IT-Risk-Management Highlights of Symantec Internet ...aggrimm/teaching/2015ss/IT... · Symantec...

1

Seite 1

/39© R. Grimm 1

Rechner (Hosts)

Pysikalische Netze(Subnets)

Router

IT-Risk-Management

Highlights of Symantec Internet Security Threat Report (ISTR)

�

R. GrimmInstitut für Wirtschafts- und Verwaltungsinformatik

Universität Koblenz

/39© R. Grimm 2

Inhaltsübersicht

1. ISTR 9, 2005 II2. ISTR 10, 2006 I3. ISTR 11, 2006 II4. ISTR 12, 2007 I5. ISTR 13, 2007 II6. ISTR 14, 2008

7. ISTR No. 15, 2009, published April 2010

8. ISTR No. 16, 2010, published April 20119. ISTR No. 17, 2011, published April 201210. ISTR No. 19, 2013, published April 2014

2

Seite 2

/39© R. Grimm 3

Risikoüberblick Symantec, 2009 (1)

Symantec ISTR No. 15, HighlightsReporting period: Jan-Dec 2009

• Threat activity trends:• USA top country with 23% of all attack origin (-25%)• The education sector accounted for 20% of data breaches that could lead

to identity theft (-27%)• Theft or loss of computer or other data-storage medium made up 37% of

all data breaches that could lead to identity theft (-48%)• The financial sector top sector for identities exposed, accounting for 60%

of the total (+29%)• An average of 46,541 active bot-infected computers per day in 2008

(-38%)• Taipei the city with the most bot-infected computers (5% of all worldwide;

2007/I: Beijing, 2007/II: Madrid, 2008: Buenos Aires)• USA again the country most frequently targeted by denial-of-service

attacks in 2009 (56% of the worldwide total / +51%)

More details, graphics, and full report at:b-whitepaper_internet_security_threat_report_xv_04-2010.en-us.pdf [23.3.2011]

/39© R. Grimm 4



• Vulnerabilities:• 4,501 vulnerabilities in 2009 (-18%, 5,491 in 2008)• Browsers: Mozilla Firefox affected by 169 new vulnerabilities

Apple Safari 94, IE 45, Google Chrome 41, Opera 25• Browsers: Apple Safari longest window of exposure (13 days),• IE, Firefox, Opera shortest window (<1 day) – time between exploit code

and patch

• Vulnerabilities affected mostly Web applications• 321 (415) vulnerabilities in Web browser plug-ins• 134 (287) of plug-in vulnerabilities affected ActiveX for Internet Explorer• Twelve zero-day vulnerabilities (2008: 9)

3

Seite 3

/39© R. Grimm 5



• Malicious code trends:• 2,895,802 new malicious code signatures (+71%)• Of the top ten new malicious code families:

6 trojans, 2 worms with back door, 1 simple worm, 1 virus• Trojans made up 51% of the volume of the top 50 malicious code (-68%)• Threats with keystroke-logging capacity made up 68% of confidential

information (+76%) • 72% (2008: 66%) of malicious code propagated through executable file

sharing (2007: e-mail was the most frequent propagation mechanism)

/39© R. Grimm 6



• Phishing:• 59,526 phishing website hosts (+7% vs. 2008: 55,389)• Financial services sector top target for phishing attacks (74% vs. 29%

2008)

• Credit card information was most advertised item for sale on underground economy servers (19% of all goods and services; 2008: 32%)

• USA top country for phishing hosts (36% of all hosts, 2008: 43%)• 5 top phishing toolkits responsible for 23% of all phishing attacks

4

Seite 4

/39© R. Grimm 7



• Spam:• 2008: 349.6 billion Spam messages (+192%, 2007: 119.6 billion)

2009: no numbers• Spam made up 88% of all e-mail traffic (2008: no numbers, 2007: 66%)

• Bot networks responsible for the distribution of 85% of all spam e-mail (2008: 90%)

• 23% of all spam originated in the U.S.A. (2008: 42%)• 29% of all spam is related to Internet-related goods (2008: 24%)

/39© R. Grimm 8

Inhaltsübersicht

1. ISTR 9, 2005 II2. ISTR 10, 2006 I3. ISTR 11, 2006 II4. ISTR 12, 2007 I5. ISTR 13, 2007 II6. ISTR 14, 20087. ISTR No. 15, 2009, published April 2010


9. ISTR No. 17, 2011, published April 201210. ISTR No. 19, 2013, published April 2014

5

Seite 5

/39© R. Grimm 9

Risikoüberblick Symantec, 2010/11 (1)

Symantec ISTR No. 16, HighlightsReporting period: Jan-Dec 2010, published April 2011- page 4

• 3 Billion (109) attacks in 2010

• Main theme: Stuxnet– Computer Worm

– Manipulates power frequency converter

– Climate technology, water and nuclear power plants

– Attack on Iran nuclear program!

More details, graphics, and full report at: http://go.symantec.com/istr [19.4.2012]

/39© R. Grimm 10


Symantec ISTR No. 16, HighlightsReporting period: Jan-Dec 2010, published April 2011- page 3, and „Executive Summary“, pp. 4-5

• Five recurring themes:

• Targeted attacks (Stuxnet)• Social Networks (social engineering)• Hide and Seek (zero day and rootkits)• Attack kits (tools ready for use)• Mobile threats (163 vulnerabilities in 2010, no ROI yet)

6

Seite 6

/39© R. Grimm 11



• The year 2010 in numbers (1)

• 93% increase in Web attacks– Shortened URL, esp. in SN

• 260,000 identities exposed for theft of personal data• 42% increase in mobile vulnerabilities

– Security researchers, cyber criminals, no ROI yet– 115 (2009) to 163 (2010)

• 6,253 new vulnerabilities in 2010 (161% over 2009)• 14 new zero-day vulnerabilities

– in IE, Adobe Reader, Adobe Flash Player, Industry Control (Stuxnet)– Stuxnet: 4 zero-day vulnerabilities

/39© R. Grimm 12



• The year 2010 in numbers (2)

• 74% of all Spam on pharmaceutical products• Large Botnets

– Rustock (> 1M bots), Grum and Cutwail (hundred Ts of bots)

• Underground price for Botnet: 10.000 bots for $15• Underground price for credit cards

– 0.07–100 $ for each stolen credit card number

7

Seite 7

/39© R. Grimm 13


Symantec ISTR No. 16, HighlightsReporting period: Jan-Dec 2010, published April 2011- page 7 ff.

• Targeted attacks: – Propagation mechanisms, p. 7– Causes for identity exposition

to steal personal info, p. 8

• Attack kits:– Types, p.12– Number of Web-based attacks/month, p. 13

• Mobile threats– Pjapps installation screen, p. 16

/39© R. Grimm 14

Inhaltsübersicht

1. ISTR 9, 2005 II2. ISTR 10, 2006 I3. ISTR 11, 2006 II4. ISTR 12, 2007 I5. ISTR 13, 2007 II6. ISTR 14, 20087. ISTR No. 15, 2009, published April 20108. ISTR No. 16, 2010, published April 2011



8

Seite 8

/39© R. Grimm 15

Symantec,Internet Security Threat Report 2011/12 (1)

Symantec ISTR No. 17, 2011 Trends,Reporting period: Jan-Dec 2011, published April 2012

• 2011 In Numbers, pp. 9-11

• Executive Summary, pp. 12-13

• Industrial Espionage, pp. 14-19

• Data Breaches and Attacks on Trust Infrastructures, pp. 20-24

• Mobile Computing and Clouds, pp. 25-28

• Spam, pp. 29-31

• Malicious Code, pp. 32-39

• Exploits and Zero-Day Attacks, pp. 39-42

• View on 2012, p. 43

• Best Practice Guidelines, pp. 44-47

/39© R. Grimm 16

Symantec, ISTR 2011/12 (2)

Symantec ISTR No. 17, 2011 Trends- „Executive Summary“, p. 12

• 5,5 Billion (109) attacks in 2011 (+ 81% from 2010)

• Chronic problems– Polymorphic malware– Web attack kits– Socially engineered attacks using email-borne malware– Zero-day vulnerabilities

• Headlines in 2011– Targeted Attacks (like Stuxnet, Iran, 2010)– Politically-motivated hacktivist attacks– Data breaches– Attacks on CAs

9

Seite 9

/39© R. Grimm 17


Symantec ISTR No. 17, 2011 Trends- „Executive Summary“, p. 12-13

Six hot themes:

• Malicious Attacks Skyrocked by 81%

• Cyber Espionage And Business: Targeted Attacks Target Everyone

• Mobile Phones Under Attack

• Certificate Authorities And Transport Layer Security (TLS) V1.0 Are

Targeted As SSL Use Increases

• 232 Million Identities Stolen

• Botnet Takedowns Reduce Spam Volumes

/39© R. Grimm 18


Symantec ISTR No. 17, 2011 Trends- 2011 In Numbers, pp. 9-11 (1)

• 5.5 Billion total attacks (blocked by Symantec; 3 Bill. In 2010, +81%)

• 4.595 Web attacks blocked per day

• Targeted attacks (p. 17):– 50% big business (> 2.500 employees)– 32% medium business(<2500 employees)– 18% small business (<250 employees)

• 232 Mill. identities exposed (p. 13)– Hacking had greatest impact: 187 Mill. identities stolen by one hack– Lost devices were the most frequent cause for id. exposure: 34%

10

Seite 10

/39© R. Grimm 19



• 4,989 new vulnerabilities (2010: 6,253; 2009: 4,814), see p.40– esp. browser, and browser plug-in vulnerabilities, see p. 41-42

• 8 new zero-day vulnerabilities per day

• 315 new mobile vulnerabilities (2010: 163)

• 403 new unique variants of malware (2010: 286)

• 55,294 unique malicious Web domains (2010: 42,926)

/39© R. Grimm 20



• Decrease in Bot Zombies:– 3.065.000 (2010: 4.500.00)

• Decrease in SPAM (effect of fight of Bot Zombies):– 42 Billion per day (!) (2010: 62 Bill.)

• Overall SPAM rate 75% (2010: 86%)

• Increase in Phishing (p. 29)– up to 0.33% or 1 in 298 (2010: 0.23% or 1 in 442)

• Overall E-Mail virusses (1 in 239)

11

Seite 11

/39© R. Grimm 21

Inhaltsübersicht

1. ISTR 9, 2005 II2. ISTR 10, 2006 I3. ISTR 11, 2006 II4. ISTR 12, 2007 I5. ISTR 13, 2007 II6. ISTR 14, 20087. ISTR No. 15, 2009, published April 20108. ISTR No. 16, 2010, published April 20119. ISTR No. 17, 2011, published April 2012


/39© R. Grimm 22

Symantec,Internet Security Threat Report, 2013 Trends (1)Symantec ISTR No. 19, 2013 Trends,reporting period: Jan-Dec 2013, published April 2014

• Executive Summary, pp. 5-7

• 2013 Security Timeline, pp. 8-10

• 2013 In Numbers, pp. 11-23

• Targeted Attacks + Data Breaches, pp. 24-43

• E-Crime + Malware Delivery Tactics, pp. 44-62

• Social Media + Mobile Threats, pp. 63-76

• Phishing + Spam, pp. 77-82

• Looking Ahead, pp. 83-85

• Recommendations + Best Practice Guidelines, pp. 86-97

12

Seite 12

/39© R. Grimm 23


Symantec ISTR No. 19, 2013 Trends,Executive Summary, 6-7

• Zero-day Vulnerabilities and Unpatched Websites– +61% vs. 2012– 77% of websites had exploitable vulnerabilities– 12% of websites had a critical vulnerability– Top five zero-day vulnerabilities were patched within four days– 174,651 attacks within 30 days of these top five becoming known

• Ransomware Attacks Grew – +500% vs. 2012 (first appearance)– Average fake fine $100-$500, by online payment– Mostly Cryptolocker (help: good backups)

/39© R. Grimm 24


Symantec ISTR No. 19, 2013 Trends,Executive Summary, 6-7

• Attacks on Mobiles– 38 percent of mobile users had already experienced mobile cybercrime– Lost or stolen devices remain the biggest risks– Storing sensitive files online (5%),– Storing work and personal info in same online storage accounts (24%)– Sharing logins and passwords with families (21%) and friends (18%)– Only 50% of mobiles take basic security precautions– 2012: each mobile malware family had an average of 38 variants– 2013: each family had 58 variants– Mobile malware not yet exploded, but growing!

13

Seite 13

/39© R. Grimm 25


Symantec ISTR No. 19, 2013 Trends,Executive Summary, 7

• User Behaviour on Social Media– Largest number of attacks: fake offers for free cell phone minutes (81%)– 12% of all FB users experience masquerade of their FB identity– 25% of all FB users share their password with others– 33% connect to “friends” they don’t know

• Attackers are turning to the Internet of Things– “Refrigerators” as bots for cybercriminals– Baby monitors, security cameras, routers– Smart TV, automobiles. medical equipment– Routers: worms, DNS redirection → pharming!

/39© R. Grimm 26


Symantec ISTR No. 19, 2013 Trends,2013 in Numbers, 12-23

• Breaches With More Than 10 Million Identities Exposed, pp.12-13

• Spam, p.14

• Bots, Email, p.15

• Mobile, p.16

• Web, p.17

• Targeted Attacks – Spear Phishing, pp.18-21

• Targeted Attacks – Web Based, pp.22-23

14

Seite 14

/39


Spear-Phishing

© R. Grimm 27

Symantec Corporation ISTR 2014, Vol.19, fig.1, p. 26

/39


Spear-Phishing

© R. Grimm 28


15

Seite 15

/39

Symantec, ISTR 2013/14 (8), Spear-Phishing

© R. Grimm 29


/39


Case Study: Point of Sale Attacks

© R. Grimm 30

Symantec Corporation ISTR 2014,Vol.19, fig.14, p. 37-38

One of the most notable incidents in 2013 was caused by a targeted attack exploiting a retailer’s point of sale (PoS) systems. …

18

Seite 18

/39


Mobile SpamandFake Apps

© R. Grimm 35

figs.9-10, p. 73

/39


Mobile Vulnera-bilities

© R. Grimm 36

fig.11, p. 74

19

Seite 19

/39


Mobile Vulnera-bilities

© R. Grimm 37

fig.13, p. 75

/39© R. Grimm 38


Symantec ISTR No. 19, 2013 Trends,

Looking Ahead, pp. 84-85

• Privacy and Trust

• Targeted Attacks and Data Breaches

• E-crime and Malware Delivery

• Social Media and Mobile

Best Practice Guidelines, pp. 87-93

• 14 recommendations for business

• 6 recommendations for consumers

• 20 SANS critical security controls

20

Seite 20

/39© R. Grimm 39

References

Symantec Corp., Cuperto, Cal: Internet Security Threat Report, 9. 2005/2, 10. 2006/1, 11. 2006/2, 12.2007/1, 13.2007/2 (Apr 2008), 14.2008 (Apr 2009), 15.2009 (April 2010), 16.2010 (April 2011) http://www.symantec.com/region/de/PressCenter/Threat_Reports.html [19.4.2012]

Symantec Corp., Cuperto, Cal: Internet Security Threat Report, 16.2010 (April 2011) http://www.symantec.com/region/de/PressCenter/Threat_Reports.html [19.4.2012]

Symantec Corp., Cuperto, Cal: Internet Security Threat Report, 2011 Trends, Vol. 17, published April 2012. http://www.symantec.com/threatreport/ [18.2.2013]

Symantec Corp., Cuperto, Cal: Internet Security Threat Report, 2013 Trends, Vol. 19,97 pages, published April 2014. http://www.symantec.com/threatreport/ [20.2.2015]

IT-Risk-Management Highlights of Symantec Internet ...aggrimm/teaching/2015ss/IT... · Symantec...

Documents

Transcript of IT-Risk-Management Highlights of Symantec Internet ...aggrimm/teaching/2015ss/IT... · Symantec...