Here are a few interesting statistics and quotes from the Symantec
Internet Security Threat Report 2013.
1. Healthcare, education, and
government accounted for nearly two-thirds of all identities breached in 2012
2. The vast majority (88 percent)
of reported data breaches were due to attacks by outsiders. But it is safe to
assume that unreported data breaches outnumber reported ones.
3. Whether it is lost laptops,
misplaced memory sticks, deliberate data theft by employees or accidents, the
insider threat also remains high.
4. As expected, the amount of
mobile malware in 2012 continues to rise. 2012 saw a 58 percent increase in
mobile malware families compared to 2011.
5. Those jobs most targeted for
attack in 2012 were knowledge workers who create the intellectual property that
attackers want (27 percent of all targets in 2012) and those in sales (24
percent in 2012). Interest in targeting the CEO of an organization waned in
2012; those attacks decreased by 8 percent.
6. Fifty percent of mobile malware
created in 2012 attempted to steal our information or track our movements.
7. Last year’s data made it clear
that any business, no matter its size, was a potential target for attackers.
This was not a fluke. In 2012, 50 percent of all targeted attacks were aimed at
businesses with fewer than 2,500 employees. In fact, the largest growth area for
targeted attacks in 2012 was businesses with fewer than 250 employees; 31
percent of all attacks targeted them.
8. In September, the FBI issued a
warning to financial institutions that some DDoS attacks are actually being
used as a “distraction.” These attacks are launched before or after
cybercriminals engage in an unauthorized transaction and are an attempt to
avoid discovery of the fraud and prevent attempts to stop it. In these scenarios, attackers target a
company’s website with a DDoS attack. They may or may not bring the website
down, but that’s not the main focus of such an attack; the real goal is to
divert the attention of the company’s IT staff towards the DDoS attack.
Meanwhile, the hackers attempt to break into the company’s network using any
number of other methods that may go unnoticed as the DDoS attack continues in
here is the best one of all. I can say
that to some extent Alvaka just helped a firm out of deep trouble with a
situation similar to this:
successful targeted attacks requires attackers to learn about us. They will
research our email addresses, our job, our professional interests, and even the
conferences we attend and the websites we frequent. All of this information is
compiled to launch a successful targeted attack. Once on our devices, the
attacker’s tools are designed to pull as much data as possible. Undiscovered
targeted attacks can collect years of our email, files, and contact
information. These tools also contain
the ability to log our keystrokes, view our computer screens, and turn on our
computers’ microphones and cameras. Targeted attackers truly act as an
Orwellian incarnation of Big Brother.