Wednesday, April 17, 2013

Symantec: Small Businesses Bigger Targets In Cyberattacks

The number of Cyber attacks on small business for the year increased by 3 times

Symantec has published an annual report on the Internet Security Threat (Internet Security Threat Report), whose data show a dramatic increase in the number of targeted attacks, the amount of which is only in the last year increased by 42%. These attacks are aimed at stealing intellectual property and are increasingly targeted at small businesses, who in the past year, 31% of all victims of such attacks. Small companies, representing the value in themselves, can also be the key to access to larger firms - their computer networks and systems may have additional access privileges to the senior partner in the business.

In addition, ordinary users will also remain vulnerable to viruses, hijackers and mobile threats, especially on the platform Android.

"From the report ISTR 2013 it is clear that cyber criminals are not going to reduce the rate of increase of cyber threats and have inventing new ways to steal information from individuals and organizations of all sizes. The sophistication of attacks multiplied by the complexity of modern IT, using technologies such as virtualization, mobile and cloud computing, forcing companies to take a more active role in improving the security of their information and use of technology "defense in depth" against modern threats, "- said Stephen Trilling Technology Director of Symantec.

The number of attacks on companies with fewer than 250 employees is growing and already accounts for 31% of all attacks, which is 3 times more than last year. While small companies do not usually consider themselves potential targets of targeted attacks, their customer and bank information, as well as their intellectual property are of interest intruders. Also, due to the lack the security infrastructure in the small companies, attackers often use them as a way to penetrate to their ultimate goal - a large corporation.

The number of web-based attacks in 2012 also increased by 30%. Their basis often become compromised websites, which are then carried out through attacks such as "watering hole". The essence of the method consists in the fact that hackers hack a website frequented by the chosen victim, and placed on it as a source of infection. After the victim comes to prepared for an attack hacked site on her computer secretly installs malicious software. A group of hackers Elderwood Gang was a pioneer in the application of such attacks - in 2012 just one day they managed to hit the system 500 organizations.

In 2012, interest has shifted from intruders public institutions and industrial enterprises. Symantec Experts believe that this is due to the growing number of attacks on supply chains - these are criminals of the most vulnerable and at the same time possessing valuable intellectual property. Most manufacturing companies across the supply chain attackers gain access to confidential information of larger companies. With this guide enterprises ceased to be the most common purpose for intruders - often the victims of such attacks are now becoming employees who work with information and have access to intellectual property (27%) and sales managers (24%).

In the past year, growth in the number of variations of malicious programs for mobile devices was 58%, while mobile threats involving the theft of information in general - 31%. We should not think that this is due to the 30% increase in the number of vulnerabilities in the mobile environment. The operating system iOS from Apple was the largest number of vulnerabilities found - 387, but there is only one threat. At the same time on the Android platform found only 13 vulnerabilities and threats - 103, more than any other mobile operating system. The market share of Android, the openness of the platform, as well as many ways to distribute applications to which can be embedded malicious code that make Android a perfect platform for virus writers.

In addition, 61% of all malicious web sites - they are legitimate sites that have been attacked and infected by malicious code. The five sites included infects pages dedicated to business and technology, as well as online stores. Symantec Experts attributed the success of these attacks with the presence of compromised websites unpatched vulnerabilities. First, attackers have used such sites to sell to unsuspecting users to fake anti-virus, then these methods have given way to programs-extortionists. Via compromised websites hackers infect users' computers and block work with them, demanding a ransom for the restoration of health. Another resource through which actively propagate malware, malware has become advertising - criminals legitimately buy advertising space on the Internet and use them to spread malicious code.


No comments:

Post a Comment