Η Symantec reveals its latest findings from Internet Security threat report ( ISTR ), το οποίο εξετάζει την τρέχουσα κατάσταση στο τοπίο των απειλών, με βάση την έρευνα και την ανάλυση τους, από την χρονιά που μας πέρασε.. Οι κύριες τάσεις της φετινής έκθεσης περιλαμβάνουν τη μεγάλη αύξηση των παραβιάσεων δεδομένων και τις στοχευμένες επιθέσεις, την εξέλιξη των κινητών malware, άλλα και των ransomware, και την πιθανή απειλή από το Internet of Things.
The year of major violations
While 2011 was considered by many as the "Year of Data Violation", the violations in 2013 far exceeded the previous years in size scale. For 2013, the number of data breaches increased by 62% from 2012, which translates to over 552 million. exposed identities last year - an increase of 368%. It was also the first year that the first eight data breaches resulted in the loss of tens of millions of identities - making it truly the year of the big data breaches. By comparison, only one data breach since 2012 claims this distinction.
Attackers target medium-sized businesses.
Symantec has long reported that small and medium-sized businesses (Media) are a key target for attackers, and this year was no exception to that trend. In 2013, SMBs collectively accounted for more than half of all targeted attacks at 61% – up from 50% in 2012 – with midsize businesses (2.500+ employees) seeing the biggest increase.
Attacks on businesses of all sizes increased, with an overall increase of 91% since 2012. Similar to the previous year, cybercriminals used watering hole and spear-phishing attacks to increase the effectiveness of their campaigns. However, spear-phishing attacks were down 23%, with cybercriminals relying less on emails forexport των επιθέσεων τους. Οι επιθέσεις watering hole επέτρεψαν στους επιτιθέμενους για να τρέξουν περισσότερες καμπάνιες με drive-by-downloads, με στόχο θύματα σε με μεγάλη επισκεψιμότητα. Οι προσπάθειες των επιτιθέμενων βοηθήθηκαν επίσης από μια αύξηση της τάξης του 61% σε zero-day vulnerabilities, which allowed them to create websites and infect their victims with little or no additional effort.
Government remained the main target (16% of all attacks). This year Symantec not only dealt with the volume of attacks, but also with what were the preferred targets and what are the chances that stood out. The bad news is that no one has had a good chance and everyone should be concerned about targeted attacks. However, looking at the odds we have some surprises. If you are an employee of a medium-sized mining company, you can consider yourself the "most wanted" list of attackers.
Mobile malware and madware invade consumer privacy
Too many download new applications on mobile devices without a second thought. Many malicious applications contain particularly annoying or unwanted features. Of the new malware threats written in 2013, 33% monitor users and 20% collect data from infected systems. 2013 also brought the first remote access tools (or RATs) for Android devices. RATs can monitor and make phone calls, read and send SMS messages, retrieve GPS coordinates from the device, activate and use the camera and microphone, and access stored files on the device. - and all this without the victim having realized the slightest thing.
Explosion in the development of Ransomware
Symantec had predicted that ransomware, the malware that locks computers and files, would increase rapidly in 2013. And it did. Ransomware had an explosive 500% increase over last year and remained a highly lucrative business for attackers, earning $ 100 to $ 500 from each successful ransom. The attackers began to hold the data hostage through high-end encryption and threatened to delete important information of the victim forever, if the ransom was not paid within a specified time.
The Future of Identity Theft. The Internet of Things
Over the past years we never heard of hacked refrigerators or a baby monitor through the WiFi camera. 2013 security researchers have shown that attacks on cars, security cameras, televisions and medical equipment are feasible. The refrigerator time has come. The Internet of Things (IoT) comes and the associated threats are sure to follow. In this year's report, the company reports on what it has seen so far, and says that all devices connected to the Internet have the greatest risk of being attacked by the router.
What will come next? With personal details and financial information stored on IoT devices, it is theme time before we see more home devices hacked. Right now, security is not a priority for most manufacturers and users of these devices, and it will likely take more security incidents before they take it seriously.
Symantec's Internet Security Threat Report is starting.
