Symantec Internet Security Threat Report Summary

Tuesday, May 01, 2012



Symantec has released their annual Internet Security Threat Report, a comprehensive examination of a wide variety of online-based threats.

The data was collected through the company's Symantec Global Intelligence Network which monitors malicious activity in over two-hundred countries utilizing 64.6 million
attack sensors and a variety of of security products the company maintains.

The report also draws on a database of 47,662 known vulnerabilities for over forty-thousand products produced by nearly sixty-thousand vendors.

"These resources give Symantec’s analysts unparalleled sources of data with
which to identify, analyze, and provide informed commentary on emerging
trends in attacks, malicious code activity, phishing, and spam,"
the report states.

While the number of vulnerabilities has decreased significantly, the report notes an 81% increase in detected attacks and predicts this upward trend to continue through 2012.

The company also measured a marked decrease in overall spam levels, which it believes had little effect due to a shift towards the use of Social Networks as attack vectors.

"Spam levels fell considerably and the report shows a decrease in total new vulnerabilities discovered (-20%). These statistics compared to the continued growth in malware paint an interesting picture. Attacks are rising, but the number of new vulnerabilities is decreasing. Unfortunately, helped by toolkits, cyber criminals are able to efficiently use existing vulnerabilities. The decrease in Spam - another popular and well known attack vector did not impact the number of attacks."

The increased use of sophisticated polymorphic malware variants was cited as a factor in the increase in malware signatures and overall attacks. These forms of malicious code slightly modifies its code every time the malware is downloaded, making it more difficult to detect when examined by traditional signature-based antivirus software defenses.

"In addition to the 81% surge in attacks, the number of unique malware variants also increased by 41% and the number of Web attacks blocked per day also increased dramatically, by 36%. Greater numbers of more widespread attacks employed advanced techniques, such as server-side polymorphism to colossal effect. This technique enables attackers to generate an almost unique version of their malware for each potential victim," Symantec reports.

The report also notes an increase in the rate of targeted attacks against entities of all sizes, and notes that it is not merely the executive level that is the main focus of these operations.

"The report data also showed that targeted threats are not limited to the Enterprises and executive level personnel. 50% of attacks focused on companies with less than 2500 employees, and 18% of attacks were focused on organizations with less than 250 employees. It’s possible that smaller companies are now being targeted as a stepping stone to a larger organization because they may be in the partner ecosystem and less well-defended. Targeted attacks are a risk for businesses of all sizes – no one is immune to these attacks," the report states.

Other highlights of the report include:

  • A 93.3% increase in mobile device vulnerabilities over 2010 levels
  • An increase in threats posed by the targeting of SSL Certificate Authorities and Transport Layer Security (TLS) vulnerabilities
  • Hacking attacks exposing 187.2 million of the total 232.4 million identities exposed due to data breaches in 2011
  • A decrease in email spam levels from 88.5% of all email in 2010 to 75.1% in
    2011, probably due to botnet takedowns

The full Symantec Internet Security Threat Report can be found here:


Possibly Related Articles:
SPAM malware Vulnerabilities Symantec Attacks Exploits Headlines hackers Targeted Attacks Internet Security Threat Report
Post Rating I Like this!
Marc Quibell "the report notes an 81% increase in detected attacks "

We got better at detecting attacks? More sensors than last year...etc?
Marc Quibell And then further into the article .."In addition to the 81% surge in attacks"

Which is it? A surge in detection or a 81% surge of attacks?
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.