These findings come a week after Symantec launched its Norton Secured Seal, combining the VeriSign checkmark with its Norton brand.
The 50-page report includes findings recovered from Symantec Global Intelligence Network, which is made up of more than 64.4 million attack sensors and records thousands of events per second. Its network monitors activity in more than 200 countries using Symantec product and services. Symantec says more than 8 billion email messages and more than 1.4 billion web requests are processed each day across its 15 data centers.
The number of unique malware variants increased by 41 percent, and the number of web attacks blocked per day increased by 36 percent. Symantec says that greater numbers of more widespread attacks employed advanced techniques like server-side polymorphism which enables attackers to generate an almost unique version of malware for each potential victim.
While the findings are interesting for any web hosting or cloud provider looking to harden systems against relevant security attack trends, the actual report package could be an example of how more reports will start to look in the future, as it supplements words with inforgraphics, includes a ebook for download as ePub, iPad, or Kindle format, as well as a podcast where Kevin Haley, director, security technology and response at Symantec shares an overview. From a marketing perspective, a report packaged this way could garner more traffic than a typical PDF report, and the comprehensive format may be something for web hosts to keep in mind next time they release a report.
Spam levels were on the decline in 2011, and the report shows a decrease of 20 percent in total new vulnerabilities discovered. According to the report, this could be due to the vast adoption of social networks as a propagation vector. Hackers are increasingly using social networks to target new victims. Decreases in spam were also due to the Rustock shutdown in March 2011. A recent report by email security firm eleven also notes the spam decline since Rustock was shutdown last year.
Targeted attacks that use social engineering and customized malware to gain unauthorized access to sensitive information are on the rise, Symantec says. While these types of attacks typically focus on governments and public sector organizations, half of targeted attacks in 2011 focused on companies with less than 2,500 employees, and 18 percent of attacks were focused on organizations with less than 250 employees. What may be of note to hosting providers, aside from upselling security services to SMB customers, is the fact that web hosts themselves could be in this category. Symantec says smaller companies are targeted as a “stepping stone” to larger organizations because they may be in the partner ecosystem.
“In 2011 cybercriminals greatly expanded their reach, with nearly 20 percent of targeted attacks now directed at companies with fewer than 250 employees,” Stephen Trilling, chief technology officer, Symantec said in a statement. “We’ve also seen a large increase in attacks on mobile devices, making these devices a viable platform for attackers to leverage in targeting sensitive data. Organizations of all sizes need to be vigilant about protecting their information.”
Mobile threats were an increasing trend, and mobile vulnerabilities increased by 93 percent in 2011. As more employees use their own mobile devices at work, some organizations are being lax in securing those devices. According to the report, while a stolen credit card goes for as little as $0.40, malware that sends premium SMS text messages can pay the author $9.99 for each text and victims not watching their phone bill could pay the cybercriminal countless times.
Talk back: Are you surprised by the trends outlined by Symantec’s research? What kind of measures have you put in place to protect clients from security breaches? Let us know in a comment.