ic b01: internet security threat report: how to stay...
TRANSCRIPT
IC B01: Internet Security Threat Report: How to Stay Protected 1
IC B01: Internet Security Threat Report: How to Stay Protected
Piero DePaoli Director, Product Marketing
SYMANTEC VISION 2013
Topics
IC B01: Internet Security Threat Report: How to Stay Protected 2
Targeted Attacks 1
Spam Trends 2
Vulnerabilities 3
Mobile Trends 4
Mac Malware 5
SYMANTEC VISION 2013
TARGETED ATTACKS
IC B01: Internet Security Threat Report: How to Stay Protected 3
SYMANTEC VISION 2013 IC B01: Internet Security Threat Report: How to Stay Protected
Targeted Attacks
in 2012
4
SYMANTEC VISION 2013 IC B01: Internet Security Threat Report: How to Stay Protected 5
Targeted Attacks by Industry
Manufacturing moved to top position in 2012
But all industries are targeted
1%
2%
2%
2%
8%
10%
12%
17%
19%
0% 5% 10% 15% 20% 25% 30%
Manufacturing
Finance, Insurance & Real Estate
Services – Non-Traditional
Government
Energy/Utilities
Services – Professional
Wholesale
Retail
Aerospace
Transportation, Communications, Electric, Gas
24%
SYMANTEC VISION 2013 IC B01: Internet Security Threat Report: How to Stay Protected 6
Targeted Attacks by Company Size
Greatest growth in 2012 is at companies with <250 employees
Employees 2,501+
50% 2,501+ 50% 1 to 2,500
50%
1,501 to 2,500
1,001 to 1,500
501 to 1,000
251 to 500
1 to 250
18% in 2011
9%
2% 3%
5%
31%
SYMANTEC VISION 2013 IC B01: Internet Security Threat Report: How to Stay Protected 7
Targeted Attacks by Job Function
R&D 27%
Senior 12%
C-Level 17%
Sales 24%
Shared Mailbox
13%
Recruitment 4%
Media 3% PA
1%
0%
5%
10%
15%
20%
25%
30%
Attacks may start with the ultimate target but often look opportunistically for any entry into a company
SYMANTEC VISION 2013 IC B01: Internet Security Threat Report: How to Stay Protected 8
Targeted Attacks predominantly start as spear phishing attacks
In 2012, Watering Hole Attacks emerged (Popularized by the Elderwood Gang)
Send an email to a person of interest
Spear Phishing
Infect a website and lie in wait for them
Watering Hole Attack
SYMANTEC VISION 2013 IC B01: Internet Security Threat Report: How to Stay Protected 9
Effectiveness of Watering Hole Attacks
Watering Hole attacks are targeted at specific groups
Can capture a large number of victims in a very short time
Infected 500 Companies
Watering Hole Attack in 2012
All Within 24 Hours
SYMANTEC VISION 2013 IC B01: Internet Security Threat Report: How to Stay Protected 10
In 2013 this type of attack will become widely used
Several high profile companies fell victim to just such an attack
Recent Example of Watering Hole Attack
SYMANTEC VISION 2013
Watering Hole Targeted iOS Developers
IC B01: Internet Security Threat Report: How to Stay Protected 11
In 2013 this type of attack will become widely used
Several high profile companies fell victim to just such an attack
SYMANTEC VISION 2013
Thwarting Targeted Attacks: Defense
IC B01: Internet Security Threat Report: How to Stay Protected
Email Security.cloud, Messaging Gateway Web Security.cloud, Web Gateway
Encryption
Endpoint Protection, Critical System Protection
Data Loss Prevention
DeepSight
Managed Security Services
Email & Web Gateway Filtering
Encryption
Removable Media Device Control
Data Loss Prevention
Security Intelligence
Holistic Security Monitoring
Incident Preparedness & Response
12
SYMANTEC VISION 2013
SPAM TRENDS
Do I still need to worry about spam?
IC B01: Internet Security Threat Report: How to Stay Protected 13 13
SYMANTEC VISION 2013
Spam has declined for second year in a row (as % of email)
Botnet takedowns continue to have an affect
IC B01: Internet Security Threat Report: How to Stay Protected
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
Jan-11
Apr Jul Oct Jan-12
Apr Jul Oct
Global Spam Rates 2011-2012
Spam Decline
14
79% January 2011 69%
October 2012
SYMANTEC VISION 2013
Pharmaceutical Spam Decline
IC B01: Internet Security Threat Report: How to Stay Protected
0%
10%
20%
30%
40%
50%
60%
70%
Jan-11
Apr Jul Oct Jan-12
Apr Jul Oct
Pharmaceutical Spam Rates 2011-2012
15
SYMANTEC VISION 2013
The Risk of Spam Continues
IC B01: Internet Security Threat Report: How to Stay Protected
1 in 414 Emails are a phishing attack
1 in 283 Emails are a malware attack
of all email is spam
16
SYMANTEC VISION 2013
Thwarting Spam-borne Attacks: Defense
IC B01: Internet Security Threat Report: How to Stay Protected
Endpoint Protection, Critical System Protection
Endpoint Protection, Web Gateway Messaging Gateway, Email Security.cloud
Managed Security Services, Web Gateway, Critical System Protection
DeepSight
Messaging Gateway, Email Security.cloud Web Gateway, Web Security.cloud
Layered Endpoint Protection
Security Awareness Training
Advanced Reputation Security
Holistic Network Monitoring & Layered Defenses
Security Intelligence
Email & Web Gateway Filtering
17
SYMANTEC VISION 2013 IC B01: Internet Security Threat Report: How to Stay Protected 18
VULNERABILITIES
18
SYMANTEC VISION 2013 IC B01: Internet Security Threat Report: How to Stay Protected 19
Zero-Day Vulnerabilities
One group can significantly affect yearly numbers
Elderwood Gang drove the rise in zero-day vulnerabilities
2006 2007 2008 2009 2010 2011 2012 0
2
4
6
8
10
12
14
16
14 13
15
9
12
14
8
Total Volume
Stuxnet
4
2
3 4
Elderwood
SYMANTEC VISION 2013 IC B01: Internet Security Threat Report: How to Stay Protected 20
All Vulnerabilities
0
1,000
2,000
3,000
4,000
5,000
6,000
7,000
No significant rise or fall in discovery of new vulnerabilities in last 6 years
2006 2007 2008 2009 2010 2011 2012
4,842
5,562
4,814
6,253
4,989 5,291
4,644
SYMANTEC VISION 2013 IC B01: Internet Security Threat Report: How to Stay Protected 21
30% Increase in web attacks blocked…
190,370
2011 2012
247,350
SYMANTEC VISION 2013 IC B01: Internet Security Threat Report: How to Stay Protected 22
Our Websites are Being Used Against Us
61%
of web sites serving malware are legitimate sites
25%
have critical vulnerabilities unpatched
53%
of legitimate websites have unpatched vulnerabilities
SYMANTEC VISION 2013 23
In 2012, one threat infected more than
1 million websites
The next time it’s likely to be ransomware
Internet Security Threat Report 2013 :: Volume 18
Our Websites are Being Used Against Us
Its payload was FakeAV
SYMANTEC VISION 2013 IC B01: Internet Security Threat Report: How to Stay Protected 24
SYMANTEC VISION 2013 25
SYMANTEC VISION 2013
Ransomware
IC B01: Internet Security Threat Report: How to Stay Protected 26
Average number of attacks seen from
one threat in 18 day period
Number of criminal gangs
involved in this cybercrime
Estimated amount extorted
from victims in 2012
SYMANTEC VISION 2013 IC B01: Internet Security Threat Report: How to Stay Protected
Protecting Against Vulnerabilities: Defense
Endpoint Protection, Web Gateway Messaging Gateway, Email Security.cloud
Web Gateway, Web Security.cloud
Workspace Virtualization Mobile Management Suite
Endpoint Protection, Critical System Protection
Website Security Solutions, Managed Security Services, Control Compliance Suite, Endpoint Management
Endpoint Management
Advanced Reputation Security
Layered Network Protection
Application Virtualization
Layered Endpoint Protection
Vulnerability Management Program
Configuration & Patch Management Program
27
SYMANTEC VISION 2013 IC B01: Internet Security Threat Report: How to Stay Protected 28
MOBILE TRENDS
28
SYMANTEC VISION 2013
Android Malware Growth
Internet Security Threat Report 2013 :: Volume 18 29
0
20
40
60
80
100
120
140
160
180
200
Jan '11
Apr Jul Oct Jan '12
Apr Jul Oct
5,000
4,500
4,000
3,500
3,000
2,500
2,000
1,500
1,000
500
0
Cumulative Android Families 2011-2012
Cumulative Android Variants 2011-2012
SYMANTEC VISION 2013
Vulnerabilities & Mobile Malware
Today there is no significant link between mobile OS vulnerabilities and exploitation by malware
In the future that may change
IC B01: Internet Security Threat Report: How to Stay Protected 30
Platform Vulnerabilities
Apple iOS 387
Android 13
Blackberry 13
Windows Mobile 2
Device Type # of Threats
Apple iOS Malware 1
Android Malware 103
Symbian Malware 3
Windows Malware 1
SYMANTEC VISION 2013
What Does Mobile Malware Do?
IC B01: Internet Security Threat Report: How to Stay Protected 31
0% 5% 10% 15% 20% 25% 30% 35%
Reconfigure device
Adware/Annoyance
Send Content
Track User
Traditional Threats
Steal Information
Mobile Threats by Type
32%
25%
15%
13%
8%
8%
SYMANTEC VISION 2013 IC B01: Internet Security Threat Report: How to Stay Protected
Information Stealing Malware
Android.Sumzand
1. User received email with link to download app
2. Steals contact information
3. Sends email promoting app to all contacts
32
SYMANTEC VISION 2013
Mitigating Mobile Threats
IC B01: Internet Security Threat Report: How to Stay Protected 33
Mobile Management Suite
Validation & Identity Protection Service
Mobile Management Suite
Mobile Management Suite
Mobile Management Suite
Identity & Access
Content Security
Mobile Application Management
Device Management
Device Security
SYMANTEC VISION 2013 IC B01: Internet Security Threat Report: How to Stay Protected
MAC MALWARE
34
SYMANTEC VISION 2013
Mac Malware Trend
IC B01: Internet Security Threat Report: How to Stay Protected 35
1
3 4
3
6
2007 2008 2009 2010 2011 2012
10 new Mac families
of malware in 2012
SYMANTEC VISION 2013 IC B01: Internet Security Threat Report: How to Stay Protected 36
Only 2.5% of threats found on
Macs are Mac malware
Mac Malware
SYMANTEC VISION 2013 IC B01: Internet Security Threat Report: How to Stay Protected 37
Flashback
But in 2012
1 Mac Threat infected 600,000
Machines.
SYMANTEC VISION 2013
Thwarting Mac Attacks: Defense
IC B01: Internet Security Threat Report: How to Stay Protected
Security Awareness Training
Critical System Protection, Web Gateway, Managed Security Services
Layered Network Protection
Endpoint Management Configuration & Patch Management Program
Endpoint Protection Advanced Reputation Security
Endpoint Protection Layered Endpoint Protection
38
SYMANTEC VISION 2013
Summary
IC B01: Internet Security Threat Report: How to Stay Protected 39
TARGETED ATTACKS
SPAM
VULNERABILITIES
MOBILE MALWARE
MAC MALWARE
SYMANTEC VISION 2013
Upcoming Sessions You Won’t Want To Miss:
IC B01: Internet Security Threat Report: How to Stay Protected 40
User Authentication & Beyond VIP: Citrix
Today: 3:45pm
Room 114
Symantec’s Mobility Strategy & Roadmap
Tomorrow: 9:00am
Room 111
Best Practices for Server Protection:
Ford & UHG
Today: 5:00pm Room 114
Roadmap: Symantec Endpoint Protection
Tomorrow: 11:30am
Room 119
Scaling the Information Security
Program Maturity Curve: PwC & AARP
Tomorrow: 9:00am
Room 112
Help! I Think I’ve Been Hit with
Malware
Tomorrow: 1:00pm Room 112
Thank you!
Copyright © 2013 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
IC B01: Internet Security Threat Report: How to Stay Protected 41
Piero DePaoli
@pierodepaoli
+1 415 203 5991
http://go.symantec.com/istr