So the 2014 Internet Security Threat Report (volume 19) is now available from Symantec, which as per findings from other vendors, highlights just how much the threat landscape increased last year.
It is officially the year of the Mega Breach, both with the numbers of records and identities exposed, as well as the total number of vulnerabilities, increases in ransomware, malware and targeted attacks.
Key findings from the report include:
- The total number of breaches in 2013 increased by 62%, with 8 of the breaches exposing more than 10 million identities
- In total over 552 million identities were exposed via breaches in 2013, up by 493%!
- 23 zero-day vulnerabilities were discovered, more than any other year Symantec has tracked
- Ransomware attacks, such as Cryptolocker grew by 500%
- There was a 91% increase in targeted attack campaigns in 2013 (such as spear phishing), with 1 in 392 emails contain a phishing attack
- 38% of mobile users have experienced mobile cybercrime in past 12 months
- Spam volume dropped to 66% of all email traffic
- Web-based attacks are up 23%, with 1 in 8 legitimate websites having a critical vulnerability, and now with the news of the latest Heartbleed bug, which affects 2/3 of the internet’s web servers, this will be much larger for 2014. You can find everything you need to know on Heartbleed here.
But it’s not all bad news, Symantec made some great headway against botnets, with the shutdown of the ZeroAccess botnet, dropping the total by 33%.
So should you be worried? You betcha! 2014 is already shaping out to be larger than 2013, and if you are still thinking ‘these attacks wont happen to me’ you’re kidding yourself.
You should be especially worried if you are an executive/personal assistant. Why are they number 1? Attackers know that PA’s/EA’s have a very high level of access on most networks (to cater to the senior management they support), are extremely busy, and susceptible to social engineering attacks.
If we look at the top words used in spear phishing campaigns we can see ‘re’, ‘order’ and ‘payment’ are number 1, as well as the other oldies, yet goodies below.
What can you do as an organisation? Read the report, familiarise yourself with the current threat landscape, and start taking your I.T security very seriously. Start budgeting for next financial year, at a minimum you should look to have a penetration test performed, as well as ensure that your staff are receiving frequent awareness training. Bring on the Verizon report, which isn’t too far away!
Till next time…