Symantec: Attacks On the Rise, But Spam and Botnets Down
New data shows familiar trends of good news and bad news, with some surprises.
This is the time of year when multiple security vendors publish their respective full-year 2011 security research reports. Today, Symantec released Volume 17 of its Internet Security Threat Report, which shows trends that mirror similar reports released in recent weeks by HP and Microsoft -- but with several new insights as well.
As other security vendors have reported, attack volume increased in 2011 even though the number of reported new vulnerabilities declined. According to Symantec's data, the number of attacks rose by 81 percent. (In contrast, HP reported an attack volume increase of just 11 percent.) Like HP, Symantec reported a 20 percent decline in the number of new vulnerabilities discovered in 2011.
Exploit kits have a lot to do with the rise in attacks, according to Symantec. Liam O Murchu, manager of operations at Symantec's North American security response center, told eSecurityPlanet that hackers have increasingly been making use of easy-to-use exploit kits in their attacks.
Murchu also noted that attackers are to a greater extent leveraging social media to help launch and execute attacks. Specifically, Murchu pointed to an increase in clickjacking-type attacks related to social networking sites. "If you click on a link in Facebook for example, [the action] can actually propogate [itself] and send messages to all of your friends without you realizing it," Murchu said.
Now the good news: The volume of spam declined in 2011 -- dropping to an average of 75.1 percent of all email in 2011, compared with 88.5 percent in 2010. According to Symantec, that's the lowest lowest level of spam seen in the past three years. The decline in spam is due in large part to the waning influence of spam-sending botnets, Murchu said. He pointed to the takedown of the Rustock botnet in 2011 as being a key contributor to the decline of spam.
Data Breaches On the Rise
More than 232 million identities were exposed during 2011, with an average of 1.1 million identities stolen per data breach, according to Symantec's data. In 34 percent of cases, the data breaches were related to the loss or theft of a device -- but those types of breaches tended to be smaller in scope, Murchu said.
"We see that hacking attacks are really where the vast majority of identities are taken," Murchu said. In fact, more than 80 percent of lost identities were caused by hacking attacks, according to Symantec's research.
Although Symantec did not release a breakdown of attack vectors responsible for data breaches, Murchu noted that SQL injection continues to be a prime contributor. He also cited the rise in hacktivism as being a key factor in breaches, a finding that was echoed bu Verizon earlier this year: Released in March, Verizon's Breach Report reported that hacktivists were responsible for 58 percent of all data stolen in 2011.
Mobile Threats Set to Grow in 2012
In 2011, mobile attacks rose by 93 percent and it's a trend that will only grow in the year ahead.
Murchu explained that Symantec recently was able to get access to a hacker group's server. Part of their findings: Mobile attacks have a substantial economic incentive.
"We found out that via sending premium rate text messages [from unsuspecting users], the attack author would have been able to make about a million dollars a year," Murchu said. "That's comparable to what attackers can make on other operating systems like Windows, so we expect the economic model to mature on mobile and we expect more attacks."