Global Intelligence Network – 63.8 Million Attack Sensors

Internet Security Threat Report

Symantec’s Internet Security Threat Report, released in April, covers an extensive range of cyber threats we need to be aware of and proactively manage including data security and privacy, threats from social media and email scams, the security pressures experienced from Internet of Things (IoT) and mobile devices, and much more. Thanks to Symantec’s Global Intelligence Network made up of over 63.8 million attack sensors and recording thousands of events per second, threat activity in over 157 territories is monitored. Furthermore, their comprehensive vulnerability database contains nearly 75,000 recorded vulnerabilities of the last 20 plus years including spam, phishing, and malware data.

In 2015, Symantec found malware up 36% from the previous year, logging 430 million new pieces of malware. Stated in the report, “As real life and online become indistinguishable from each other, cybercrime has become a part of our daily lives.”

Six Key Findings & Trends of 2015

With the following six threat and vulnerability discoveries noted as key findings of 2015, Symantec takes a broad look at the threat landscape.

  • Each week of 2015 saw the discovery of a new zero-day vulnerability. With a 125% increase from the previous year, zero-day Vulnerabilities allow advanced attack groups to profit from flaws in browser and website plugins.
  • More than half a billion personal records were lost or stolen in 2015. The largest data breach ever publicly reported occurred at the end of 2015 exposing 191 million records, but over the year, another eight mega-breaches (violations of above 10 million records) occurred. Adding insult to injury, more companies are now concealing the full extent of their data breaches, and this lack of transparency is only increasing security challenges.
  • Spear-phishing campaigns targeting employees rose by 55% last year. Attacks targeting businesses with fewer than 250 employees have steadily increased over the previous five years, and in 2015, financial companies or Government organizations targeted once were more likely to be targeted three more times again over the year.
  • Three-quarters of popular websites were found to have major security vulnerabilities. With web administrators struggling to stay current with patches, the general public is put at risk. Unfortunately, simply ensuring one uses a well-known and legitimate website is not enough to guarantee the security.
  • A 35% increase in ransomware was recorded in 2015. Using encryption against legitimate organizations, cyber criminals are holding hostage critical data in ever-evolving violations. Symantec believes this type of attack will continue to expand and trap network users beyond PCs, reaching users of smartphones, Mac, and Linux systems.
  • 100 million fake technical support scams were blocked by Symantec in 2015. As if the already pervasive scams were not enough, cybercriminals are scamming new victims into calling them through pop-ups which suggest serious errors or problems could be resolved by calling the stated 800 numbers. On connection, these scammers then attempt to sell worthless services to their victims.

Threats to Cloud Computing

Unfortunately, even cloud-hosted and virtualized systems are vulnerable, and Malware is able to search for virtualized environments and infect them. According to Symantec, 16% of malware is “routinely able to recognize and exploit a virtual machine environment.” Worse still, vulnerabilities such as VENOM allow attackers to break out of infected virtual machines and attack others on the same system. Due to the ever-increasing range of solutions cloud computing offers, and with the quantity of data held on the cloud expanding, attacks in this environment also multiply.

Symantec found that misconfigurations and poor management by users (not Service Providers) resulted in cloud-hosted systems being vulnerable to illicit access, and further unearthed 11,000 publicly accessible files. It’s also noted that stolen credentials for cloud-based systems are habitually sold on the black market at low costs. As asserted by Symantec, cloud services and virtual machines must be secured as thoroughly as all other services and devices with policies covering virtual as well as physical infrastructure. Because nothing is immune from cyber threats anymore, using integrated security tools across all platforms helps diminish future security problems, and Symantec encourages an investigative, clinical-study mindset that compels good digital hygiene, education of cybersecurity issues, and doesn’t tolerate cybersecurity risks.

By Jennifer Klostermann

Kaylamatthews

What Amazon’s Kendra Means for the AI and Machine Learning Future

Amazon's Kendra Learning Future Most people feel a bit astounded when they type a query into Google and get relevant results in milliseconds. They're probably not as impressed when using an enterprise search feature at ...
Aarti Parikh

What are the Capabilities of the AWS Serverless Platform?

AWS Serverless Platform AWS serverless compute services allow to build and deploy applications on AWS cloud without having to manage the servers. AWS serverless platform enables vendors to deploy cloud solutions without server provisioning, deploying, ...
Kokumai

How to Enhance Security of Digital Identity

Enhance Security of Digital Identity Introduction The subject of this article is a fragile digital identity built with a weak password, which makes a grave choke point of the cyber age. The word ‘password’ is ...
Ajay

Deep learning to avoid real time computation

Avoid real time computation “The underlying physical laws necessary for the mathematical theory of a large part of physics and the whole of chemistry are thus completely known, and the difficulty is only that the ...
Karen Gondoly

Lessons Learned When Moving to the Cloud

Moving to the Cloud Lessons At Leostream, we work with organizations around the globe that are moving workloads to the cloud. These organizations span a wide range of industries, vary in company size, and typically ...
Sangeeta Chhabra

Why ‘Cloud’ Should Be A Skill In This Age of Automation

The Age of Automation It is astonishing how the world around us is changing rapidly. More and more companies are now planning their move to the cloud and revamping their business models. Cloud computing has ...