Even ads on legitimate websites can hide attack codes
The Symantec Internet Security Threat Report (ISTR) revealed a 42% global increase in cyberattacks in 2012. Commonly used in industrial espionage to steal valuable and confidential information, these attacks are increasingly hitting the manufacturing sector and small businesses. companies, which were the target of targeted attacks 31%.
The report also showed that one way to reach large companies is by using “watering hole” and that consumers remain vulnerable to Ransomware and mobile threats, particularly on the Android platform.
“This year's ISTR shows that cybercriminals are not slowing down and continue to devise new ways to steal information from organizations of all sizes. The sophistication of attacks, combined with the current complexity of IT – such as virtualization, mobility and cloud – require companies to remain proactive and use security measures with advanced defense to prevent attacks,” said André Carrareto, security strategist at Symantec for Brazil.
Main highlights of the report:
Targeted attacks with a specific objective are growing the most among companies with less than 250 employees. Small businesses now account for 31% of all attacks, a threefold increase compared to 2011. They target small businesses, which often lack adequate security practices and infrastructure.
Web-based attacks increased by 30% in 2012, many originating from compromised small business websites, both in mass cyberattacks and Watering Hole attacks, where an attacker infects a website from a small business, which is frequently visited by the victim of interest. When the victim accesses the compromised website, a targeted attack payload is silently installed on their computer. The Elderwood Gang pioneered this type of attack. In 2012, it managed to infect 500 organizations in a single day. In these scenarios, the criminal leverages one company's weak security to circumvent another company's potentially stronger security.
The manufacturing sector tops the list of target markets for attacks in 2012. Symantec believes the reason for this shift is the increase in supply chain targeting attacks, as for cybercriminals, contractors are more susceptible to attacks and often have possession of valuable intellectual property, gaining access to confidential information of a larger company. In 2012, the most common victims of these types of attacks were researchers (R&D) with access to intellectual property (27%) as well as sales professionals (24%).
Last year, mobile malware usage increased by 58%, with 32% of all mobile threats attempting to steal information such as email addresses and phone numbers. Despite Apple's iOS having more documented vulnerabilities, it had only one threat discovered during the same period. Android, in contrast, had fewer vulnerabilities but more threats than any other mobile operating system. Android's market share, its open platform, and the many methods available to distribute malicious apps make it the platform of choice for criminals.
Furthermore, 61% of malicious websites are actually legitimate websites that have been compromised and infected. Corporate, technology, and shopping websites were among the top five types of sites hosting infections. Symantec attributes this to unpatched vulnerabilities in legitimate websites. In years past, criminals targeted these sites to sell fake antivirus to unsuspecting consumers.
Ransomware is the malware of the moment due to its high profitability for criminals, who use compromised websites to infect unsuspecting users and block their machines, demanding a ransom to regain access.
Another growing source of website infections is malicious advertisements. Namely, when criminals buy advertising space on legitimate websites and use it to hide their attack code.
The report is based on data from the Symantec Global Intelligence Network, used by Symantec analysts to identify, analyze and provide commentary on emerging trends in attacks, malicious code activity, phishing and spam. To access full report information: www.symantec.com.br/istr.
EN 
PT 
