Hacking attacks, phishing, spam and other network security threats have become everybody’s problem. A recent white paper from Symantec, the world’s leading security software provider, highlights recent trends while revealing the results of its Website Security Threat Report for 2013. We’ve reviewed their paper, and today share a few of its key highlights and cautions – ones every executive would do well to recognize. These insights were culled from its Global Intelligence Network with its 69 million “attack sensors” recording thousands of events per second.
First and foremost, the report notes that “small businesses are the path of least resistance for attackers.” Last year, 50% of all attacks were aimed at businesses with under 2,500 employees. Worse still for our SMB clients, companies with fewer than 250 employees were the fastest growing segment, with nearly one-third of all attacks coming against small businesses.
More troubling, Symantec surveys indicate that small businesses think they are immune to attacks. But as they note, money stolen from a small business is just as easy to spend as money stolen from a large business. Moreover, small businesses are more likely to become pawns, or proxies, for attacks on others. These can create massive attacks that worsen the likelihood of attack for all of us.
More recently a trend called a “watering hole” has been seen in the sector: this is where an attacker compromises the website of a small business, and hijacks it so future visitors can be infected. It’s all about using the leverage of weak security at one entity to defeat the strong security of another.
The ultimate goal of attackers and so-called phishers is to make money. And they’re expanding rapidly into mobile. Symantec notes that 50% of mobile malware created last year attempted to steal our information or track our movements. They want to learn our banking information, the phone numbers and addresses of friends, and our personal information.
This has led to targeted attacks, where attackers make a point of actually researching us, to learn more about us – thus upping the success rate of a targeted threat. They can collect years of emails, files and contact information, unknown to naïve users.
Symantec also notes in its report that so-called “zero day” vulnerabilities are trending upwards, whether they be one-time attacks or multiple zero-day exploits. Stuxnet is probably the best known of these.
Finally they note that “attribution is never easy.” Some attackers make no attempt to stay undetected. This has proven particularly true in the Middle East where malware creators set out to wipe computer hard drives of energy companies, for example. Other times, proving attribution and motive are harder, even when someone claims responsibility. Recently, the FBI warned financial institutions that some denial of service attacks were actually being created as a “distraction,” launched just before or after cybercriminals engage in an unauthorized transaction, an attempt to avoid discovery of their fraud.
The bottom line is that security threats are growing, both in numbers and sophistication. Up to date security software has become essential for all of us, even as the attackers become more sophisticated in this, the ultimate cat and mouse game.