Symantec Report Underscores Need to Protect Confidential Information
By any measure, 2008 was a banner year for cyber-criminals.
So says the latest Symantec Internet Security Threat Report, which provides a global view of the state of Internet security.
According to the report, issued in April, attackers released Trojan horses, viruses, and worms (collectively known as “malicious code”) at a record pace last year. Their primary target? Your confidential information.
Specifically, Symantec documented a staggering 1.6 million instances of malicious code on the Web in 2008. That compares with 624,267 instances in 2007.
Vincent Weafer, Symantec’s vice president of security content and intelligence, puts those numbers in perspective:
“Sixty percent of all the [malicious code] threats in the past 20 years came in the last 12 months alone,” Weafer told Reuters in a recent interview.
Weafer added that this explosive growth can be attributed to the increasing professionalism of malicious code development and to a well-organized underground economy specializing in the sale of stolen confidential data, particularly credit card and bank account credentials.
And there are no signs that these attacks will slow down anytime soon.
For midsize businesses like yours, the Symantec Threat Report offers hard evidence that the threat landscape is undergoing fundamental change. Continue reading to determine if your security practices provide sufficient protection against today’s increasingly complex threats.
How Web-based threats have changedThe latest Threat Report documents trends and threats that Symantec observed throughout all of 2008. It covers Internet threat activities, vulnerabilities, malicious code, phishing, spam and security risks, as well as future trends.
The report documents in detail how Web-based threats have not only become more widespread, they’ve also become increasingly sophisticated:
“The lengthy and complicated steps being pursued to launch successful Web-based attacks also demonstrate the increasing complexity of the methods used by attackers. While a single high-severity flaw can be exploited to fully compromise a user, attackers are now frequently stringing together multiple exploits for medium-severity vulnerabilities to achieve the same goal.”
Why is this development so important? Because in many cases you might be inclined to patch only high-severity vulnerabilities, while ignoring medium- and low-severity vulnerabilities. That could be a costly mistake because, more than ever before, attackers are zeroing in on lower-severity vulnerabilities to obtain confidential information, such as credit card and bank card information, bank account credentials, and other personal details.
Other key findingsAmong the other findings of the Threat Report, which is derived from data collected from millions of Internet sensors, first-hand research, and the monitoring of hacker communications:
- 90% of the threats that Symantec detected last year were aimed at stealing confidential information.
- The most popular item for sale in the underground economy in 2008 was credit card information, the report observed, adding that “the price for each card can be as low as 6 cents when they are purchased in bulk.”
- Phishing continued to grow in 2008. Symantec detected 55,389 phishing website hosts last year, an increase of 66% over 2007.
- The volume of spam also continued to grow. Over the past year, Symantec observed a 192% increase in spam detected across the Internet as a whole.
- By the end of 2008 more than 1 million computers were infected with the Conficker worm. This worm was able to spread rapidly across the Internet due to a number of advanced propagation mechanisms. (The number of Conficker infections worldwide grew to more than 3 million infected systems during the first quarter of 2009.)
How can your company achieve maximum protection against these threats, with ease?Symantec recommends that you employ defense-in-depth strategies, which emphasize multiple defensive systems to guard against single-point failures in any specific technology or protection method.
This is provided in our new suite, Symantec Protection Suite Enterprise Edition which enables you to leverage multiple security technologies for complete protection for sensitive data and systems. It creates an environment that is secure against today’s complex malware, data loss, and spam threats, and is quickly recoverable in the event of failure.