shutterstock_398268808

Global Intelligence Network – 63.8 Million Attack Sensors

Internet Security Threat Report

Symantec’s Internet Security Threat Report, released in April, covers an extensive range of cyber threats we need to be aware of and proactively manage including data security and privacy, threats from social media and email scams, the security pressures experienced from Internet of Things (IoT) and mobile devices, and much more. Thanks to Symantec’s Global Intelligence Network made up of over 63.8 million attack sensors and recording thousands of events per second, threat activity in over 157 territories is monitored. Furthermore, their comprehensive vulnerability database contains nearly 75,000 recorded vulnerabilities of the last 20 plus years including spam, phishing, and malware data.

In 2015, Symantec found malware up 36% from the previous year, logging 430 million new pieces of malware. Stated in the report, “As real life and online become indistinguishable from each other, cybercrime has become a part of our daily lives.”

Six Key Findings & Trends of 2015

cloud-security

With the following six threat and vulnerability discoveries noted as key findings of 2015, Symantec takes a broad look at the threat landscape.

  • Each week of 2015 saw the discovery of a new zero-day vulnerability. With a 125% increase from the previous year, zero-day vulnerabilities allow advanced attack groups to profit from flaws in browser and website plugins.
  • More than half a billion personal records were lost or stolen in 2015. The largest data breach ever publicly reported occurred at the end of 2015 exposing 191 million records, but over the year, another eight mega-breaches (violations of above 10 million records) occurred. Adding insult to injury, more companies are now concealing the full extent of their data breaches, and this lack of transparency is only increasing security challenges.
  • Spear-phishing campaigns targeting employees rose by 55% last year. Attacks targeting businesses with fewer than 250 employees have steadily increased over the previous five years, and in 2015, financial companies or government organizations targeted once were more likely to be targeted three more times again over the year.
  • Three-quarters of popular websites were found to have major security vulnerabilities. With web administrators struggling to stay current with patches, the general public is put at risk. Unfortunately, simply ensuring one uses a well-known and legitimate website is not enough to guarantee the security.
  • A 35% increase in ransomware was recorded in 2015. Using encryption against legitimate organizations, cyber criminals are holding hostage critical data in ever-evolving violations. Symantec believes this type of attack will continue to expand and trap network users beyond PCs, reaching users of smartphones, Mac, and Linux systems.
  • 100 million fake technical support scams were blocked by Symantec in 2015. As if the already pervasive scams were not enough, cybercriminals are scamming new victims into calling them through pop-ups which suggest serious errors or problems could be resolved by calling the stated 800 numbers. On connection, these scammers then attempt to sell worthless services to their victims.

Threats to Cloud Computing

Unfortunately, even cloud-hosted and virtualized systems are vulnerable, and malware is able to search for virtualized environments and infect them. According to Symantec, 16% of malware is “routinely able to recognize and exploit a virtual machine environment.” Worse still, vulnerabilities such as VENOM allow attackers to break out of infected virtual machines and attack others on the same system. Due to the ever-increasing range of solutions cloud computing offers, and with the quantity of data held on the cloud expanding, attacks in this environment also multiply.

cyber-security

(Image Source: Shutterstock)

Symantec found that misconfigurations and poor management by users (not service providers) resulted in cloud-hosted systems being vulnerable to illicit access, and further unearthed 11,000 publicly accessible files. It’s also noted that stolen credentials for cloud-based systems are habitually sold on the black market at low costs. As asserted by Symantec, cloud services and virtual machines must be secured as thoroughly as all other services and devices with policies covering virtual as well as physical infrastructure. Because nothing is immune from cyber threats anymore, using integrated security tools across all platforms helps diminish future security problems, and Symantec encourages an investigative, clinical-study mindset that compels good digital hygiene, education of cybersecurity issues, and doesn’t tolerate cybersecurity risks.

By Jennifer Klostermann

Jennifer Klostermann

Jennifer Klostermann is an experienced writer with a Bachelor of Arts degree majoring in writing and performance arts. She has studied further in both the design and mechanical engineering fields, and worked in a variety of areas including market research, business and IT management, and engineering. An avid technophile, Jen is intrigued by all the latest innovations and trending advances, and is happiest immersed in technology.

CONTRIBUTORS

What is shadow IT?

How to Make the Move to the Cloud Securely

Move to the Cloud Securely The 2016 Enterprise Cloud Computing Survey from IDG offers multiple interesting insights concerning the state ...
How Big Data Can Empower Native Ads

How Big Data Can Empower Native Ads

Empower Native Ads The realm of big data is expanding an astonishing rate, and its presence can be felt across ...
What’s Next In Cloud And Data Security For 2017?

What’s Next In Cloud And Data Security For 2017?

Cloud and Data Security It has been a tumultuous year in data privacy to say the least – we’ve had ...
Cloud Services Are Vulnerable Without End-To-End Encryption

Cloud Services Are Vulnerable Without End-To-End Encryption

End-To-End Encryption The growth of cloud services has been one of the most disruptive phenomena of the Internet era.  However, ...
10 Ways The Enterprise Can Prevent Data Leaks In The Cloud

10 Ways The Enterprise Can Prevent Data Leaks In The Cloud

Prevent Data Leaks In The Cloud More companies are turning to the cloud for storage. In fact, over 60 percent ...
Countdown to GDPR: Preparing for Global Data Privacy Reform

Countdown to GDPR: Preparing for Global Data Privacy Reform

Preparing for Global Data Privacy Reform Multinational businesses who aren’t up to speed on the regulatory requirements of the European ...
Chris Gerva

Why Containers Can’t Solve All Your Problems In The Cloud

Containers and the cloud Docker and other container services are appealing for a good reason - they are lightweight and ...
Two 2017 Trends From A Galaxy Far, Far Away

Two 2017 Trends From A Galaxy Far, Far Away

Reaching For The Stars People who know me know that I’m a huge Star Wars fan. I recently had the ...
As Enterprises Execute Their Digital Strategies, New Multi-cloud Landscape Emerge

As Enterprises Execute Their Digital Strategies, New Multi-cloud Landscape Emerge

The Multi-cloud Landscape The digital universe is expanding rapidly, and cloud computing is building the foundation for almost infinite use ...
Achieving Network Security In The IoT

Achieving Network Security In The IoT

Security In The IoT The network security market is experiencing a pressing and transformative change, especially around access control and ...

NEWS

email as a service

Google Data Analysis, Artificial Intelligence and Predicting Vaccine Scares

Social media trends can predict tipping points in vaccine scares Analyzing trends on Twitter and Google can help predict vaccine ...
Deloitte TMT Predictions: Machine Learning Deployments, On-Demand Content and Live Events Will Continue to Drive Growth

Deloitte TMT Predictions: Machine Learning Deployments, On-Demand Content and Live Events Will Continue to Drive Growth

NEW YORK, Dec. 12, 2017 /PRNewswire/ -- Deloitte forecasts double digital growth in machine learning deployments for the enterprise, an increasing worldwide ...
Hackers shut down infrastructure safety system in attack: FireEye

Hackers shut down infrastructure safety system in attack: FireEye

Hackers shut down infrastructure safety system (Reuters) - Hackers likely working for a nation-state recently penetrated the safety system of ...