Here are a few interesting statistics and quotes from the Symantec Internet Security Threat Report 2013.
1. Healthcare, education, and government accounted for nearly two-thirds of all identities breached in 2012
2. The vast majority (88 percent) of reported data breaches were due to attacks by outsiders. But it is safe to assume that unreported data breaches outnumber reported ones.
3. Whether it is lost laptops, misplaced memory sticks, deliberate data theft by employees or accidents, the insider threat also remains high.
4. As expected, the amount of mobile malware in 2012 continues to rise. 2012 saw a 58 percent increase in mobile malware families compared to 2011.
5. Those jobs most targeted for attack in 2012 were knowledge workers who create the intellectual property that attackers want (27 percent of all targets in 2012) and those in sales (24 percent in 2012). Interest in targeting the CEO of an organization waned in 2012; those attacks decreased by 8 percent.
6. Fifty percent of mobile malware created in 2012 attempted to steal our information or track our movements.
7. Last year’s data made it clear that any business, no matter its size, was a potential target for attackers. This was not a fluke. In 2012, 50 percent of all targeted attacks were aimed at businesses with fewer than 2,500 employees. In fact, the largest growth area for targeted attacks in 2012 was businesses with fewer than 250 employees; 31 percent of all attacks targeted them.
8. In September, the FBI issued a warning to financial institutions that some DDoS attacks are actually being used as a “distraction.” These attacks are launched before or after cybercriminals engage in an unauthorized transaction and are an attempt to avoid discovery of the fraud and prevent attempts to stop it. In these scenarios, attackers target a company’s website with a DDoS attack. They may or may not bring the website down, but that’s not the main focus of such an attack; the real goal is to divert the attention of the company’s IT staff towards the DDoS attack. Meanwhile, the hackers attempt to break into the company’s network using any number of other methods that may go unnoticed as the DDoS attack continues in the background.
And here is the best one of all. I can say that to some extent Alvaka just helped a firm out of deep trouble with a situation similar to this:
· Creating successful targeted attacks requires attackers to learn about us. They will research our email addresses, our job, our professional interests, and even the conferences we attend and the websites we frequent. All of this information is compiled to launch a successful targeted attack. Once on our devices, the attacker’s tools are designed to pull as much data as possible. Undiscovered targeted attacks can collect years of our email, files, and contact information. These tools also contain the ability to log our keystrokes, view our computer screens, and turn on our computers’ microphones and cameras. Targeted attackers truly act as an Orwellian incarnation of Big Brother.