ISTR 18: Making Sense of Some Big Numbers
Some of us are numbers people. We like nothing more than digging into a big batch of numbers. I confess I’m the other type of person. I still fumble around a spreadsheet and can’t add without the aid of a calculator. For numbers people the ISTR is a terrific document. This year’s report is 160 pages of numbers that do a pretty good job of describing the threat landscape. If you’re a numbers person, feel free to dig in to the full report. You can also check out highlights in this graphic.
If you’re like me, and not really a numbers person, then read on. I’ve bullied my way through the numbers so you don’t have to. Let me give you the highlights, some of the interesting correlations of numbers we’ve made and even a few insights the “numbers guys” might end up missing.
Targeted Attacks Are on the Rise
It seems like every week we hear of a big named company that’s been attacked. There is a reason for that— targeted attacks, meaning those attacks focused on specific organizations or individuals, rose 42 percent in 2012. These attacks are aimed at everyone in an organization, from the CEO down to the person reading a shared mailbox like email@example.com. In 2012, knowledge workers - people who work with sensitive company IP and sales employees were the most common targets – but, all employees are at risk.
Small Businesses Are in the Line of Fire
The end goal of cybercriminals is theft of information, often intellectual property that can be sold to competitors or otherwise monetized. And while larger businesses have a greater amount of information to steal, smaller companies also have intellectual property, including information given to them by large businesses with which they have relationships. Thirty-one percent of targeted attacks today are aimed at businesses with fewer than 250 employees. This is a significant threefold increase from 2011.
Poor Website Security Puts us all at Risk
Sixty-one percent of all websites propagating malware are legitimate sites. Using toolkits the bad guys are easily finding and exploiting poor patch management on legitimate websites. This is not driven by a rise in new vulnerabilities; the ISTR documents only a six percent increase in new vulnerabilities. It’s that 53 percent of legitimate websites have unpatched vulnerabilities. Even targeted attacks, traditionally launched via spear phishing, are taking advantage of this. In 2012 we saw the popularization of watering hole attacks, where attackers break into the websites that their targeted visit.
Mobile Threats Focus on the OS
Vulnerabilities likely will become a factor in mobile malware, but they were not in 2012. Apple’s iOS had the most documented vulnerabilities in 2012, but there was only one threat created for the platform. Compare this to the Android OS; although only 13 vulnerabilities were reported, it led all mobile operating systems in the amount of malware written for the platform. Today Android’s market share, the openness of the platform, and the multiple distribution methods available to applications embedded with malware make it the go-to platform of malware authors. And the amount of malware for mobile keeps going up. 2012 saw a 58 percent increase in mobile malware families compared to 2011.
There are more highlights—we’ve collected data and analyzed the 2012 trends on malware, spam, data breaches, hactivism, exploits, toolkits and half a dozen other security topics. I can’t cover them all in a single blog, so you’ll have to check out report for that. Sure there are a lot of numbers in the report, but it’s the best place to get the whole story of the threat landscape.