEC VISION 2013 IC B01: Internet Security Threat Report: How to Stay Protected

Targeted Attacks

in 2012

4

SYMANTEC VISION 2013 IC B01: Internet Security Threat Report: How to Stay Protected 5

Targeted Attacks by Industry

Manufacturing moved to top position in 2012

But all industries are targeted

1%

2%

2%

2%

8%

10%

12%

17%

19%

0% 5% 10% 15% 20% 25% 30%

Manufacturing

Finance, Insurance & Real Estate

Services – Non-Traditional

Government

Energy/Utilities

Services – Professional

Wholesale

Retail

Aerospace

Transportation, Communications, Electric, Gas

24%


Targeted Attacks by Company Size

Greatest growth in 2012 is at companies with <250 employees

Employees 2,501+

50% 2,501+ 50% 1 to 2,500

50%

1,501 to 2,500

1,001 to 1,500

501 to 1,000

251 to 500

1 to 250

18% in 2011

9%

2% 3%

5%

31%


Targeted Attacks by Job Function

R&D 27%

Senior 12%

C-Level 17%

Sales 24%

Shared Mailbox

13%

Recruitment 4%

Media 3% PA

1%

0%

5%

10%

15%

20%

25%

30%

Attacks may start with the ultimate target but often look opportunistically for any entry into a company


Targeted Attacks predominantly start as spear phishing attacks

In 2012, Watering Hole Attacks emerged (Popularized by the Elderwood Gang)

Send an email to a person of interest

Spear Phishing

Infect a website and lie in wait for them

Watering Hole Attack


Effectiveness of Watering Hole Attacks

Watering Hole attacks are targeted at specific groups

Can capture a large number of victims in a very short time

Infected 500 Companies

Watering Hole Attack in 2012

All Within 24 Hours


In 2013 this type of attack will become widely used

Several high profile companies fell victim to just such an attack

Recent Example of Watering Hole Attack


Watering Hole Targeted iOS Developers


In 2013 this type of attack will become widely used

Several high profile companies fell victim to just such an attack


Thwarting Targeted Attacks: Defense


Email Security.cloud, Messaging Gateway Web Security.cloud, Web Gateway

Encryption

Endpoint Protection, Critical System Protection

Data Loss Prevention

DeepSight

Managed Security Services

Email & Web Gateway Filtering

Encryption

Removable Media Device Control

Data Loss Prevention

Security Intelligence

Holistic Security Monitoring

Incident Preparedness & Response

12


SPAM TRENDS

Do I still need to worry about spam?

IC B01: Internet Security Threat Report: How to Stay Protected 13 13


Spam has declined for second year in a row (as % of email)

Botnet takedowns continue to have an affect


0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

Jan-11

Apr Jul Oct Jan-12

Apr Jul Oct

Global Spam Rates 2011-2012

Spam Decline

14

79% January 2011 69%

October 2012


Pharmaceutical Spam Decline


0%

10%

20%

30%

40%

50%

60%

70%

Jan-11

Apr Jul Oct Jan-12

Apr Jul Oct

Pharmaceutical Spam Rates 2011-2012

15


The Risk of Spam Continues


1 in 414 Emails are a phishing attack

1 in 283 Emails are a malware attack

of all email is spam

16


Thwarting Spam-borne Attacks: Defense



Endpoint Protection, Web Gateway Messaging Gateway, Email Security.cloud

Managed Security Services, Web Gateway, Critical System Protection

DeepSight

Messaging Gateway, Email Security.cloud Web Gateway, Web Security.cloud

Layered Endpoint Protection

Security Awareness Training

Advanced Reputation Security

Holistic Network Monitoring & Layered Defenses

Security Intelligence

Email & Web Gateway Filtering

17


VULNERABILITIES

18


Zero-Day Vulnerabilities

One group can significantly affect yearly numbers

Elderwood Gang drove the rise in zero-day vulnerabilities

2006 2007 2008 2009 2010 2011 2012 0

2

4

6

8

10

12

14

16

14 13

15

9

12

14

8

Total Volume

Stuxnet

4

2

3 4

Elderwood


All Vulnerabilities

0

1,000

2,000

3,000

4,000

5,000

6,000

7,000

No significant rise or fall in discovery of new vulnerabilities in last 6 years

2006 2007 2008 2009 2010 2011 2012

4,842

5,562

4,814

6,253

4,989 5,291

4,644


30% Increase in web attacks blocked…

190,370

2011 2012

247,350


Our Websites are Being Used Against Us

61%

of web sites serving malware are legitimate sites

25%

have critical vulnerabilities unpatched

53%

of legitimate websites have unpatched vulnerabilities

SYMANTEC VISION 2013 23

In 2012, one threat infected more than

1 million websites

The next time it’s likely to be ransomware

Internet Security Threat Report 2013 :: Volume 18

Our Websites are Being Used Against Us

Its payload was FakeAV

SYMANTEC VISION 2013 25


Ransomware


Average number of attacks seen from

one threat in 18 day period

Number of criminal gangs

involved in this cybercrime

Estimated amount extorted

from victims in 2012


Protecting Against Vulnerabilities: Defense

Endpoint Protection, Web Gateway Messaging Gateway, Email Security.cloud

Web Gateway, Web Security.cloud

Workspace Virtualization Mobile Management Suite


Website Security Solutions, Managed Security Services, Control Compliance Suite, Endpoint Management

Endpoint Management

Advanced Reputation Security

Layered Network Protection

Application Virtualization

Layered Endpoint Protection

Vulnerability Management Program

Configuration & Patch Management Program

27


MOBILE TRENDS

28


Android Malware Growth

Internet Security Threat Report 2013 :: Volume 18 29

0

20

40

60

80

100

120

140

160

180

200

Jan '11

Apr Jul Oct Jan '12

Apr Jul Oct

5,000

4,500

4,000

3,500

3,000

2,500

2,000

1,500

1,000

500

0

Cumulative Android Families 2011-2012

Cumulative Android Variants 2011-2012


Vulnerabilities & Mobile Malware

Today there is no significant link between mobile OS vulnerabilities and exploitation by malware

In the future that may change


Platform Vulnerabilities

Apple iOS 387

Android 13

Blackberry 13

Windows Mobile 2

Device Type # of Threats

Apple iOS Malware 1

Android Malware 103

Symbian Malware 3

Windows Malware 1


What Does Mobile Malware Do?


0% 5% 10% 15% 20% 25% 30% 35%

Reconfigure device

Adware/Annoyance

Send Content

Track User

Traditional Threats

Steal Information

Mobile Threats by Type

32%

25%

15%

13%

8%

8%


Information Stealing Malware

Android.Sumzand

1. User received email with link to download app

2. Steals contact information

3. Sends email promoting app to all contacts

32


Mitigating Mobile Threats


Mobile Management Suite

Validation & Identity Protection Service




Identity & Access

Content Security

Mobile Application Management

Device Management

Device Security


MAC MALWARE

34


Mac Malware Trend


1

3 4

3

6

2007 2008 2009 2010 2011 2012

10 new Mac families

of malware in 2012


Only 2.5% of threats found on

Macs are Mac malware

Mac Malware


Flashback

But in 2012

1 Mac Threat infected 600,000

Machines.


Thwarting Mac Attacks: Defense


Security Awareness Training

Critical System Protection, Web Gateway, Managed Security Services

Layered Network Protection

Endpoint Management Configuration & Patch Management Program

Endpoint Protection Advanced Reputation Security

Endpoint Protection Layered Endpoint Protection

38


Summary


TARGETED ATTACKS

SPAM

VULNERABILITIES

MOBILE MALWARE

MAC MALWARE


Upcoming Sessions You Won’t Want To Miss:


User Authentication & Beyond VIP: Citrix

Today: 3:45pm

Room 114

Symantec’s Mobility Strategy & Roadmap

Tomorrow: 9:00am

Room 111

Best Practices for Server Protection:

Ford & UHG

Today: 5:00pm Room 114

Roadmap: Symantec Endpoint Protection

Tomorrow: 11:30am

Room 119

Scaling the Information Security

Program Maturity Curve: PwC & AARP

Tomorrow: 9:00am

Room 112

Help! I Think I’ve Been Hit with

Malware

Tomorrow: 1:00pm Room 112

Thank you!

Copyright © 2013 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.


Piero DePaoli

[email protected]

@pierodepaoli

+1 415 203 5991

http://go.symantec.com/istr

mailto:[email protected]

mailto:[email protected]

ic b01: internet security threat report: how to stay...

Documents