Symantec Intelligence Report

29
SYMANTEC INTELLIGENCE REPORT JANUARY 2014

description

 

Transcript of Symantec Intelligence Report

Page 1: Symantec Intelligence Report

SYMANTEC INTELLIGENCE REPORTJANUARY 2014

p 2

Symantec CorporationSymantec Intelligence Report JANUARY 2014

CONTENTS

CONTENTS

3 Executive Summary

4 BIG NUMBERS

7 TARGETED ATTACKS

8 Targeted Attacks8 Targeted Attacks per Day

8 First Attacks Logged by Month

9 Attacks by Size of Targeted Organization

9 Top 10 Industries Attacked

9 First Attacks Logged by Size

9 File Extensions of Attachments

10 Social Media

11 Social Media11 Top 5 Social Media Attacks

12 DATA BREACHES

13 Data Breaches13 Top 5 Types of Information Exposed

13 Twelve-Month Timeline of Data Breaches

14 MOBILE

15 Mobile15 Mobile Malware by Type

16 Cumulative Mobile Android Malware

17 VULNERABILITIES

18 Vulnerabilities18 Total Vulnerabilities Disclosed by Month

18 Browser Vulnerabilities

18 Plug-in Vulnerabilities

19 SPAM PHISHING amp MALWARE

20 Spam20 Top 5 Activity for Spam Destination by Geography

20 Top 5 Activity for Spam Destination by Industry

21 Top 10 Sources of Spam

21 Average Spam Message Size

21 Top 5 Activity for Spam Destination by Company Size

21 Spam by Category

21 Spam URL Distribution Based on Top Level Domain Name

22 Phishing22 Top 10 Sources of Phishing

22 Top 5 Activity for Phishing Destination by Company Size

22 Top 5 Activity for Phishing Destination by Industry

22 Top 5 Activity for Phishing Destination by Geography

23 Phishing Distribution

23 Organizations Spoofed in Phishing Attacks

24 Malware24 Proportion of Email Traffic in Which Virus Was Detected

24 Top 10 Email Virus Sources

25 Top 5 Activity for Malware Destination by Industry

25 Top 5 Activity for Malware Destination by Geographic Location

25 Top 5 Activity for Malware Destination by Company Size

26 Endpoint Security26 Top 10 Most Frequently Blocked Malware

27 Policy Based Filtering27 Policy Based Filtering

28 About Symantec

28 More Information

p 3

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Executive Summary

Welcome to the January edition of the Symantec Intelligence report Symantec Intelligence aims to provide the latest analysis of cyber security threats trends and insights concerning malware spam and other potentially harmful business risks

A number of large data breaches were reported during the month of January The largest new data breach included the exposure of 1058 million identities in South Korea (Itrsquos worth noting that many individuals in the country had more than one account exposed in this breach) Another large data breach previously reported as including 40 million identities has since had its numbers adjusted upwards and is now estimated at 110 million identities exposed These two breaches contribute significantly in bringing the total number of identities exposed to over 500 million for the last twelve months

Targeted attacks are up to their highest level since August of last year after what appears to be average-to-low attack numbers over the last four months Manufacturing is the most targeted industry making up 213 percent of attacks The non-traditional services category which includes hospitality recreation and repair is a close second at 206 percent

The number of vulnerabilities reported is also up in January after lower numbers reported in November and December of last year However at 555 vulnerabilities this number is still well below October which reported a high of 663 for the month

In other news spam and phishing rates are down slightly in January while email virus rates are at their lowest levels since October of last year

We hope that you enjoy this monthrsquos report and feel free to contact us with any comments or feedback

Ben Nahorney Cyber Security Threat Analyst

symantec_intelligencesymanteccom

p 4

Symantec CorporationSymantec Intelligence Report JANUARY 2014

BIG

NU

MB

ERS

p 5

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Overall Email Phishing RateOverall Email Phishing Rate

1 in 10531 in 1444

1 in 1311Dec

Nov

Jan

HIGHER NUMBER = LOWER RISK

Overall Email Virus RateOverall Email Virus Rate

Nov

Dec

Jan

HIGHER NUMBER = LOWER RISK

1 in 431

1 in 2531 in 164

Estimated GlobalEmail Spam Rate Per DayEstimated GlobalEmail Spam Rate Per Day

SPAM AS PERCENT OF ALL EMAIL

Nov Dec Jan0

10

20

30

40

50

60

70

80

90

100

62 62 64

New VulnerabilitiesNew Vulnerabilities

DecNov Jan

438438 471471 555555Dec 1Nov 6

Jan 2

MobileVulnerabilitiesMobileVulnerabilities

p 6

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Data BreachesData Breaches

219

Number of Breaches(12 month period)

501516310

Number of IdentitiesExposed (12 month period)

Mobile Malware VariantsMobile Malware Variants

VARI

ANTS

(CU

MU

LATI

VE)

132 139

JanDecNov

186

0

1000

2000

3000

4000

5000

6000

7000

8000

9000

10000

JDNOSAJJMAMFJ

77517751

p 7

Symantec CorporationSymantec Intelligence Report JANUARY 2014

TAR

GETED

ATTACKS

p 8

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Targeted Attacks

Targeted Attacks per DaySource Symantec

2014 2012 2013

TAR

GET

ED A

TTAC

KS

25

50

75

100

125

150

175

200

225

250

DECNOVOCTSEPAUGJULJUNMAYAPRMARFEBJAN

At a Glance

bull Targeted attacks were up in January reaching their highest levels since August of 2013

bull Small companies of 250 employees or less were targeted in 39 of attacks though organizations with 2500+ employees were targeted more often based on first attacks

bull The exe file type was the most common attachment making up 247 of email-based targeted attacks that included file attachments

First Attacks Logged by MonthSource Symantec

100

200

300

400

500

600

700

800

900

1000

1100

1200

J2014

DNOSAJJMAMF

p 9

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Attacks by Size of Targeted OrganizationSource Symantec

Company Size Percent

1-250 389

251-500 91

501-1000 58

1001-1500 34

1501-2500 48

2500+ 379

First Attacks Logged by SizeSource Symantec

Company Size Percent

1-250 292

251-500 85

501-1000 96

1001-1500 60

1501-2500 75

2500+ 391

File Extensions of AttachmentsSource Symantec

File Extension Percent

exe 247

doc 111

scr 84

au3 75

jpg 62

pdf 19

dat 15

com 04

rtf 04

zip 03

Top 10 Industries AttackedSource Symantec

Industry Percent

Manufacturing 213

Services - Non Traditional 206

Finance insurance amp Real Estate 137

Services - Professional 114

Wholesale 110

Transportation communications electric gas amp Sanitary Services

59

Public Administration 42

Retail 32

Construction 22

Mining 15

The ldquoProfessionalrdquo services category includes services such as Legal Accounting Health and Education ldquoNon-Traditionalrdquo services include Hospitality Recreational and Repair services

p 10

Symantec CorporationSymantec Intelligence Report JANUARY 2014

SOCIA

L MED

IA

p 11

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Social Media

At a Glance

bull 82 percent of all social media attacks in January where fake offerings

bull Likejacking is the second-most common type of social media attack at 8 percent

Methodology

Fake Offering These scams invite social network users to join a fake event or group with incentives such as free gift cards Joining often requires the user to share credentials with the attacker or send a text to a premium rate number

Fake Plug-in Scams Users are tricked into downloading fake browser extensions on their machines Rogue browser extensions can pose like legitimate extensions but when installed can steal sensitive information from the infected machine

Likejacking Using fake ldquoLikerdquo buttons attackers trick users into clicking website buttons that install malware and may post updates on a userrsquos newsfeed spreading the attack

Fake Apps Applications provided by attackers that appear to be legitimate apps however they contain a malicious payload The attackers often take legitimate apps bundle malware with them and then re-release it as a free version of the app

Manual Sharing Scams These rely on victims to actually do the hard work of sharing the scam by presenting them with intriguing videos fake offers or messages that they share with their friends

Top 5 Social Media AttacksSource Symantec

Top 5 Social Media Attacks

8

5

Fake Offering

Manual Sharing

Likejacking

2 Fake Apps

2 Comment Jacking

82

p 12

Symantec CorporationSymantec Intelligence Report JANUARY 2014

DATA

BR

EACHES

p 13

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Data Breaches

At a Glance

bull The largest data breach that was reported in January resulted in the exposure of 1058 million identities

bull The reported number of identities exposed in a late-November data breach has since been adjusted upward This breach is now estimated to have exposed 110 million identities

bull In the last 12 months more than 500 million identities have been exposed

Twelve-Month Timeline of Data BreachesSource Symantec

NU

MB

ER O

F IN

CID

ENTS

IDEN

TITI

ES B

RE

ACH

ED (M

ILLI

ON

S)

INCIDENTS IDENTITIES BREACHED

0

20

40

60

80

100

120

140

160

180

J2014

DNOSAJJMAMF

0

5

10

15

20

25

30

35

40

45

Top 5 Types of Information ExposedSource Symantec

39

39

37

31

70Real Names

Gov ID numbers (Soc Sec)

Birth Dates

Home Address

Medical Records

Information Exposed in BreachesInformation Exposed in Breaches

OF ALL BREACHES

Methodology

This data is procured from the Norton Cybercrime Index (CCI) The Norton CCI is a statistical model that measures the levels of threats including malicious software fraud identity theft spam phishing and social engineering daily The data breach section of the Norton CCI is derived from data breaches that have been reported by legitimate media sources and have exposed personal information

In some cases a data breach is not publicly reported during the same month the incident occurred or an adjustment is made in the number of identities reportedly exposed In these cases the data in the Norton CCI is updated This causes fluctuations in the numbers reported for previous months when a new report is released

Norton Cybercrime Indexhttpusnortoncomprotect-yourself

p 14

Symantec CorporationSymantec Intelligence Report JANUARY 2014

MO

BILE

p 15

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Mobile

At a Glance

bull 32 percent of mobile malware discovered over the last 12 months tracks users

bull Traditional threats such as back doors and downloaders are present in 14 percent of all mobile malware threats

bull Risks that collect data such as device info and banking details make up 15 percent of all risks

bull Three new mobile malware families were discovered in January along with 139 new variants

32

Track UserRisks that spy on the individual using the device collecting SMS messages or phone call logs tracking GPS coordinates recording phone calls or gathering pictures and video taken with the device

14

Traditional ThreatsThreats that carry out traditional malware functions such as back doors and downloaders

12

AdwareAnnoyanceMobile risks that display advertising or generally perform actions to disrupt the user

15

Send ContentThese risks will send text messages to premium SMS numbers ultimately appearing on the bill of the devicersquos owner Other risks can be used to send spam messages

13

Change SettingsThese types of risks attempt to elevate privileges or simply modify various settings within the operating system

15

Collect DataThis includes the collection of both device- and user-specific data such as device information configuration data or banking details

Mobile Malware by TypeSource Symantec

p 16

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Cumulative Mobile Android MalwareSource Symantec

VARIANTS FAMILIES

40

80

120

160

200

240

280

320

360

400

J2014

DNOSAJJMAMF

1000

2000

3000

4000

5000

6000

7000

8000

9000

10000

FAM

ILIE

S (

CU

MU

LATI

VE)

VAR

IAN

TS (

CU

MU

LATI

VE)

p 17

Symantec CorporationSymantec Intelligence Report JANUARY 2014

VU

LNER

AB

ILITIES

p 18

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Vulnerabilities

At a Glance

bull There were 555 new vulnerabilities discovered in January bringing the total for the last 12 months to 6443 This is a 17 percent increase over the prior twelve month period

bull There were two vulnerabilities in mobile operating systems disclosed during the month of January

bull Googlersquos Chrome browser continues to lead in reporting browser vulnerabilities while Oraclersquos Java leads in reported plug-in vulnerabilities

Total Vulnerabilities Disclosed by MonthSource Symantec

0

100

200

300

400

500

600

700

800

J2014

DNOSAJJMAMF

Plug-in VulnerabilitiesSource Symantec

10

20

30

40

50

60

70

80

Adobe Acrobat ReaderAdobe Flash PlayerApple QuickTimeOracle Sun Java

Browser VulnerabilitiesSource Symantec

10

20

30

40

50

60

Apple SafariGoogle ChromeMicrosoft Internet ExplorerMozilla FirefoxOpera

p 19

Symantec CorporationSymantec Intelligence Report JANUARY 2014

SPAM

PHISH

ING

amp M

ALW

AR

E

p 20

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global spam rate decreased 19 percentage points in January to 621 percent down from 640 percent in December

bull Mining was the most commonly targeted industry at 642 percent followed by Manufacturing at 632 percent

bull The com top-level domain (TLD) was again the most frequently used malicious TLD in January

bull Sex Dating spam is the most common category at 752 percent Pharmaceutical spam came in second at 201 percent

Spam

Top 5 Activity for Spam Destination by GeographySource Symantec

Geography Percent

Sri Lanka 747

Israel 688

Brazil 669

South Africa 653

Kuwait 648

Top 5 Activity for Spam Destination by IndustrySource Symantec

Industry Percent

Mining 642

Manufacturing 632

Agriculture forestry amp fishing 629

Services - Professional 621

Construction 621

p 21

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 10 Sources of SpamSource Symantec

Source Percent of All Spam

Canada 77

Spain 68

Russian Federation 64

United States 59

Finland 56

Italy 50

Argentina 42

India 37

Ukraine 32

Romania 31

Spam URL Distribution Based on Top Level Domain NameSource Symantec

Month com info ru biz

Dec 331 137 132 103

Nov 367 124 not listed 96

Data lags one month

Average Spam Message SizeSource Symantec

Month 0Kb ndash 5Kb 5Kb ndash 10Kb gt10Kb

Dec 284 192 523

Nov 370 247 384

Data lags one month

Spam by CategorySource Symantec

Category Percent

SexDating 752

Pharma 201

Jobs 18

Software 08

Watches 08

Top 5 Activity for Spam Destination by Company SizeSource Symantec

Company Size Percent

1-250 620

251-500 618

501-1000 624

1001-1500 622

1501-2500 620

2501+ 623

p 22

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global phishing rate is down in January comprising one in 1 in 1444 email messages In December this rate was one in 1 in 1053

bull Financial themes continue to be the most frequent subject matter with 675 percent of phishing scams containing this theme

bull The South Africa had the highest rate in January where one in 530 emails was a phishing scam

bull The United States tops the list of sources of phishing emails responsible for distributing 399 percent of phishing scams

bull Public Administration was the most targeted industry in January with one in every 761 emails received in this industry being a phishing scam

Phishing

Top 5 Activity for Phishing Destination by GeographySource Symantec

Geography Rate

South Africa 1 in 540

United Kingdom 1 in 731

Australia 1 in 821

Austria 1 in 1183

New Zealand 1 in 1215

Top 5 Activity for Phishing Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 761

Agriculture forestry amp fishing 1 in 874

Services - Professional 1 in 1189

Transportation communications electric gas amp Sanitary Services

1 in 14572

Construction 1 in 15715

Top 5 Activity for Phishing Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 1122

251-500 1 in 1130

501-1000 1 in 1463

1001-1500 1 in 1563

1501-2500 1 in 1590

2501+ 1 in 1865

Top 10 Sources of PhishingSource Symantec

Source Percent

United States 399

Australia 271

United Kingdom 243

South Africa 24

Netherlands 18

Sweden 15

Singapore 04

Japan 03

United Arab Emirates 03

New Zealand 02

p 23

Symantec CorporationSymantec Intelligence Report JANUARY 2014

363

32

16

07

581Automated Toolkits

Other Unique Domains

IP Address Domains

Free Web Hosting Sites

Typosquatting

Phishing DistributionPhishing Distribution

Phishing DistributionSource Symantec

291

36

09

01

675Financial

Information Services

Retail

Computer Software

Communications

Organizations Spoofedin Phishing AttacksOrganizations Spoofedin Phishing Attacks

Organizations Spoofed in Phishing AttacksSource Symantec

p 24

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Malware

1 in 0

1 in 50

1 in 100

1 in 150

1 in 200

1 in 250

1 in 300

1 in 350

1 in 400

1 in 450

1 in 500J

2014DNOSAJJMAMF

Proportion of Email Traffic in Which Virus Was DetectedSource Symantec

Top 10 Email Virus SourcesSource Symantec

Geography Percent

United States 665

United Kingdom 150

Australia 41

Netherlands 21

France 18

Germany 12

Japan 12

South Africa 11

Canada 09

Hong Kong 07

At a Glance

bull The global average virus rate in January was one in 431 emails compared to one in 164 in December

bull Hungary topped the list of geographies with one in 217 emails containing a virus

bull The United States was the largest source of virus-laden emails making up 665 percent of all email-based viruses

bull Organizations with 250-500 employees were the most targeted company size where one and 383 emails contained a virus

p 25

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 5 Activity for Malware Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 309

Agriculture forestry amp fishing 1 in 332

Services - Professional 1 in 343

Wholesale 1 in 397

Services - Non Traditional 1 in 467

Top 5 Activity for Malware Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 398

251-500 1 in 383

501-1000 1 in 459

1001-1500 1 in 396

1501-2500 1 in 475

2501+ 1 in 459

Top 5 Activity for Malware Destination by Geographic LocationSource Symantec

Geography Rate

Hungary 1 in 217

South Africa 1 in 221

United Kingdom 1 in 287

Hong Kong 1 in 306

Ireland 1 in 344

p 26

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull Variants of W32Ramnit accounted for 94 percent of all malware blocked at the endpoint

bull In comparison 61 percent of all malware were variants of W32Sality

bull Approximately 495 percent of the most frequently blocked malware last month was identified and blocked using generic detection

Endpoint Security

Top 10 Most Frequently Blocked MalwareSource Symantec

Malware Percent

W32SalityAE 54

W32Ramnithtml 38

W32AlmanaheBinf 34

W32DownadupB 34

W32RamnitB 31

TrojanZbot 25

W32RamnitBinf 22

W32SillyFDC 17

W32VirutCF 17

W32SillyFDCBDPlnk 10

p 27

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Policy Based FilteringSource Symantec

Category Percent

Social Networking 517

Advertisement amp Popups 205

Streaming Media 43

Hosting Sites 32

Computing amp Internet 28

Chat 19

Search 15

Gambling 10

News 09

Entertainment 08

Policy Based Filtering

At a Glance

bull The most common trigger for policy-based filtering applied by Symantec Web Security cloud for its business clients was for the ldquoSocial Networkingrdquo category which accounted for 517 percent of blocked Web activity in January

bull ldquoAdvertisement amp Popupsrdquo was the second-most common trigger comprising 205 percent of blocked Web activity

p 28

Symantec CorporationSymantec Intelligence Report JANUARY 2014

About Symantec

More Information

bull Security Response Publications httpwwwsymanteccomsecurity_responsepublications

bull Internet Security Threat Report Resource Page httpwwwsymanteccomthreatreport

bull Symantec Security Response httpwwwsymanteccomsecurity_response

bull Norton Threat Explorer httpusnortoncomsecurity_responsethreatexplorer

bull Norton Cybercrime Index httpusnortoncomcybercrimeindex

Symantec protects the worldrsquos information and is a global leader in security backup and availability solutions Our innovative products and services protect people and information in any environmentmdashfrom the smallest mobile device to the enterprise data center to cloud-based systems Our world-renowned expertise in protecting data identities and interactions gives our customers confidence in a connected world More information is available at wwwsymanteccom or by connecting with Symantec at gosymanteccomsocialmedia

Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners

For specific country offices and contact numbers

please visit our website

For product information in the US

call toll-free 1 (800) 745 6054

Symantec Corporation World Headquarters

350 Ellis Street

Mountain View CA 94043 USA

+1 (650) 527 8000

1 (800) 721 3934

wwwsymanteccom

Confidence in a connected world

Page 2: Symantec Intelligence Report

p 2

Symantec CorporationSymantec Intelligence Report JANUARY 2014

CONTENTS

CONTENTS

3 Executive Summary

4 BIG NUMBERS

7 TARGETED ATTACKS

8 Targeted Attacks8 Targeted Attacks per Day

8 First Attacks Logged by Month

9 Attacks by Size of Targeted Organization

9 Top 10 Industries Attacked

9 First Attacks Logged by Size

9 File Extensions of Attachments

10 Social Media

11 Social Media11 Top 5 Social Media Attacks

12 DATA BREACHES

13 Data Breaches13 Top 5 Types of Information Exposed

13 Twelve-Month Timeline of Data Breaches

14 MOBILE

15 Mobile15 Mobile Malware by Type

16 Cumulative Mobile Android Malware

17 VULNERABILITIES

18 Vulnerabilities18 Total Vulnerabilities Disclosed by Month

18 Browser Vulnerabilities

18 Plug-in Vulnerabilities

19 SPAM PHISHING amp MALWARE

20 Spam20 Top 5 Activity for Spam Destination by Geography

20 Top 5 Activity for Spam Destination by Industry

21 Top 10 Sources of Spam

21 Average Spam Message Size

21 Top 5 Activity for Spam Destination by Company Size

21 Spam by Category

21 Spam URL Distribution Based on Top Level Domain Name

22 Phishing22 Top 10 Sources of Phishing

22 Top 5 Activity for Phishing Destination by Company Size

22 Top 5 Activity for Phishing Destination by Industry

22 Top 5 Activity for Phishing Destination by Geography

23 Phishing Distribution

23 Organizations Spoofed in Phishing Attacks

24 Malware24 Proportion of Email Traffic in Which Virus Was Detected

24 Top 10 Email Virus Sources

25 Top 5 Activity for Malware Destination by Industry

25 Top 5 Activity for Malware Destination by Geographic Location

25 Top 5 Activity for Malware Destination by Company Size

26 Endpoint Security26 Top 10 Most Frequently Blocked Malware

27 Policy Based Filtering27 Policy Based Filtering

28 About Symantec

28 More Information

p 3

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Executive Summary

Welcome to the January edition of the Symantec Intelligence report Symantec Intelligence aims to provide the latest analysis of cyber security threats trends and insights concerning malware spam and other potentially harmful business risks

A number of large data breaches were reported during the month of January The largest new data breach included the exposure of 1058 million identities in South Korea (Itrsquos worth noting that many individuals in the country had more than one account exposed in this breach) Another large data breach previously reported as including 40 million identities has since had its numbers adjusted upwards and is now estimated at 110 million identities exposed These two breaches contribute significantly in bringing the total number of identities exposed to over 500 million for the last twelve months

Targeted attacks are up to their highest level since August of last year after what appears to be average-to-low attack numbers over the last four months Manufacturing is the most targeted industry making up 213 percent of attacks The non-traditional services category which includes hospitality recreation and repair is a close second at 206 percent

The number of vulnerabilities reported is also up in January after lower numbers reported in November and December of last year However at 555 vulnerabilities this number is still well below October which reported a high of 663 for the month

In other news spam and phishing rates are down slightly in January while email virus rates are at their lowest levels since October of last year

We hope that you enjoy this monthrsquos report and feel free to contact us with any comments or feedback

Ben Nahorney Cyber Security Threat Analyst

symantec_intelligencesymanteccom

p 4

Symantec CorporationSymantec Intelligence Report JANUARY 2014

BIG

NU

MB

ERS

p 5

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Overall Email Phishing RateOverall Email Phishing Rate

1 in 10531 in 1444

1 in 1311Dec

Nov

Jan

HIGHER NUMBER = LOWER RISK

Overall Email Virus RateOverall Email Virus Rate

Nov

Dec

Jan

HIGHER NUMBER = LOWER RISK

1 in 431

1 in 2531 in 164

Estimated GlobalEmail Spam Rate Per DayEstimated GlobalEmail Spam Rate Per Day

SPAM AS PERCENT OF ALL EMAIL

Nov Dec Jan0

10

20

30

40

50

60

70

80

90

100

62 62 64

New VulnerabilitiesNew Vulnerabilities

DecNov Jan

438438 471471 555555Dec 1Nov 6

Jan 2

MobileVulnerabilitiesMobileVulnerabilities

p 6

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Data BreachesData Breaches

219

Number of Breaches(12 month period)

501516310

Number of IdentitiesExposed (12 month period)

Mobile Malware VariantsMobile Malware Variants

VARI

ANTS

(CU

MU

LATI

VE)

132 139

JanDecNov

186

0

1000

2000

3000

4000

5000

6000

7000

8000

9000

10000

JDNOSAJJMAMFJ

77517751

p 7

Symantec CorporationSymantec Intelligence Report JANUARY 2014

TAR

GETED

ATTACKS

p 8

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Targeted Attacks

Targeted Attacks per DaySource Symantec

2014 2012 2013

TAR

GET

ED A

TTAC

KS

25

50

75

100

125

150

175

200

225

250

DECNOVOCTSEPAUGJULJUNMAYAPRMARFEBJAN

At a Glance

bull Targeted attacks were up in January reaching their highest levels since August of 2013

bull Small companies of 250 employees or less were targeted in 39 of attacks though organizations with 2500+ employees were targeted more often based on first attacks

bull The exe file type was the most common attachment making up 247 of email-based targeted attacks that included file attachments

First Attacks Logged by MonthSource Symantec

100

200

300

400

500

600

700

800

900

1000

1100

1200

J2014

DNOSAJJMAMF

p 9

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Attacks by Size of Targeted OrganizationSource Symantec

Company Size Percent

1-250 389

251-500 91

501-1000 58

1001-1500 34

1501-2500 48

2500+ 379

First Attacks Logged by SizeSource Symantec

Company Size Percent

1-250 292

251-500 85

501-1000 96

1001-1500 60

1501-2500 75

2500+ 391

File Extensions of AttachmentsSource Symantec

File Extension Percent

exe 247

doc 111

scr 84

au3 75

jpg 62

pdf 19

dat 15

com 04

rtf 04

zip 03

Top 10 Industries AttackedSource Symantec

Industry Percent

Manufacturing 213

Services - Non Traditional 206

Finance insurance amp Real Estate 137

Services - Professional 114

Wholesale 110

Transportation communications electric gas amp Sanitary Services

59

Public Administration 42

Retail 32

Construction 22

Mining 15

The ldquoProfessionalrdquo services category includes services such as Legal Accounting Health and Education ldquoNon-Traditionalrdquo services include Hospitality Recreational and Repair services

p 10

Symantec CorporationSymantec Intelligence Report JANUARY 2014

SOCIA

L MED

IA

p 11

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Social Media

At a Glance

bull 82 percent of all social media attacks in January where fake offerings

bull Likejacking is the second-most common type of social media attack at 8 percent

Methodology

Fake Offering These scams invite social network users to join a fake event or group with incentives such as free gift cards Joining often requires the user to share credentials with the attacker or send a text to a premium rate number

Fake Plug-in Scams Users are tricked into downloading fake browser extensions on their machines Rogue browser extensions can pose like legitimate extensions but when installed can steal sensitive information from the infected machine

Likejacking Using fake ldquoLikerdquo buttons attackers trick users into clicking website buttons that install malware and may post updates on a userrsquos newsfeed spreading the attack

Fake Apps Applications provided by attackers that appear to be legitimate apps however they contain a malicious payload The attackers often take legitimate apps bundle malware with them and then re-release it as a free version of the app

Manual Sharing Scams These rely on victims to actually do the hard work of sharing the scam by presenting them with intriguing videos fake offers or messages that they share with their friends

Top 5 Social Media AttacksSource Symantec

Top 5 Social Media Attacks

8

5

Fake Offering

Manual Sharing

Likejacking

2 Fake Apps

2 Comment Jacking

82

p 12

Symantec CorporationSymantec Intelligence Report JANUARY 2014

DATA

BR

EACHES

p 13

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Data Breaches

At a Glance

bull The largest data breach that was reported in January resulted in the exposure of 1058 million identities

bull The reported number of identities exposed in a late-November data breach has since been adjusted upward This breach is now estimated to have exposed 110 million identities

bull In the last 12 months more than 500 million identities have been exposed

Twelve-Month Timeline of Data BreachesSource Symantec

NU

MB

ER O

F IN

CID

ENTS

IDEN

TITI

ES B

RE

ACH

ED (M

ILLI

ON

S)

INCIDENTS IDENTITIES BREACHED

0

20

40

60

80

100

120

140

160

180

J2014

DNOSAJJMAMF

0

5

10

15

20

25

30

35

40

45

Top 5 Types of Information ExposedSource Symantec

39

39

37

31

70Real Names

Gov ID numbers (Soc Sec)

Birth Dates

Home Address

Medical Records

Information Exposed in BreachesInformation Exposed in Breaches

OF ALL BREACHES

Methodology

This data is procured from the Norton Cybercrime Index (CCI) The Norton CCI is a statistical model that measures the levels of threats including malicious software fraud identity theft spam phishing and social engineering daily The data breach section of the Norton CCI is derived from data breaches that have been reported by legitimate media sources and have exposed personal information

In some cases a data breach is not publicly reported during the same month the incident occurred or an adjustment is made in the number of identities reportedly exposed In these cases the data in the Norton CCI is updated This causes fluctuations in the numbers reported for previous months when a new report is released

Norton Cybercrime Indexhttpusnortoncomprotect-yourself

p 14

Symantec CorporationSymantec Intelligence Report JANUARY 2014

MO

BILE

p 15

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Mobile

At a Glance

bull 32 percent of mobile malware discovered over the last 12 months tracks users

bull Traditional threats such as back doors and downloaders are present in 14 percent of all mobile malware threats

bull Risks that collect data such as device info and banking details make up 15 percent of all risks

bull Three new mobile malware families were discovered in January along with 139 new variants

32

Track UserRisks that spy on the individual using the device collecting SMS messages or phone call logs tracking GPS coordinates recording phone calls or gathering pictures and video taken with the device

14

Traditional ThreatsThreats that carry out traditional malware functions such as back doors and downloaders

12

AdwareAnnoyanceMobile risks that display advertising or generally perform actions to disrupt the user

15

Send ContentThese risks will send text messages to premium SMS numbers ultimately appearing on the bill of the devicersquos owner Other risks can be used to send spam messages

13

Change SettingsThese types of risks attempt to elevate privileges or simply modify various settings within the operating system

15

Collect DataThis includes the collection of both device- and user-specific data such as device information configuration data or banking details

Mobile Malware by TypeSource Symantec

p 16

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Cumulative Mobile Android MalwareSource Symantec

VARIANTS FAMILIES

40

80

120

160

200

240

280

320

360

400

J2014

DNOSAJJMAMF

1000

2000

3000

4000

5000

6000

7000

8000

9000

10000

FAM

ILIE

S (

CU

MU

LATI

VE)

VAR

IAN

TS (

CU

MU

LATI

VE)

p 17

Symantec CorporationSymantec Intelligence Report JANUARY 2014

VU

LNER

AB

ILITIES

p 18

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Vulnerabilities

At a Glance

bull There were 555 new vulnerabilities discovered in January bringing the total for the last 12 months to 6443 This is a 17 percent increase over the prior twelve month period

bull There were two vulnerabilities in mobile operating systems disclosed during the month of January

bull Googlersquos Chrome browser continues to lead in reporting browser vulnerabilities while Oraclersquos Java leads in reported plug-in vulnerabilities

Total Vulnerabilities Disclosed by MonthSource Symantec

0

100

200

300

400

500

600

700

800

J2014

DNOSAJJMAMF

Plug-in VulnerabilitiesSource Symantec

10

20

30

40

50

60

70

80

Adobe Acrobat ReaderAdobe Flash PlayerApple QuickTimeOracle Sun Java

Browser VulnerabilitiesSource Symantec

10

20

30

40

50

60

Apple SafariGoogle ChromeMicrosoft Internet ExplorerMozilla FirefoxOpera

p 19

Symantec CorporationSymantec Intelligence Report JANUARY 2014

SPAM

PHISH

ING

amp M

ALW

AR

E

p 20

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global spam rate decreased 19 percentage points in January to 621 percent down from 640 percent in December

bull Mining was the most commonly targeted industry at 642 percent followed by Manufacturing at 632 percent

bull The com top-level domain (TLD) was again the most frequently used malicious TLD in January

bull Sex Dating spam is the most common category at 752 percent Pharmaceutical spam came in second at 201 percent

Spam

Top 5 Activity for Spam Destination by GeographySource Symantec

Geography Percent

Sri Lanka 747

Israel 688

Brazil 669

South Africa 653

Kuwait 648

Top 5 Activity for Spam Destination by IndustrySource Symantec

Industry Percent

Mining 642

Manufacturing 632

Agriculture forestry amp fishing 629

Services - Professional 621

Construction 621

p 21

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 10 Sources of SpamSource Symantec

Source Percent of All Spam

Canada 77

Spain 68

Russian Federation 64

United States 59

Finland 56

Italy 50

Argentina 42

India 37

Ukraine 32

Romania 31

Spam URL Distribution Based on Top Level Domain NameSource Symantec

Month com info ru biz

Dec 331 137 132 103

Nov 367 124 not listed 96

Data lags one month

Average Spam Message SizeSource Symantec

Month 0Kb ndash 5Kb 5Kb ndash 10Kb gt10Kb

Dec 284 192 523

Nov 370 247 384

Data lags one month

Spam by CategorySource Symantec

Category Percent

SexDating 752

Pharma 201

Jobs 18

Software 08

Watches 08

Top 5 Activity for Spam Destination by Company SizeSource Symantec

Company Size Percent

1-250 620

251-500 618

501-1000 624

1001-1500 622

1501-2500 620

2501+ 623

p 22

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global phishing rate is down in January comprising one in 1 in 1444 email messages In December this rate was one in 1 in 1053

bull Financial themes continue to be the most frequent subject matter with 675 percent of phishing scams containing this theme

bull The South Africa had the highest rate in January where one in 530 emails was a phishing scam

bull The United States tops the list of sources of phishing emails responsible for distributing 399 percent of phishing scams

bull Public Administration was the most targeted industry in January with one in every 761 emails received in this industry being a phishing scam

Phishing

Top 5 Activity for Phishing Destination by GeographySource Symantec

Geography Rate

South Africa 1 in 540

United Kingdom 1 in 731

Australia 1 in 821

Austria 1 in 1183

New Zealand 1 in 1215

Top 5 Activity for Phishing Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 761

Agriculture forestry amp fishing 1 in 874

Services - Professional 1 in 1189

Transportation communications electric gas amp Sanitary Services

1 in 14572

Construction 1 in 15715

Top 5 Activity for Phishing Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 1122

251-500 1 in 1130

501-1000 1 in 1463

1001-1500 1 in 1563

1501-2500 1 in 1590

2501+ 1 in 1865

Top 10 Sources of PhishingSource Symantec

Source Percent

United States 399

Australia 271

United Kingdom 243

South Africa 24

Netherlands 18

Sweden 15

Singapore 04

Japan 03

United Arab Emirates 03

New Zealand 02

p 23

Symantec CorporationSymantec Intelligence Report JANUARY 2014

363

32

16

07

581Automated Toolkits

Other Unique Domains

IP Address Domains

Free Web Hosting Sites

Typosquatting

Phishing DistributionPhishing Distribution

Phishing DistributionSource Symantec

291

36

09

01

675Financial

Information Services

Retail

Computer Software

Communications

Organizations Spoofedin Phishing AttacksOrganizations Spoofedin Phishing Attacks

Organizations Spoofed in Phishing AttacksSource Symantec

p 24

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Malware

1 in 0

1 in 50

1 in 100

1 in 150

1 in 200

1 in 250

1 in 300

1 in 350

1 in 400

1 in 450

1 in 500J

2014DNOSAJJMAMF

Proportion of Email Traffic in Which Virus Was DetectedSource Symantec

Top 10 Email Virus SourcesSource Symantec

Geography Percent

United States 665

United Kingdom 150

Australia 41

Netherlands 21

France 18

Germany 12

Japan 12

South Africa 11

Canada 09

Hong Kong 07

At a Glance

bull The global average virus rate in January was one in 431 emails compared to one in 164 in December

bull Hungary topped the list of geographies with one in 217 emails containing a virus

bull The United States was the largest source of virus-laden emails making up 665 percent of all email-based viruses

bull Organizations with 250-500 employees were the most targeted company size where one and 383 emails contained a virus

p 25

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 5 Activity for Malware Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 309

Agriculture forestry amp fishing 1 in 332

Services - Professional 1 in 343

Wholesale 1 in 397

Services - Non Traditional 1 in 467

Top 5 Activity for Malware Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 398

251-500 1 in 383

501-1000 1 in 459

1001-1500 1 in 396

1501-2500 1 in 475

2501+ 1 in 459

Top 5 Activity for Malware Destination by Geographic LocationSource Symantec

Geography Rate

Hungary 1 in 217

South Africa 1 in 221

United Kingdom 1 in 287

Hong Kong 1 in 306

Ireland 1 in 344

p 26

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull Variants of W32Ramnit accounted for 94 percent of all malware blocked at the endpoint

bull In comparison 61 percent of all malware were variants of W32Sality

bull Approximately 495 percent of the most frequently blocked malware last month was identified and blocked using generic detection

Endpoint Security

Top 10 Most Frequently Blocked MalwareSource Symantec

Malware Percent

W32SalityAE 54

W32Ramnithtml 38

W32AlmanaheBinf 34

W32DownadupB 34

W32RamnitB 31

TrojanZbot 25

W32RamnitBinf 22

W32SillyFDC 17

W32VirutCF 17

W32SillyFDCBDPlnk 10

p 27

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Policy Based FilteringSource Symantec

Category Percent

Social Networking 517

Advertisement amp Popups 205

Streaming Media 43

Hosting Sites 32

Computing amp Internet 28

Chat 19

Search 15

Gambling 10

News 09

Entertainment 08

Policy Based Filtering

At a Glance

bull The most common trigger for policy-based filtering applied by Symantec Web Security cloud for its business clients was for the ldquoSocial Networkingrdquo category which accounted for 517 percent of blocked Web activity in January

bull ldquoAdvertisement amp Popupsrdquo was the second-most common trigger comprising 205 percent of blocked Web activity

p 28

Symantec CorporationSymantec Intelligence Report JANUARY 2014

About Symantec

More Information

bull Security Response Publications httpwwwsymanteccomsecurity_responsepublications

bull Internet Security Threat Report Resource Page httpwwwsymanteccomthreatreport

bull Symantec Security Response httpwwwsymanteccomsecurity_response

bull Norton Threat Explorer httpusnortoncomsecurity_responsethreatexplorer

bull Norton Cybercrime Index httpusnortoncomcybercrimeindex

Symantec protects the worldrsquos information and is a global leader in security backup and availability solutions Our innovative products and services protect people and information in any environmentmdashfrom the smallest mobile device to the enterprise data center to cloud-based systems Our world-renowned expertise in protecting data identities and interactions gives our customers confidence in a connected world More information is available at wwwsymanteccom or by connecting with Symantec at gosymanteccomsocialmedia

Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners

For specific country offices and contact numbers

please visit our website

For product information in the US

call toll-free 1 (800) 745 6054

Symantec Corporation World Headquarters

350 Ellis Street

Mountain View CA 94043 USA

+1 (650) 527 8000

1 (800) 721 3934

wwwsymanteccom

Confidence in a connected world

Page 3: Symantec Intelligence Report

p 3

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Executive Summary

Welcome to the January edition of the Symantec Intelligence report Symantec Intelligence aims to provide the latest analysis of cyber security threats trends and insights concerning malware spam and other potentially harmful business risks

A number of large data breaches were reported during the month of January The largest new data breach included the exposure of 1058 million identities in South Korea (Itrsquos worth noting that many individuals in the country had more than one account exposed in this breach) Another large data breach previously reported as including 40 million identities has since had its numbers adjusted upwards and is now estimated at 110 million identities exposed These two breaches contribute significantly in bringing the total number of identities exposed to over 500 million for the last twelve months

Targeted attacks are up to their highest level since August of last year after what appears to be average-to-low attack numbers over the last four months Manufacturing is the most targeted industry making up 213 percent of attacks The non-traditional services category which includes hospitality recreation and repair is a close second at 206 percent

The number of vulnerabilities reported is also up in January after lower numbers reported in November and December of last year However at 555 vulnerabilities this number is still well below October which reported a high of 663 for the month

In other news spam and phishing rates are down slightly in January while email virus rates are at their lowest levels since October of last year

We hope that you enjoy this monthrsquos report and feel free to contact us with any comments or feedback

Ben Nahorney Cyber Security Threat Analyst

symantec_intelligencesymanteccom

p 4

Symantec CorporationSymantec Intelligence Report JANUARY 2014

BIG

NU

MB

ERS

p 5

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Overall Email Phishing RateOverall Email Phishing Rate

1 in 10531 in 1444

1 in 1311Dec

Nov

Jan

HIGHER NUMBER = LOWER RISK

Overall Email Virus RateOverall Email Virus Rate

Nov

Dec

Jan

HIGHER NUMBER = LOWER RISK

1 in 431

1 in 2531 in 164

Estimated GlobalEmail Spam Rate Per DayEstimated GlobalEmail Spam Rate Per Day

SPAM AS PERCENT OF ALL EMAIL

Nov Dec Jan0

10

20

30

40

50

60

70

80

90

100

62 62 64

New VulnerabilitiesNew Vulnerabilities

DecNov Jan

438438 471471 555555Dec 1Nov 6

Jan 2

MobileVulnerabilitiesMobileVulnerabilities

p 6

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Data BreachesData Breaches

219

Number of Breaches(12 month period)

501516310

Number of IdentitiesExposed (12 month period)

Mobile Malware VariantsMobile Malware Variants

VARI

ANTS

(CU

MU

LATI

VE)

132 139

JanDecNov

186

0

1000

2000

3000

4000

5000

6000

7000

8000

9000

10000

JDNOSAJJMAMFJ

77517751

p 7

Symantec CorporationSymantec Intelligence Report JANUARY 2014

TAR

GETED

ATTACKS

p 8

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Targeted Attacks

Targeted Attacks per DaySource Symantec

2014 2012 2013

TAR

GET

ED A

TTAC

KS

25

50

75

100

125

150

175

200

225

250

DECNOVOCTSEPAUGJULJUNMAYAPRMARFEBJAN

At a Glance

bull Targeted attacks were up in January reaching their highest levels since August of 2013

bull Small companies of 250 employees or less were targeted in 39 of attacks though organizations with 2500+ employees were targeted more often based on first attacks

bull The exe file type was the most common attachment making up 247 of email-based targeted attacks that included file attachments

First Attacks Logged by MonthSource Symantec

100

200

300

400

500

600

700

800

900

1000

1100

1200

J2014

DNOSAJJMAMF

p 9

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Attacks by Size of Targeted OrganizationSource Symantec

Company Size Percent

1-250 389

251-500 91

501-1000 58

1001-1500 34

1501-2500 48

2500+ 379

First Attacks Logged by SizeSource Symantec

Company Size Percent

1-250 292

251-500 85

501-1000 96

1001-1500 60

1501-2500 75

2500+ 391

File Extensions of AttachmentsSource Symantec

File Extension Percent

exe 247

doc 111

scr 84

au3 75

jpg 62

pdf 19

dat 15

com 04

rtf 04

zip 03

Top 10 Industries AttackedSource Symantec

Industry Percent

Manufacturing 213

Services - Non Traditional 206

Finance insurance amp Real Estate 137

Services - Professional 114

Wholesale 110

Transportation communications electric gas amp Sanitary Services

59

Public Administration 42

Retail 32

Construction 22

Mining 15

The ldquoProfessionalrdquo services category includes services such as Legal Accounting Health and Education ldquoNon-Traditionalrdquo services include Hospitality Recreational and Repair services

p 10

Symantec CorporationSymantec Intelligence Report JANUARY 2014

SOCIA

L MED

IA

p 11

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Social Media

At a Glance

bull 82 percent of all social media attacks in January where fake offerings

bull Likejacking is the second-most common type of social media attack at 8 percent

Methodology

Fake Offering These scams invite social network users to join a fake event or group with incentives such as free gift cards Joining often requires the user to share credentials with the attacker or send a text to a premium rate number

Fake Plug-in Scams Users are tricked into downloading fake browser extensions on their machines Rogue browser extensions can pose like legitimate extensions but when installed can steal sensitive information from the infected machine

Likejacking Using fake ldquoLikerdquo buttons attackers trick users into clicking website buttons that install malware and may post updates on a userrsquos newsfeed spreading the attack

Fake Apps Applications provided by attackers that appear to be legitimate apps however they contain a malicious payload The attackers often take legitimate apps bundle malware with them and then re-release it as a free version of the app

Manual Sharing Scams These rely on victims to actually do the hard work of sharing the scam by presenting them with intriguing videos fake offers or messages that they share with their friends

Top 5 Social Media AttacksSource Symantec

Top 5 Social Media Attacks

8

5

Fake Offering

Manual Sharing

Likejacking

2 Fake Apps

2 Comment Jacking

82

p 12

Symantec CorporationSymantec Intelligence Report JANUARY 2014

DATA

BR

EACHES

p 13

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Data Breaches

At a Glance

bull The largest data breach that was reported in January resulted in the exposure of 1058 million identities

bull The reported number of identities exposed in a late-November data breach has since been adjusted upward This breach is now estimated to have exposed 110 million identities

bull In the last 12 months more than 500 million identities have been exposed

Twelve-Month Timeline of Data BreachesSource Symantec

NU

MB

ER O

F IN

CID

ENTS

IDEN

TITI

ES B

RE

ACH

ED (M

ILLI

ON

S)

INCIDENTS IDENTITIES BREACHED

0

20

40

60

80

100

120

140

160

180

J2014

DNOSAJJMAMF

0

5

10

15

20

25

30

35

40

45

Top 5 Types of Information ExposedSource Symantec

39

39

37

31

70Real Names

Gov ID numbers (Soc Sec)

Birth Dates

Home Address

Medical Records

Information Exposed in BreachesInformation Exposed in Breaches

OF ALL BREACHES

Methodology

This data is procured from the Norton Cybercrime Index (CCI) The Norton CCI is a statistical model that measures the levels of threats including malicious software fraud identity theft spam phishing and social engineering daily The data breach section of the Norton CCI is derived from data breaches that have been reported by legitimate media sources and have exposed personal information

In some cases a data breach is not publicly reported during the same month the incident occurred or an adjustment is made in the number of identities reportedly exposed In these cases the data in the Norton CCI is updated This causes fluctuations in the numbers reported for previous months when a new report is released

Norton Cybercrime Indexhttpusnortoncomprotect-yourself

p 14

Symantec CorporationSymantec Intelligence Report JANUARY 2014

MO

BILE

p 15

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Mobile

At a Glance

bull 32 percent of mobile malware discovered over the last 12 months tracks users

bull Traditional threats such as back doors and downloaders are present in 14 percent of all mobile malware threats

bull Risks that collect data such as device info and banking details make up 15 percent of all risks

bull Three new mobile malware families were discovered in January along with 139 new variants

32

Track UserRisks that spy on the individual using the device collecting SMS messages or phone call logs tracking GPS coordinates recording phone calls or gathering pictures and video taken with the device

14

Traditional ThreatsThreats that carry out traditional malware functions such as back doors and downloaders

12

AdwareAnnoyanceMobile risks that display advertising or generally perform actions to disrupt the user

15

Send ContentThese risks will send text messages to premium SMS numbers ultimately appearing on the bill of the devicersquos owner Other risks can be used to send spam messages

13

Change SettingsThese types of risks attempt to elevate privileges or simply modify various settings within the operating system

15

Collect DataThis includes the collection of both device- and user-specific data such as device information configuration data or banking details

Mobile Malware by TypeSource Symantec

p 16

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Cumulative Mobile Android MalwareSource Symantec

VARIANTS FAMILIES

40

80

120

160

200

240

280

320

360

400

J2014

DNOSAJJMAMF

1000

2000

3000

4000

5000

6000

7000

8000

9000

10000

FAM

ILIE

S (

CU

MU

LATI

VE)

VAR

IAN

TS (

CU

MU

LATI

VE)

p 17

Symantec CorporationSymantec Intelligence Report JANUARY 2014

VU

LNER

AB

ILITIES

p 18

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Vulnerabilities

At a Glance

bull There were 555 new vulnerabilities discovered in January bringing the total for the last 12 months to 6443 This is a 17 percent increase over the prior twelve month period

bull There were two vulnerabilities in mobile operating systems disclosed during the month of January

bull Googlersquos Chrome browser continues to lead in reporting browser vulnerabilities while Oraclersquos Java leads in reported plug-in vulnerabilities

Total Vulnerabilities Disclosed by MonthSource Symantec

0

100

200

300

400

500

600

700

800

J2014

DNOSAJJMAMF

Plug-in VulnerabilitiesSource Symantec

10

20

30

40

50

60

70

80

Adobe Acrobat ReaderAdobe Flash PlayerApple QuickTimeOracle Sun Java

Browser VulnerabilitiesSource Symantec

10

20

30

40

50

60

Apple SafariGoogle ChromeMicrosoft Internet ExplorerMozilla FirefoxOpera

p 19

Symantec CorporationSymantec Intelligence Report JANUARY 2014

SPAM

PHISH

ING

amp M

ALW

AR

E

p 20

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global spam rate decreased 19 percentage points in January to 621 percent down from 640 percent in December

bull Mining was the most commonly targeted industry at 642 percent followed by Manufacturing at 632 percent

bull The com top-level domain (TLD) was again the most frequently used malicious TLD in January

bull Sex Dating spam is the most common category at 752 percent Pharmaceutical spam came in second at 201 percent

Spam

Top 5 Activity for Spam Destination by GeographySource Symantec

Geography Percent

Sri Lanka 747

Israel 688

Brazil 669

South Africa 653

Kuwait 648

Top 5 Activity for Spam Destination by IndustrySource Symantec

Industry Percent

Mining 642

Manufacturing 632

Agriculture forestry amp fishing 629

Services - Professional 621

Construction 621

p 21

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 10 Sources of SpamSource Symantec

Source Percent of All Spam

Canada 77

Spain 68

Russian Federation 64

United States 59

Finland 56

Italy 50

Argentina 42

India 37

Ukraine 32

Romania 31

Spam URL Distribution Based on Top Level Domain NameSource Symantec

Month com info ru biz

Dec 331 137 132 103

Nov 367 124 not listed 96

Data lags one month

Average Spam Message SizeSource Symantec

Month 0Kb ndash 5Kb 5Kb ndash 10Kb gt10Kb

Dec 284 192 523

Nov 370 247 384

Data lags one month

Spam by CategorySource Symantec

Category Percent

SexDating 752

Pharma 201

Jobs 18

Software 08

Watches 08

Top 5 Activity for Spam Destination by Company SizeSource Symantec

Company Size Percent

1-250 620

251-500 618

501-1000 624

1001-1500 622

1501-2500 620

2501+ 623

p 22

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global phishing rate is down in January comprising one in 1 in 1444 email messages In December this rate was one in 1 in 1053

bull Financial themes continue to be the most frequent subject matter with 675 percent of phishing scams containing this theme

bull The South Africa had the highest rate in January where one in 530 emails was a phishing scam

bull The United States tops the list of sources of phishing emails responsible for distributing 399 percent of phishing scams

bull Public Administration was the most targeted industry in January with one in every 761 emails received in this industry being a phishing scam

Phishing

Top 5 Activity for Phishing Destination by GeographySource Symantec

Geography Rate

South Africa 1 in 540

United Kingdom 1 in 731

Australia 1 in 821

Austria 1 in 1183

New Zealand 1 in 1215

Top 5 Activity for Phishing Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 761

Agriculture forestry amp fishing 1 in 874

Services - Professional 1 in 1189

Transportation communications electric gas amp Sanitary Services

1 in 14572

Construction 1 in 15715

Top 5 Activity for Phishing Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 1122

251-500 1 in 1130

501-1000 1 in 1463

1001-1500 1 in 1563

1501-2500 1 in 1590

2501+ 1 in 1865

Top 10 Sources of PhishingSource Symantec

Source Percent

United States 399

Australia 271

United Kingdom 243

South Africa 24

Netherlands 18

Sweden 15

Singapore 04

Japan 03

United Arab Emirates 03

New Zealand 02

p 23

Symantec CorporationSymantec Intelligence Report JANUARY 2014

363

32

16

07

581Automated Toolkits

Other Unique Domains

IP Address Domains

Free Web Hosting Sites

Typosquatting

Phishing DistributionPhishing Distribution

Phishing DistributionSource Symantec

291

36

09

01

675Financial

Information Services

Retail

Computer Software

Communications

Organizations Spoofedin Phishing AttacksOrganizations Spoofedin Phishing Attacks

Organizations Spoofed in Phishing AttacksSource Symantec

p 24

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Malware

1 in 0

1 in 50

1 in 100

1 in 150

1 in 200

1 in 250

1 in 300

1 in 350

1 in 400

1 in 450

1 in 500J

2014DNOSAJJMAMF

Proportion of Email Traffic in Which Virus Was DetectedSource Symantec

Top 10 Email Virus SourcesSource Symantec

Geography Percent

United States 665

United Kingdom 150

Australia 41

Netherlands 21

France 18

Germany 12

Japan 12

South Africa 11

Canada 09

Hong Kong 07

At a Glance

bull The global average virus rate in January was one in 431 emails compared to one in 164 in December

bull Hungary topped the list of geographies with one in 217 emails containing a virus

bull The United States was the largest source of virus-laden emails making up 665 percent of all email-based viruses

bull Organizations with 250-500 employees were the most targeted company size where one and 383 emails contained a virus

p 25

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 5 Activity for Malware Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 309

Agriculture forestry amp fishing 1 in 332

Services - Professional 1 in 343

Wholesale 1 in 397

Services - Non Traditional 1 in 467

Top 5 Activity for Malware Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 398

251-500 1 in 383

501-1000 1 in 459

1001-1500 1 in 396

1501-2500 1 in 475

2501+ 1 in 459

Top 5 Activity for Malware Destination by Geographic LocationSource Symantec

Geography Rate

Hungary 1 in 217

South Africa 1 in 221

United Kingdom 1 in 287

Hong Kong 1 in 306

Ireland 1 in 344

p 26

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull Variants of W32Ramnit accounted for 94 percent of all malware blocked at the endpoint

bull In comparison 61 percent of all malware were variants of W32Sality

bull Approximately 495 percent of the most frequently blocked malware last month was identified and blocked using generic detection

Endpoint Security

Top 10 Most Frequently Blocked MalwareSource Symantec

Malware Percent

W32SalityAE 54

W32Ramnithtml 38

W32AlmanaheBinf 34

W32DownadupB 34

W32RamnitB 31

TrojanZbot 25

W32RamnitBinf 22

W32SillyFDC 17

W32VirutCF 17

W32SillyFDCBDPlnk 10

p 27

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Policy Based FilteringSource Symantec

Category Percent

Social Networking 517

Advertisement amp Popups 205

Streaming Media 43

Hosting Sites 32

Computing amp Internet 28

Chat 19

Search 15

Gambling 10

News 09

Entertainment 08

Policy Based Filtering

At a Glance

bull The most common trigger for policy-based filtering applied by Symantec Web Security cloud for its business clients was for the ldquoSocial Networkingrdquo category which accounted for 517 percent of blocked Web activity in January

bull ldquoAdvertisement amp Popupsrdquo was the second-most common trigger comprising 205 percent of blocked Web activity

p 28

Symantec CorporationSymantec Intelligence Report JANUARY 2014

About Symantec

More Information

bull Security Response Publications httpwwwsymanteccomsecurity_responsepublications

bull Internet Security Threat Report Resource Page httpwwwsymanteccomthreatreport

bull Symantec Security Response httpwwwsymanteccomsecurity_response

bull Norton Threat Explorer httpusnortoncomsecurity_responsethreatexplorer

bull Norton Cybercrime Index httpusnortoncomcybercrimeindex

Symantec protects the worldrsquos information and is a global leader in security backup and availability solutions Our innovative products and services protect people and information in any environmentmdashfrom the smallest mobile device to the enterprise data center to cloud-based systems Our world-renowned expertise in protecting data identities and interactions gives our customers confidence in a connected world More information is available at wwwsymanteccom or by connecting with Symantec at gosymanteccomsocialmedia

Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners

For specific country offices and contact numbers

please visit our website

For product information in the US

call toll-free 1 (800) 745 6054

Symantec Corporation World Headquarters

350 Ellis Street

Mountain View CA 94043 USA

+1 (650) 527 8000

1 (800) 721 3934

wwwsymanteccom

Confidence in a connected world

Page 4: Symantec Intelligence Report

p 4

Symantec CorporationSymantec Intelligence Report JANUARY 2014

BIG

NU

MB

ERS

p 5

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Overall Email Phishing RateOverall Email Phishing Rate

1 in 10531 in 1444

1 in 1311Dec

Nov

Jan

HIGHER NUMBER = LOWER RISK

Overall Email Virus RateOverall Email Virus Rate

Nov

Dec

Jan

HIGHER NUMBER = LOWER RISK

1 in 431

1 in 2531 in 164

Estimated GlobalEmail Spam Rate Per DayEstimated GlobalEmail Spam Rate Per Day

SPAM AS PERCENT OF ALL EMAIL

Nov Dec Jan0

10

20

30

40

50

60

70

80

90

100

62 62 64

New VulnerabilitiesNew Vulnerabilities

DecNov Jan

438438 471471 555555Dec 1Nov 6

Jan 2

MobileVulnerabilitiesMobileVulnerabilities

p 6

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Data BreachesData Breaches

219

Number of Breaches(12 month period)

501516310

Number of IdentitiesExposed (12 month period)

Mobile Malware VariantsMobile Malware Variants

VARI

ANTS

(CU

MU

LATI

VE)

132 139

JanDecNov

186

0

1000

2000

3000

4000

5000

6000

7000

8000

9000

10000

JDNOSAJJMAMFJ

77517751

p 7

Symantec CorporationSymantec Intelligence Report JANUARY 2014

TAR

GETED

ATTACKS

p 8

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Targeted Attacks

Targeted Attacks per DaySource Symantec

2014 2012 2013

TAR

GET

ED A

TTAC

KS

25

50

75

100

125

150

175

200

225

250

DECNOVOCTSEPAUGJULJUNMAYAPRMARFEBJAN

At a Glance

bull Targeted attacks were up in January reaching their highest levels since August of 2013

bull Small companies of 250 employees or less were targeted in 39 of attacks though organizations with 2500+ employees were targeted more often based on first attacks

bull The exe file type was the most common attachment making up 247 of email-based targeted attacks that included file attachments

First Attacks Logged by MonthSource Symantec

100

200

300

400

500

600

700

800

900

1000

1100

1200

J2014

DNOSAJJMAMF

p 9

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Attacks by Size of Targeted OrganizationSource Symantec

Company Size Percent

1-250 389

251-500 91

501-1000 58

1001-1500 34

1501-2500 48

2500+ 379

First Attacks Logged by SizeSource Symantec

Company Size Percent

1-250 292

251-500 85

501-1000 96

1001-1500 60

1501-2500 75

2500+ 391

File Extensions of AttachmentsSource Symantec

File Extension Percent

exe 247

doc 111

scr 84

au3 75

jpg 62

pdf 19

dat 15

com 04

rtf 04

zip 03

Top 10 Industries AttackedSource Symantec

Industry Percent

Manufacturing 213

Services - Non Traditional 206

Finance insurance amp Real Estate 137

Services - Professional 114

Wholesale 110

Transportation communications electric gas amp Sanitary Services

59

Public Administration 42

Retail 32

Construction 22

Mining 15

The ldquoProfessionalrdquo services category includes services such as Legal Accounting Health and Education ldquoNon-Traditionalrdquo services include Hospitality Recreational and Repair services

p 10

Symantec CorporationSymantec Intelligence Report JANUARY 2014

SOCIA

L MED

IA

p 11

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Social Media

At a Glance

bull 82 percent of all social media attacks in January where fake offerings

bull Likejacking is the second-most common type of social media attack at 8 percent

Methodology

Fake Offering These scams invite social network users to join a fake event or group with incentives such as free gift cards Joining often requires the user to share credentials with the attacker or send a text to a premium rate number

Fake Plug-in Scams Users are tricked into downloading fake browser extensions on their machines Rogue browser extensions can pose like legitimate extensions but when installed can steal sensitive information from the infected machine

Likejacking Using fake ldquoLikerdquo buttons attackers trick users into clicking website buttons that install malware and may post updates on a userrsquos newsfeed spreading the attack

Fake Apps Applications provided by attackers that appear to be legitimate apps however they contain a malicious payload The attackers often take legitimate apps bundle malware with them and then re-release it as a free version of the app

Manual Sharing Scams These rely on victims to actually do the hard work of sharing the scam by presenting them with intriguing videos fake offers or messages that they share with their friends

Top 5 Social Media AttacksSource Symantec

Top 5 Social Media Attacks

8

5

Fake Offering

Manual Sharing

Likejacking

2 Fake Apps

2 Comment Jacking

82

p 12

Symantec CorporationSymantec Intelligence Report JANUARY 2014

DATA

BR

EACHES

p 13

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Data Breaches

At a Glance

bull The largest data breach that was reported in January resulted in the exposure of 1058 million identities

bull The reported number of identities exposed in a late-November data breach has since been adjusted upward This breach is now estimated to have exposed 110 million identities

bull In the last 12 months more than 500 million identities have been exposed

Twelve-Month Timeline of Data BreachesSource Symantec

NU

MB

ER O

F IN

CID

ENTS

IDEN

TITI

ES B

RE

ACH

ED (M

ILLI

ON

S)

INCIDENTS IDENTITIES BREACHED

0

20

40

60

80

100

120

140

160

180

J2014

DNOSAJJMAMF

0

5

10

15

20

25

30

35

40

45

Top 5 Types of Information ExposedSource Symantec

39

39

37

31

70Real Names

Gov ID numbers (Soc Sec)

Birth Dates

Home Address

Medical Records

Information Exposed in BreachesInformation Exposed in Breaches

OF ALL BREACHES

Methodology

This data is procured from the Norton Cybercrime Index (CCI) The Norton CCI is a statistical model that measures the levels of threats including malicious software fraud identity theft spam phishing and social engineering daily The data breach section of the Norton CCI is derived from data breaches that have been reported by legitimate media sources and have exposed personal information

In some cases a data breach is not publicly reported during the same month the incident occurred or an adjustment is made in the number of identities reportedly exposed In these cases the data in the Norton CCI is updated This causes fluctuations in the numbers reported for previous months when a new report is released

Norton Cybercrime Indexhttpusnortoncomprotect-yourself

p 14

Symantec CorporationSymantec Intelligence Report JANUARY 2014

MO

BILE

p 15

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Mobile

At a Glance

bull 32 percent of mobile malware discovered over the last 12 months tracks users

bull Traditional threats such as back doors and downloaders are present in 14 percent of all mobile malware threats

bull Risks that collect data such as device info and banking details make up 15 percent of all risks

bull Three new mobile malware families were discovered in January along with 139 new variants

32

Track UserRisks that spy on the individual using the device collecting SMS messages or phone call logs tracking GPS coordinates recording phone calls or gathering pictures and video taken with the device

14

Traditional ThreatsThreats that carry out traditional malware functions such as back doors and downloaders

12

AdwareAnnoyanceMobile risks that display advertising or generally perform actions to disrupt the user

15

Send ContentThese risks will send text messages to premium SMS numbers ultimately appearing on the bill of the devicersquos owner Other risks can be used to send spam messages

13

Change SettingsThese types of risks attempt to elevate privileges or simply modify various settings within the operating system

15

Collect DataThis includes the collection of both device- and user-specific data such as device information configuration data or banking details

Mobile Malware by TypeSource Symantec

p 16

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Cumulative Mobile Android MalwareSource Symantec

VARIANTS FAMILIES

40

80

120

160

200

240

280

320

360

400

J2014

DNOSAJJMAMF

1000

2000

3000

4000

5000

6000

7000

8000

9000

10000

FAM

ILIE

S (

CU

MU

LATI

VE)

VAR

IAN

TS (

CU

MU

LATI

VE)

p 17

Symantec CorporationSymantec Intelligence Report JANUARY 2014

VU

LNER

AB

ILITIES

p 18

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Vulnerabilities

At a Glance

bull There were 555 new vulnerabilities discovered in January bringing the total for the last 12 months to 6443 This is a 17 percent increase over the prior twelve month period

bull There were two vulnerabilities in mobile operating systems disclosed during the month of January

bull Googlersquos Chrome browser continues to lead in reporting browser vulnerabilities while Oraclersquos Java leads in reported plug-in vulnerabilities

Total Vulnerabilities Disclosed by MonthSource Symantec

0

100

200

300

400

500

600

700

800

J2014

DNOSAJJMAMF

Plug-in VulnerabilitiesSource Symantec

10

20

30

40

50

60

70

80

Adobe Acrobat ReaderAdobe Flash PlayerApple QuickTimeOracle Sun Java

Browser VulnerabilitiesSource Symantec

10

20

30

40

50

60

Apple SafariGoogle ChromeMicrosoft Internet ExplorerMozilla FirefoxOpera

p 19

Symantec CorporationSymantec Intelligence Report JANUARY 2014

SPAM

PHISH

ING

amp M

ALW

AR

E

p 20

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global spam rate decreased 19 percentage points in January to 621 percent down from 640 percent in December

bull Mining was the most commonly targeted industry at 642 percent followed by Manufacturing at 632 percent

bull The com top-level domain (TLD) was again the most frequently used malicious TLD in January

bull Sex Dating spam is the most common category at 752 percent Pharmaceutical spam came in second at 201 percent

Spam

Top 5 Activity for Spam Destination by GeographySource Symantec

Geography Percent

Sri Lanka 747

Israel 688

Brazil 669

South Africa 653

Kuwait 648

Top 5 Activity for Spam Destination by IndustrySource Symantec

Industry Percent

Mining 642

Manufacturing 632

Agriculture forestry amp fishing 629

Services - Professional 621

Construction 621

p 21

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 10 Sources of SpamSource Symantec

Source Percent of All Spam

Canada 77

Spain 68

Russian Federation 64

United States 59

Finland 56

Italy 50

Argentina 42

India 37

Ukraine 32

Romania 31

Spam URL Distribution Based on Top Level Domain NameSource Symantec

Month com info ru biz

Dec 331 137 132 103

Nov 367 124 not listed 96

Data lags one month

Average Spam Message SizeSource Symantec

Month 0Kb ndash 5Kb 5Kb ndash 10Kb gt10Kb

Dec 284 192 523

Nov 370 247 384

Data lags one month

Spam by CategorySource Symantec

Category Percent

SexDating 752

Pharma 201

Jobs 18

Software 08

Watches 08

Top 5 Activity for Spam Destination by Company SizeSource Symantec

Company Size Percent

1-250 620

251-500 618

501-1000 624

1001-1500 622

1501-2500 620

2501+ 623

p 22

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global phishing rate is down in January comprising one in 1 in 1444 email messages In December this rate was one in 1 in 1053

bull Financial themes continue to be the most frequent subject matter with 675 percent of phishing scams containing this theme

bull The South Africa had the highest rate in January where one in 530 emails was a phishing scam

bull The United States tops the list of sources of phishing emails responsible for distributing 399 percent of phishing scams

bull Public Administration was the most targeted industry in January with one in every 761 emails received in this industry being a phishing scam

Phishing

Top 5 Activity for Phishing Destination by GeographySource Symantec

Geography Rate

South Africa 1 in 540

United Kingdom 1 in 731

Australia 1 in 821

Austria 1 in 1183

New Zealand 1 in 1215

Top 5 Activity for Phishing Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 761

Agriculture forestry amp fishing 1 in 874

Services - Professional 1 in 1189

Transportation communications electric gas amp Sanitary Services

1 in 14572

Construction 1 in 15715

Top 5 Activity for Phishing Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 1122

251-500 1 in 1130

501-1000 1 in 1463

1001-1500 1 in 1563

1501-2500 1 in 1590

2501+ 1 in 1865

Top 10 Sources of PhishingSource Symantec

Source Percent

United States 399

Australia 271

United Kingdom 243

South Africa 24

Netherlands 18

Sweden 15

Singapore 04

Japan 03

United Arab Emirates 03

New Zealand 02

p 23

Symantec CorporationSymantec Intelligence Report JANUARY 2014

363

32

16

07

581Automated Toolkits

Other Unique Domains

IP Address Domains

Free Web Hosting Sites

Typosquatting

Phishing DistributionPhishing Distribution

Phishing DistributionSource Symantec

291

36

09

01

675Financial

Information Services

Retail

Computer Software

Communications

Organizations Spoofedin Phishing AttacksOrganizations Spoofedin Phishing Attacks

Organizations Spoofed in Phishing AttacksSource Symantec

p 24

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Malware

1 in 0

1 in 50

1 in 100

1 in 150

1 in 200

1 in 250

1 in 300

1 in 350

1 in 400

1 in 450

1 in 500J

2014DNOSAJJMAMF

Proportion of Email Traffic in Which Virus Was DetectedSource Symantec

Top 10 Email Virus SourcesSource Symantec

Geography Percent

United States 665

United Kingdom 150

Australia 41

Netherlands 21

France 18

Germany 12

Japan 12

South Africa 11

Canada 09

Hong Kong 07

At a Glance

bull The global average virus rate in January was one in 431 emails compared to one in 164 in December

bull Hungary topped the list of geographies with one in 217 emails containing a virus

bull The United States was the largest source of virus-laden emails making up 665 percent of all email-based viruses

bull Organizations with 250-500 employees were the most targeted company size where one and 383 emails contained a virus

p 25

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 5 Activity for Malware Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 309

Agriculture forestry amp fishing 1 in 332

Services - Professional 1 in 343

Wholesale 1 in 397

Services - Non Traditional 1 in 467

Top 5 Activity for Malware Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 398

251-500 1 in 383

501-1000 1 in 459

1001-1500 1 in 396

1501-2500 1 in 475

2501+ 1 in 459

Top 5 Activity for Malware Destination by Geographic LocationSource Symantec

Geography Rate

Hungary 1 in 217

South Africa 1 in 221

United Kingdom 1 in 287

Hong Kong 1 in 306

Ireland 1 in 344

p 26

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull Variants of W32Ramnit accounted for 94 percent of all malware blocked at the endpoint

bull In comparison 61 percent of all malware were variants of W32Sality

bull Approximately 495 percent of the most frequently blocked malware last month was identified and blocked using generic detection

Endpoint Security

Top 10 Most Frequently Blocked MalwareSource Symantec

Malware Percent

W32SalityAE 54

W32Ramnithtml 38

W32AlmanaheBinf 34

W32DownadupB 34

W32RamnitB 31

TrojanZbot 25

W32RamnitBinf 22

W32SillyFDC 17

W32VirutCF 17

W32SillyFDCBDPlnk 10

p 27

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Policy Based FilteringSource Symantec

Category Percent

Social Networking 517

Advertisement amp Popups 205

Streaming Media 43

Hosting Sites 32

Computing amp Internet 28

Chat 19

Search 15

Gambling 10

News 09

Entertainment 08

Policy Based Filtering

At a Glance

bull The most common trigger for policy-based filtering applied by Symantec Web Security cloud for its business clients was for the ldquoSocial Networkingrdquo category which accounted for 517 percent of blocked Web activity in January

bull ldquoAdvertisement amp Popupsrdquo was the second-most common trigger comprising 205 percent of blocked Web activity

p 28

Symantec CorporationSymantec Intelligence Report JANUARY 2014

About Symantec

More Information

bull Security Response Publications httpwwwsymanteccomsecurity_responsepublications

bull Internet Security Threat Report Resource Page httpwwwsymanteccomthreatreport

bull Symantec Security Response httpwwwsymanteccomsecurity_response

bull Norton Threat Explorer httpusnortoncomsecurity_responsethreatexplorer

bull Norton Cybercrime Index httpusnortoncomcybercrimeindex

Symantec protects the worldrsquos information and is a global leader in security backup and availability solutions Our innovative products and services protect people and information in any environmentmdashfrom the smallest mobile device to the enterprise data center to cloud-based systems Our world-renowned expertise in protecting data identities and interactions gives our customers confidence in a connected world More information is available at wwwsymanteccom or by connecting with Symantec at gosymanteccomsocialmedia

Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners

For specific country offices and contact numbers

please visit our website

For product information in the US

call toll-free 1 (800) 745 6054

Symantec Corporation World Headquarters

350 Ellis Street

Mountain View CA 94043 USA

+1 (650) 527 8000

1 (800) 721 3934

wwwsymanteccom

Confidence in a connected world

Page 5: Symantec Intelligence Report

p 5

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Overall Email Phishing RateOverall Email Phishing Rate

1 in 10531 in 1444

1 in 1311Dec

Nov

Jan

HIGHER NUMBER = LOWER RISK

Overall Email Virus RateOverall Email Virus Rate

Nov

Dec

Jan

HIGHER NUMBER = LOWER RISK

1 in 431

1 in 2531 in 164

Estimated GlobalEmail Spam Rate Per DayEstimated GlobalEmail Spam Rate Per Day

SPAM AS PERCENT OF ALL EMAIL

Nov Dec Jan0

10

20

30

40

50

60

70

80

90

100

62 62 64

New VulnerabilitiesNew Vulnerabilities

DecNov Jan

438438 471471 555555Dec 1Nov 6

Jan 2

MobileVulnerabilitiesMobileVulnerabilities

p 6

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Data BreachesData Breaches

219

Number of Breaches(12 month period)

501516310

Number of IdentitiesExposed (12 month period)

Mobile Malware VariantsMobile Malware Variants

VARI

ANTS

(CU

MU

LATI

VE)

132 139

JanDecNov

186

0

1000

2000

3000

4000

5000

6000

7000

8000

9000

10000

JDNOSAJJMAMFJ

77517751

p 7

Symantec CorporationSymantec Intelligence Report JANUARY 2014

TAR

GETED

ATTACKS

p 8

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Targeted Attacks

Targeted Attacks per DaySource Symantec

2014 2012 2013

TAR

GET

ED A

TTAC

KS

25

50

75

100

125

150

175

200

225

250

DECNOVOCTSEPAUGJULJUNMAYAPRMARFEBJAN

At a Glance

bull Targeted attacks were up in January reaching their highest levels since August of 2013

bull Small companies of 250 employees or less were targeted in 39 of attacks though organizations with 2500+ employees were targeted more often based on first attacks

bull The exe file type was the most common attachment making up 247 of email-based targeted attacks that included file attachments

First Attacks Logged by MonthSource Symantec

100

200

300

400

500

600

700

800

900

1000

1100

1200

J2014

DNOSAJJMAMF

p 9

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Attacks by Size of Targeted OrganizationSource Symantec

Company Size Percent

1-250 389

251-500 91

501-1000 58

1001-1500 34

1501-2500 48

2500+ 379

First Attacks Logged by SizeSource Symantec

Company Size Percent

1-250 292

251-500 85

501-1000 96

1001-1500 60

1501-2500 75

2500+ 391

File Extensions of AttachmentsSource Symantec

File Extension Percent

exe 247

doc 111

scr 84

au3 75

jpg 62

pdf 19

dat 15

com 04

rtf 04

zip 03

Top 10 Industries AttackedSource Symantec

Industry Percent

Manufacturing 213

Services - Non Traditional 206

Finance insurance amp Real Estate 137

Services - Professional 114

Wholesale 110

Transportation communications electric gas amp Sanitary Services

59

Public Administration 42

Retail 32

Construction 22

Mining 15

The ldquoProfessionalrdquo services category includes services such as Legal Accounting Health and Education ldquoNon-Traditionalrdquo services include Hospitality Recreational and Repair services

p 10

Symantec CorporationSymantec Intelligence Report JANUARY 2014

SOCIA

L MED

IA

p 11

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Social Media

At a Glance

bull 82 percent of all social media attacks in January where fake offerings

bull Likejacking is the second-most common type of social media attack at 8 percent

Methodology

Fake Offering These scams invite social network users to join a fake event or group with incentives such as free gift cards Joining often requires the user to share credentials with the attacker or send a text to a premium rate number

Fake Plug-in Scams Users are tricked into downloading fake browser extensions on their machines Rogue browser extensions can pose like legitimate extensions but when installed can steal sensitive information from the infected machine

Likejacking Using fake ldquoLikerdquo buttons attackers trick users into clicking website buttons that install malware and may post updates on a userrsquos newsfeed spreading the attack

Fake Apps Applications provided by attackers that appear to be legitimate apps however they contain a malicious payload The attackers often take legitimate apps bundle malware with them and then re-release it as a free version of the app

Manual Sharing Scams These rely on victims to actually do the hard work of sharing the scam by presenting them with intriguing videos fake offers or messages that they share with their friends

Top 5 Social Media AttacksSource Symantec

Top 5 Social Media Attacks

8

5

Fake Offering

Manual Sharing

Likejacking

2 Fake Apps

2 Comment Jacking

82

p 12

Symantec CorporationSymantec Intelligence Report JANUARY 2014

DATA

BR

EACHES

p 13

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Data Breaches

At a Glance

bull The largest data breach that was reported in January resulted in the exposure of 1058 million identities

bull The reported number of identities exposed in a late-November data breach has since been adjusted upward This breach is now estimated to have exposed 110 million identities

bull In the last 12 months more than 500 million identities have been exposed

Twelve-Month Timeline of Data BreachesSource Symantec

NU

MB

ER O

F IN

CID

ENTS

IDEN

TITI

ES B

RE

ACH

ED (M

ILLI

ON

S)

INCIDENTS IDENTITIES BREACHED

0

20

40

60

80

100

120

140

160

180

J2014

DNOSAJJMAMF

0

5

10

15

20

25

30

35

40

45

Top 5 Types of Information ExposedSource Symantec

39

39

37

31

70Real Names

Gov ID numbers (Soc Sec)

Birth Dates

Home Address

Medical Records

Information Exposed in BreachesInformation Exposed in Breaches

OF ALL BREACHES

Methodology

This data is procured from the Norton Cybercrime Index (CCI) The Norton CCI is a statistical model that measures the levels of threats including malicious software fraud identity theft spam phishing and social engineering daily The data breach section of the Norton CCI is derived from data breaches that have been reported by legitimate media sources and have exposed personal information

In some cases a data breach is not publicly reported during the same month the incident occurred or an adjustment is made in the number of identities reportedly exposed In these cases the data in the Norton CCI is updated This causes fluctuations in the numbers reported for previous months when a new report is released

Norton Cybercrime Indexhttpusnortoncomprotect-yourself

p 14

Symantec CorporationSymantec Intelligence Report JANUARY 2014

MO

BILE

p 15

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Mobile

At a Glance

bull 32 percent of mobile malware discovered over the last 12 months tracks users

bull Traditional threats such as back doors and downloaders are present in 14 percent of all mobile malware threats

bull Risks that collect data such as device info and banking details make up 15 percent of all risks

bull Three new mobile malware families were discovered in January along with 139 new variants

32

Track UserRisks that spy on the individual using the device collecting SMS messages or phone call logs tracking GPS coordinates recording phone calls or gathering pictures and video taken with the device

14

Traditional ThreatsThreats that carry out traditional malware functions such as back doors and downloaders

12

AdwareAnnoyanceMobile risks that display advertising or generally perform actions to disrupt the user

15

Send ContentThese risks will send text messages to premium SMS numbers ultimately appearing on the bill of the devicersquos owner Other risks can be used to send spam messages

13

Change SettingsThese types of risks attempt to elevate privileges or simply modify various settings within the operating system

15

Collect DataThis includes the collection of both device- and user-specific data such as device information configuration data or banking details

Mobile Malware by TypeSource Symantec

p 16

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Cumulative Mobile Android MalwareSource Symantec

VARIANTS FAMILIES

40

80

120

160

200

240

280

320

360

400

J2014

DNOSAJJMAMF

1000

2000

3000

4000

5000

6000

7000

8000

9000

10000

FAM

ILIE

S (

CU

MU

LATI

VE)

VAR

IAN

TS (

CU

MU

LATI

VE)

p 17

Symantec CorporationSymantec Intelligence Report JANUARY 2014

VU

LNER

AB

ILITIES

p 18

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Vulnerabilities

At a Glance

bull There were 555 new vulnerabilities discovered in January bringing the total for the last 12 months to 6443 This is a 17 percent increase over the prior twelve month period

bull There were two vulnerabilities in mobile operating systems disclosed during the month of January

bull Googlersquos Chrome browser continues to lead in reporting browser vulnerabilities while Oraclersquos Java leads in reported plug-in vulnerabilities

Total Vulnerabilities Disclosed by MonthSource Symantec

0

100

200

300

400

500

600

700

800

J2014

DNOSAJJMAMF

Plug-in VulnerabilitiesSource Symantec

10

20

30

40

50

60

70

80

Adobe Acrobat ReaderAdobe Flash PlayerApple QuickTimeOracle Sun Java

Browser VulnerabilitiesSource Symantec

10

20

30

40

50

60

Apple SafariGoogle ChromeMicrosoft Internet ExplorerMozilla FirefoxOpera

p 19

Symantec CorporationSymantec Intelligence Report JANUARY 2014

SPAM

PHISH

ING

amp M

ALW

AR

E

p 20

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global spam rate decreased 19 percentage points in January to 621 percent down from 640 percent in December

bull Mining was the most commonly targeted industry at 642 percent followed by Manufacturing at 632 percent

bull The com top-level domain (TLD) was again the most frequently used malicious TLD in January

bull Sex Dating spam is the most common category at 752 percent Pharmaceutical spam came in second at 201 percent

Spam

Top 5 Activity for Spam Destination by GeographySource Symantec

Geography Percent

Sri Lanka 747

Israel 688

Brazil 669

South Africa 653

Kuwait 648

Top 5 Activity for Spam Destination by IndustrySource Symantec

Industry Percent

Mining 642

Manufacturing 632

Agriculture forestry amp fishing 629

Services - Professional 621

Construction 621

p 21

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 10 Sources of SpamSource Symantec

Source Percent of All Spam

Canada 77

Spain 68

Russian Federation 64

United States 59

Finland 56

Italy 50

Argentina 42

India 37

Ukraine 32

Romania 31

Spam URL Distribution Based on Top Level Domain NameSource Symantec

Month com info ru biz

Dec 331 137 132 103

Nov 367 124 not listed 96

Data lags one month

Average Spam Message SizeSource Symantec

Month 0Kb ndash 5Kb 5Kb ndash 10Kb gt10Kb

Dec 284 192 523

Nov 370 247 384

Data lags one month

Spam by CategorySource Symantec

Category Percent

SexDating 752

Pharma 201

Jobs 18

Software 08

Watches 08

Top 5 Activity for Spam Destination by Company SizeSource Symantec

Company Size Percent

1-250 620

251-500 618

501-1000 624

1001-1500 622

1501-2500 620

2501+ 623

p 22

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global phishing rate is down in January comprising one in 1 in 1444 email messages In December this rate was one in 1 in 1053

bull Financial themes continue to be the most frequent subject matter with 675 percent of phishing scams containing this theme

bull The South Africa had the highest rate in January where one in 530 emails was a phishing scam

bull The United States tops the list of sources of phishing emails responsible for distributing 399 percent of phishing scams

bull Public Administration was the most targeted industry in January with one in every 761 emails received in this industry being a phishing scam

Phishing

Top 5 Activity for Phishing Destination by GeographySource Symantec

Geography Rate

South Africa 1 in 540

United Kingdom 1 in 731

Australia 1 in 821

Austria 1 in 1183

New Zealand 1 in 1215

Top 5 Activity for Phishing Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 761

Agriculture forestry amp fishing 1 in 874

Services - Professional 1 in 1189

Transportation communications electric gas amp Sanitary Services

1 in 14572

Construction 1 in 15715

Top 5 Activity for Phishing Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 1122

251-500 1 in 1130

501-1000 1 in 1463

1001-1500 1 in 1563

1501-2500 1 in 1590

2501+ 1 in 1865

Top 10 Sources of PhishingSource Symantec

Source Percent

United States 399

Australia 271

United Kingdom 243

South Africa 24

Netherlands 18

Sweden 15

Singapore 04

Japan 03

United Arab Emirates 03

New Zealand 02

p 23

Symantec CorporationSymantec Intelligence Report JANUARY 2014

363

32

16

07

581Automated Toolkits

Other Unique Domains

IP Address Domains

Free Web Hosting Sites

Typosquatting

Phishing DistributionPhishing Distribution

Phishing DistributionSource Symantec

291

36

09

01

675Financial

Information Services

Retail

Computer Software

Communications

Organizations Spoofedin Phishing AttacksOrganizations Spoofedin Phishing Attacks

Organizations Spoofed in Phishing AttacksSource Symantec

p 24

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Malware

1 in 0

1 in 50

1 in 100

1 in 150

1 in 200

1 in 250

1 in 300

1 in 350

1 in 400

1 in 450

1 in 500J

2014DNOSAJJMAMF

Proportion of Email Traffic in Which Virus Was DetectedSource Symantec

Top 10 Email Virus SourcesSource Symantec

Geography Percent

United States 665

United Kingdom 150

Australia 41

Netherlands 21

France 18

Germany 12

Japan 12

South Africa 11

Canada 09

Hong Kong 07

At a Glance

bull The global average virus rate in January was one in 431 emails compared to one in 164 in December

bull Hungary topped the list of geographies with one in 217 emails containing a virus

bull The United States was the largest source of virus-laden emails making up 665 percent of all email-based viruses

bull Organizations with 250-500 employees were the most targeted company size where one and 383 emails contained a virus

p 25

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 5 Activity for Malware Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 309

Agriculture forestry amp fishing 1 in 332

Services - Professional 1 in 343

Wholesale 1 in 397

Services - Non Traditional 1 in 467

Top 5 Activity for Malware Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 398

251-500 1 in 383

501-1000 1 in 459

1001-1500 1 in 396

1501-2500 1 in 475

2501+ 1 in 459

Top 5 Activity for Malware Destination by Geographic LocationSource Symantec

Geography Rate

Hungary 1 in 217

South Africa 1 in 221

United Kingdom 1 in 287

Hong Kong 1 in 306

Ireland 1 in 344

p 26

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull Variants of W32Ramnit accounted for 94 percent of all malware blocked at the endpoint

bull In comparison 61 percent of all malware were variants of W32Sality

bull Approximately 495 percent of the most frequently blocked malware last month was identified and blocked using generic detection

Endpoint Security

Top 10 Most Frequently Blocked MalwareSource Symantec

Malware Percent

W32SalityAE 54

W32Ramnithtml 38

W32AlmanaheBinf 34

W32DownadupB 34

W32RamnitB 31

TrojanZbot 25

W32RamnitBinf 22

W32SillyFDC 17

W32VirutCF 17

W32SillyFDCBDPlnk 10

p 27

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Policy Based FilteringSource Symantec

Category Percent

Social Networking 517

Advertisement amp Popups 205

Streaming Media 43

Hosting Sites 32

Computing amp Internet 28

Chat 19

Search 15

Gambling 10

News 09

Entertainment 08

Policy Based Filtering

At a Glance

bull The most common trigger for policy-based filtering applied by Symantec Web Security cloud for its business clients was for the ldquoSocial Networkingrdquo category which accounted for 517 percent of blocked Web activity in January

bull ldquoAdvertisement amp Popupsrdquo was the second-most common trigger comprising 205 percent of blocked Web activity

p 28

Symantec CorporationSymantec Intelligence Report JANUARY 2014

About Symantec

More Information

bull Security Response Publications httpwwwsymanteccomsecurity_responsepublications

bull Internet Security Threat Report Resource Page httpwwwsymanteccomthreatreport

bull Symantec Security Response httpwwwsymanteccomsecurity_response

bull Norton Threat Explorer httpusnortoncomsecurity_responsethreatexplorer

bull Norton Cybercrime Index httpusnortoncomcybercrimeindex

Symantec protects the worldrsquos information and is a global leader in security backup and availability solutions Our innovative products and services protect people and information in any environmentmdashfrom the smallest mobile device to the enterprise data center to cloud-based systems Our world-renowned expertise in protecting data identities and interactions gives our customers confidence in a connected world More information is available at wwwsymanteccom or by connecting with Symantec at gosymanteccomsocialmedia

Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners

For specific country offices and contact numbers

please visit our website

For product information in the US

call toll-free 1 (800) 745 6054

Symantec Corporation World Headquarters

350 Ellis Street

Mountain View CA 94043 USA

+1 (650) 527 8000

1 (800) 721 3934

wwwsymanteccom

Confidence in a connected world

Page 6: Symantec Intelligence Report

p 6

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Data BreachesData Breaches

219

Number of Breaches(12 month period)

501516310

Number of IdentitiesExposed (12 month period)

Mobile Malware VariantsMobile Malware Variants

VARI

ANTS

(CU

MU

LATI

VE)

132 139

JanDecNov

186

0

1000

2000

3000

4000

5000

6000

7000

8000

9000

10000

JDNOSAJJMAMFJ

77517751

p 7

Symantec CorporationSymantec Intelligence Report JANUARY 2014

TAR

GETED

ATTACKS

p 8

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Targeted Attacks

Targeted Attacks per DaySource Symantec

2014 2012 2013

TAR

GET

ED A

TTAC

KS

25

50

75

100

125

150

175

200

225

250

DECNOVOCTSEPAUGJULJUNMAYAPRMARFEBJAN

At a Glance

bull Targeted attacks were up in January reaching their highest levels since August of 2013

bull Small companies of 250 employees or less were targeted in 39 of attacks though organizations with 2500+ employees were targeted more often based on first attacks

bull The exe file type was the most common attachment making up 247 of email-based targeted attacks that included file attachments

First Attacks Logged by MonthSource Symantec

100

200

300

400

500

600

700

800

900

1000

1100

1200

J2014

DNOSAJJMAMF

p 9

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Attacks by Size of Targeted OrganizationSource Symantec

Company Size Percent

1-250 389

251-500 91

501-1000 58

1001-1500 34

1501-2500 48

2500+ 379

First Attacks Logged by SizeSource Symantec

Company Size Percent

1-250 292

251-500 85

501-1000 96

1001-1500 60

1501-2500 75

2500+ 391

File Extensions of AttachmentsSource Symantec

File Extension Percent

exe 247

doc 111

scr 84

au3 75

jpg 62

pdf 19

dat 15

com 04

rtf 04

zip 03

Top 10 Industries AttackedSource Symantec

Industry Percent

Manufacturing 213

Services - Non Traditional 206

Finance insurance amp Real Estate 137

Services - Professional 114

Wholesale 110

Transportation communications electric gas amp Sanitary Services

59

Public Administration 42

Retail 32

Construction 22

Mining 15

The ldquoProfessionalrdquo services category includes services such as Legal Accounting Health and Education ldquoNon-Traditionalrdquo services include Hospitality Recreational and Repair services

p 10

Symantec CorporationSymantec Intelligence Report JANUARY 2014

SOCIA

L MED

IA

p 11

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Social Media

At a Glance

bull 82 percent of all social media attacks in January where fake offerings

bull Likejacking is the second-most common type of social media attack at 8 percent

Methodology

Fake Offering These scams invite social network users to join a fake event or group with incentives such as free gift cards Joining often requires the user to share credentials with the attacker or send a text to a premium rate number

Fake Plug-in Scams Users are tricked into downloading fake browser extensions on their machines Rogue browser extensions can pose like legitimate extensions but when installed can steal sensitive information from the infected machine

Likejacking Using fake ldquoLikerdquo buttons attackers trick users into clicking website buttons that install malware and may post updates on a userrsquos newsfeed spreading the attack

Fake Apps Applications provided by attackers that appear to be legitimate apps however they contain a malicious payload The attackers often take legitimate apps bundle malware with them and then re-release it as a free version of the app

Manual Sharing Scams These rely on victims to actually do the hard work of sharing the scam by presenting them with intriguing videos fake offers or messages that they share with their friends

Top 5 Social Media AttacksSource Symantec

Top 5 Social Media Attacks

8

5

Fake Offering

Manual Sharing

Likejacking

2 Fake Apps

2 Comment Jacking

82

p 12

Symantec CorporationSymantec Intelligence Report JANUARY 2014

DATA

BR

EACHES

p 13

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Data Breaches

At a Glance

bull The largest data breach that was reported in January resulted in the exposure of 1058 million identities

bull The reported number of identities exposed in a late-November data breach has since been adjusted upward This breach is now estimated to have exposed 110 million identities

bull In the last 12 months more than 500 million identities have been exposed

Twelve-Month Timeline of Data BreachesSource Symantec

NU

MB

ER O

F IN

CID

ENTS

IDEN

TITI

ES B

RE

ACH

ED (M

ILLI

ON

S)

INCIDENTS IDENTITIES BREACHED

0

20

40

60

80

100

120

140

160

180

J2014

DNOSAJJMAMF

0

5

10

15

20

25

30

35

40

45

Top 5 Types of Information ExposedSource Symantec

39

39

37

31

70Real Names

Gov ID numbers (Soc Sec)

Birth Dates

Home Address

Medical Records

Information Exposed in BreachesInformation Exposed in Breaches

OF ALL BREACHES

Methodology

This data is procured from the Norton Cybercrime Index (CCI) The Norton CCI is a statistical model that measures the levels of threats including malicious software fraud identity theft spam phishing and social engineering daily The data breach section of the Norton CCI is derived from data breaches that have been reported by legitimate media sources and have exposed personal information

In some cases a data breach is not publicly reported during the same month the incident occurred or an adjustment is made in the number of identities reportedly exposed In these cases the data in the Norton CCI is updated This causes fluctuations in the numbers reported for previous months when a new report is released

Norton Cybercrime Indexhttpusnortoncomprotect-yourself

p 14

Symantec CorporationSymantec Intelligence Report JANUARY 2014

MO

BILE

p 15

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Mobile

At a Glance

bull 32 percent of mobile malware discovered over the last 12 months tracks users

bull Traditional threats such as back doors and downloaders are present in 14 percent of all mobile malware threats

bull Risks that collect data such as device info and banking details make up 15 percent of all risks

bull Three new mobile malware families were discovered in January along with 139 new variants

32

Track UserRisks that spy on the individual using the device collecting SMS messages or phone call logs tracking GPS coordinates recording phone calls or gathering pictures and video taken with the device

14

Traditional ThreatsThreats that carry out traditional malware functions such as back doors and downloaders

12

AdwareAnnoyanceMobile risks that display advertising or generally perform actions to disrupt the user

15

Send ContentThese risks will send text messages to premium SMS numbers ultimately appearing on the bill of the devicersquos owner Other risks can be used to send spam messages

13

Change SettingsThese types of risks attempt to elevate privileges or simply modify various settings within the operating system

15

Collect DataThis includes the collection of both device- and user-specific data such as device information configuration data or banking details

Mobile Malware by TypeSource Symantec

p 16

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Cumulative Mobile Android MalwareSource Symantec

VARIANTS FAMILIES

40

80

120

160

200

240

280

320

360

400

J2014

DNOSAJJMAMF

1000

2000

3000

4000

5000

6000

7000

8000

9000

10000

FAM

ILIE

S (

CU

MU

LATI

VE)

VAR

IAN

TS (

CU

MU

LATI

VE)

p 17

Symantec CorporationSymantec Intelligence Report JANUARY 2014

VU

LNER

AB

ILITIES

p 18

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Vulnerabilities

At a Glance

bull There were 555 new vulnerabilities discovered in January bringing the total for the last 12 months to 6443 This is a 17 percent increase over the prior twelve month period

bull There were two vulnerabilities in mobile operating systems disclosed during the month of January

bull Googlersquos Chrome browser continues to lead in reporting browser vulnerabilities while Oraclersquos Java leads in reported plug-in vulnerabilities

Total Vulnerabilities Disclosed by MonthSource Symantec

0

100

200

300

400

500

600

700

800

J2014

DNOSAJJMAMF

Plug-in VulnerabilitiesSource Symantec

10

20

30

40

50

60

70

80

Adobe Acrobat ReaderAdobe Flash PlayerApple QuickTimeOracle Sun Java

Browser VulnerabilitiesSource Symantec

10

20

30

40

50

60

Apple SafariGoogle ChromeMicrosoft Internet ExplorerMozilla FirefoxOpera

p 19

Symantec CorporationSymantec Intelligence Report JANUARY 2014

SPAM

PHISH

ING

amp M

ALW

AR

E

p 20

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global spam rate decreased 19 percentage points in January to 621 percent down from 640 percent in December

bull Mining was the most commonly targeted industry at 642 percent followed by Manufacturing at 632 percent

bull The com top-level domain (TLD) was again the most frequently used malicious TLD in January

bull Sex Dating spam is the most common category at 752 percent Pharmaceutical spam came in second at 201 percent

Spam

Top 5 Activity for Spam Destination by GeographySource Symantec

Geography Percent

Sri Lanka 747

Israel 688

Brazil 669

South Africa 653

Kuwait 648

Top 5 Activity for Spam Destination by IndustrySource Symantec

Industry Percent

Mining 642

Manufacturing 632

Agriculture forestry amp fishing 629

Services - Professional 621

Construction 621

p 21

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 10 Sources of SpamSource Symantec

Source Percent of All Spam

Canada 77

Spain 68

Russian Federation 64

United States 59

Finland 56

Italy 50

Argentina 42

India 37

Ukraine 32

Romania 31

Spam URL Distribution Based on Top Level Domain NameSource Symantec

Month com info ru biz

Dec 331 137 132 103

Nov 367 124 not listed 96

Data lags one month

Average Spam Message SizeSource Symantec

Month 0Kb ndash 5Kb 5Kb ndash 10Kb gt10Kb

Dec 284 192 523

Nov 370 247 384

Data lags one month

Spam by CategorySource Symantec

Category Percent

SexDating 752

Pharma 201

Jobs 18

Software 08

Watches 08

Top 5 Activity for Spam Destination by Company SizeSource Symantec

Company Size Percent

1-250 620

251-500 618

501-1000 624

1001-1500 622

1501-2500 620

2501+ 623

p 22

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global phishing rate is down in January comprising one in 1 in 1444 email messages In December this rate was one in 1 in 1053

bull Financial themes continue to be the most frequent subject matter with 675 percent of phishing scams containing this theme

bull The South Africa had the highest rate in January where one in 530 emails was a phishing scam

bull The United States tops the list of sources of phishing emails responsible for distributing 399 percent of phishing scams

bull Public Administration was the most targeted industry in January with one in every 761 emails received in this industry being a phishing scam

Phishing

Top 5 Activity for Phishing Destination by GeographySource Symantec

Geography Rate

South Africa 1 in 540

United Kingdom 1 in 731

Australia 1 in 821

Austria 1 in 1183

New Zealand 1 in 1215

Top 5 Activity for Phishing Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 761

Agriculture forestry amp fishing 1 in 874

Services - Professional 1 in 1189

Transportation communications electric gas amp Sanitary Services

1 in 14572

Construction 1 in 15715

Top 5 Activity for Phishing Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 1122

251-500 1 in 1130

501-1000 1 in 1463

1001-1500 1 in 1563

1501-2500 1 in 1590

2501+ 1 in 1865

Top 10 Sources of PhishingSource Symantec

Source Percent

United States 399

Australia 271

United Kingdom 243

South Africa 24

Netherlands 18

Sweden 15

Singapore 04

Japan 03

United Arab Emirates 03

New Zealand 02

p 23

Symantec CorporationSymantec Intelligence Report JANUARY 2014

363

32

16

07

581Automated Toolkits

Other Unique Domains

IP Address Domains

Free Web Hosting Sites

Typosquatting

Phishing DistributionPhishing Distribution

Phishing DistributionSource Symantec

291

36

09

01

675Financial

Information Services

Retail

Computer Software

Communications

Organizations Spoofedin Phishing AttacksOrganizations Spoofedin Phishing Attacks

Organizations Spoofed in Phishing AttacksSource Symantec

p 24

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Malware

1 in 0

1 in 50

1 in 100

1 in 150

1 in 200

1 in 250

1 in 300

1 in 350

1 in 400

1 in 450

1 in 500J

2014DNOSAJJMAMF

Proportion of Email Traffic in Which Virus Was DetectedSource Symantec

Top 10 Email Virus SourcesSource Symantec

Geography Percent

United States 665

United Kingdom 150

Australia 41

Netherlands 21

France 18

Germany 12

Japan 12

South Africa 11

Canada 09

Hong Kong 07

At a Glance

bull The global average virus rate in January was one in 431 emails compared to one in 164 in December

bull Hungary topped the list of geographies with one in 217 emails containing a virus

bull The United States was the largest source of virus-laden emails making up 665 percent of all email-based viruses

bull Organizations with 250-500 employees were the most targeted company size where one and 383 emails contained a virus

p 25

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 5 Activity for Malware Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 309

Agriculture forestry amp fishing 1 in 332

Services - Professional 1 in 343

Wholesale 1 in 397

Services - Non Traditional 1 in 467

Top 5 Activity for Malware Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 398

251-500 1 in 383

501-1000 1 in 459

1001-1500 1 in 396

1501-2500 1 in 475

2501+ 1 in 459

Top 5 Activity for Malware Destination by Geographic LocationSource Symantec

Geography Rate

Hungary 1 in 217

South Africa 1 in 221

United Kingdom 1 in 287

Hong Kong 1 in 306

Ireland 1 in 344

p 26

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull Variants of W32Ramnit accounted for 94 percent of all malware blocked at the endpoint

bull In comparison 61 percent of all malware were variants of W32Sality

bull Approximately 495 percent of the most frequently blocked malware last month was identified and blocked using generic detection

Endpoint Security

Top 10 Most Frequently Blocked MalwareSource Symantec

Malware Percent

W32SalityAE 54

W32Ramnithtml 38

W32AlmanaheBinf 34

W32DownadupB 34

W32RamnitB 31

TrojanZbot 25

W32RamnitBinf 22

W32SillyFDC 17

W32VirutCF 17

W32SillyFDCBDPlnk 10

p 27

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Policy Based FilteringSource Symantec

Category Percent

Social Networking 517

Advertisement amp Popups 205

Streaming Media 43

Hosting Sites 32

Computing amp Internet 28

Chat 19

Search 15

Gambling 10

News 09

Entertainment 08

Policy Based Filtering

At a Glance

bull The most common trigger for policy-based filtering applied by Symantec Web Security cloud for its business clients was for the ldquoSocial Networkingrdquo category which accounted for 517 percent of blocked Web activity in January

bull ldquoAdvertisement amp Popupsrdquo was the second-most common trigger comprising 205 percent of blocked Web activity

p 28

Symantec CorporationSymantec Intelligence Report JANUARY 2014

About Symantec

More Information

bull Security Response Publications httpwwwsymanteccomsecurity_responsepublications

bull Internet Security Threat Report Resource Page httpwwwsymanteccomthreatreport

bull Symantec Security Response httpwwwsymanteccomsecurity_response

bull Norton Threat Explorer httpusnortoncomsecurity_responsethreatexplorer

bull Norton Cybercrime Index httpusnortoncomcybercrimeindex

Symantec protects the worldrsquos information and is a global leader in security backup and availability solutions Our innovative products and services protect people and information in any environmentmdashfrom the smallest mobile device to the enterprise data center to cloud-based systems Our world-renowned expertise in protecting data identities and interactions gives our customers confidence in a connected world More information is available at wwwsymanteccom or by connecting with Symantec at gosymanteccomsocialmedia

Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners

For specific country offices and contact numbers

please visit our website

For product information in the US

call toll-free 1 (800) 745 6054

Symantec Corporation World Headquarters

350 Ellis Street

Mountain View CA 94043 USA

+1 (650) 527 8000

1 (800) 721 3934

wwwsymanteccom

Confidence in a connected world

Page 7: Symantec Intelligence Report

p 7

Symantec CorporationSymantec Intelligence Report JANUARY 2014

TAR

GETED

ATTACKS

p 8

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Targeted Attacks

Targeted Attacks per DaySource Symantec

2014 2012 2013

TAR

GET

ED A

TTAC

KS

25

50

75

100

125

150

175

200

225

250

DECNOVOCTSEPAUGJULJUNMAYAPRMARFEBJAN

At a Glance

bull Targeted attacks were up in January reaching their highest levels since August of 2013

bull Small companies of 250 employees or less were targeted in 39 of attacks though organizations with 2500+ employees were targeted more often based on first attacks

bull The exe file type was the most common attachment making up 247 of email-based targeted attacks that included file attachments

First Attacks Logged by MonthSource Symantec

100

200

300

400

500

600

700

800

900

1000

1100

1200

J2014

DNOSAJJMAMF

p 9

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Attacks by Size of Targeted OrganizationSource Symantec

Company Size Percent

1-250 389

251-500 91

501-1000 58

1001-1500 34

1501-2500 48

2500+ 379

First Attacks Logged by SizeSource Symantec

Company Size Percent

1-250 292

251-500 85

501-1000 96

1001-1500 60

1501-2500 75

2500+ 391

File Extensions of AttachmentsSource Symantec

File Extension Percent

exe 247

doc 111

scr 84

au3 75

jpg 62

pdf 19

dat 15

com 04

rtf 04

zip 03

Top 10 Industries AttackedSource Symantec

Industry Percent

Manufacturing 213

Services - Non Traditional 206

Finance insurance amp Real Estate 137

Services - Professional 114

Wholesale 110

Transportation communications electric gas amp Sanitary Services

59

Public Administration 42

Retail 32

Construction 22

Mining 15

The ldquoProfessionalrdquo services category includes services such as Legal Accounting Health and Education ldquoNon-Traditionalrdquo services include Hospitality Recreational and Repair services

p 10

Symantec CorporationSymantec Intelligence Report JANUARY 2014

SOCIA

L MED

IA

p 11

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Social Media

At a Glance

bull 82 percent of all social media attacks in January where fake offerings

bull Likejacking is the second-most common type of social media attack at 8 percent

Methodology

Fake Offering These scams invite social network users to join a fake event or group with incentives such as free gift cards Joining often requires the user to share credentials with the attacker or send a text to a premium rate number

Fake Plug-in Scams Users are tricked into downloading fake browser extensions on their machines Rogue browser extensions can pose like legitimate extensions but when installed can steal sensitive information from the infected machine

Likejacking Using fake ldquoLikerdquo buttons attackers trick users into clicking website buttons that install malware and may post updates on a userrsquos newsfeed spreading the attack

Fake Apps Applications provided by attackers that appear to be legitimate apps however they contain a malicious payload The attackers often take legitimate apps bundle malware with them and then re-release it as a free version of the app

Manual Sharing Scams These rely on victims to actually do the hard work of sharing the scam by presenting them with intriguing videos fake offers or messages that they share with their friends

Top 5 Social Media AttacksSource Symantec

Top 5 Social Media Attacks

8

5

Fake Offering

Manual Sharing

Likejacking

2 Fake Apps

2 Comment Jacking

82

p 12

Symantec CorporationSymantec Intelligence Report JANUARY 2014

DATA

BR

EACHES

p 13

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Data Breaches

At a Glance

bull The largest data breach that was reported in January resulted in the exposure of 1058 million identities

bull The reported number of identities exposed in a late-November data breach has since been adjusted upward This breach is now estimated to have exposed 110 million identities

bull In the last 12 months more than 500 million identities have been exposed

Twelve-Month Timeline of Data BreachesSource Symantec

NU

MB

ER O

F IN

CID

ENTS

IDEN

TITI

ES B

RE

ACH

ED (M

ILLI

ON

S)

INCIDENTS IDENTITIES BREACHED

0

20

40

60

80

100

120

140

160

180

J2014

DNOSAJJMAMF

0

5

10

15

20

25

30

35

40

45

Top 5 Types of Information ExposedSource Symantec

39

39

37

31

70Real Names

Gov ID numbers (Soc Sec)

Birth Dates

Home Address

Medical Records

Information Exposed in BreachesInformation Exposed in Breaches

OF ALL BREACHES

Methodology

This data is procured from the Norton Cybercrime Index (CCI) The Norton CCI is a statistical model that measures the levels of threats including malicious software fraud identity theft spam phishing and social engineering daily The data breach section of the Norton CCI is derived from data breaches that have been reported by legitimate media sources and have exposed personal information

In some cases a data breach is not publicly reported during the same month the incident occurred or an adjustment is made in the number of identities reportedly exposed In these cases the data in the Norton CCI is updated This causes fluctuations in the numbers reported for previous months when a new report is released

Norton Cybercrime Indexhttpusnortoncomprotect-yourself

p 14

Symantec CorporationSymantec Intelligence Report JANUARY 2014

MO

BILE

p 15

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Mobile

At a Glance

bull 32 percent of mobile malware discovered over the last 12 months tracks users

bull Traditional threats such as back doors and downloaders are present in 14 percent of all mobile malware threats

bull Risks that collect data such as device info and banking details make up 15 percent of all risks

bull Three new mobile malware families were discovered in January along with 139 new variants

32

Track UserRisks that spy on the individual using the device collecting SMS messages or phone call logs tracking GPS coordinates recording phone calls or gathering pictures and video taken with the device

14

Traditional ThreatsThreats that carry out traditional malware functions such as back doors and downloaders

12

AdwareAnnoyanceMobile risks that display advertising or generally perform actions to disrupt the user

15

Send ContentThese risks will send text messages to premium SMS numbers ultimately appearing on the bill of the devicersquos owner Other risks can be used to send spam messages

13

Change SettingsThese types of risks attempt to elevate privileges or simply modify various settings within the operating system

15

Collect DataThis includes the collection of both device- and user-specific data such as device information configuration data or banking details

Mobile Malware by TypeSource Symantec

p 16

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Cumulative Mobile Android MalwareSource Symantec

VARIANTS FAMILIES

40

80

120

160

200

240

280

320

360

400

J2014

DNOSAJJMAMF

1000

2000

3000

4000

5000

6000

7000

8000

9000

10000

FAM

ILIE

S (

CU

MU

LATI

VE)

VAR

IAN

TS (

CU

MU

LATI

VE)

p 17

Symantec CorporationSymantec Intelligence Report JANUARY 2014

VU

LNER

AB

ILITIES

p 18

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Vulnerabilities

At a Glance

bull There were 555 new vulnerabilities discovered in January bringing the total for the last 12 months to 6443 This is a 17 percent increase over the prior twelve month period

bull There were two vulnerabilities in mobile operating systems disclosed during the month of January

bull Googlersquos Chrome browser continues to lead in reporting browser vulnerabilities while Oraclersquos Java leads in reported plug-in vulnerabilities

Total Vulnerabilities Disclosed by MonthSource Symantec

0

100

200

300

400

500

600

700

800

J2014

DNOSAJJMAMF

Plug-in VulnerabilitiesSource Symantec

10

20

30

40

50

60

70

80

Adobe Acrobat ReaderAdobe Flash PlayerApple QuickTimeOracle Sun Java

Browser VulnerabilitiesSource Symantec

10

20

30

40

50

60

Apple SafariGoogle ChromeMicrosoft Internet ExplorerMozilla FirefoxOpera

p 19

Symantec CorporationSymantec Intelligence Report JANUARY 2014

SPAM

PHISH

ING

amp M

ALW

AR

E

p 20

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global spam rate decreased 19 percentage points in January to 621 percent down from 640 percent in December

bull Mining was the most commonly targeted industry at 642 percent followed by Manufacturing at 632 percent

bull The com top-level domain (TLD) was again the most frequently used malicious TLD in January

bull Sex Dating spam is the most common category at 752 percent Pharmaceutical spam came in second at 201 percent

Spam

Top 5 Activity for Spam Destination by GeographySource Symantec

Geography Percent

Sri Lanka 747

Israel 688

Brazil 669

South Africa 653

Kuwait 648

Top 5 Activity for Spam Destination by IndustrySource Symantec

Industry Percent

Mining 642

Manufacturing 632

Agriculture forestry amp fishing 629

Services - Professional 621

Construction 621

p 21

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 10 Sources of SpamSource Symantec

Source Percent of All Spam

Canada 77

Spain 68

Russian Federation 64

United States 59

Finland 56

Italy 50

Argentina 42

India 37

Ukraine 32

Romania 31

Spam URL Distribution Based on Top Level Domain NameSource Symantec

Month com info ru biz

Dec 331 137 132 103

Nov 367 124 not listed 96

Data lags one month

Average Spam Message SizeSource Symantec

Month 0Kb ndash 5Kb 5Kb ndash 10Kb gt10Kb

Dec 284 192 523

Nov 370 247 384

Data lags one month

Spam by CategorySource Symantec

Category Percent

SexDating 752

Pharma 201

Jobs 18

Software 08

Watches 08

Top 5 Activity for Spam Destination by Company SizeSource Symantec

Company Size Percent

1-250 620

251-500 618

501-1000 624

1001-1500 622

1501-2500 620

2501+ 623

p 22

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global phishing rate is down in January comprising one in 1 in 1444 email messages In December this rate was one in 1 in 1053

bull Financial themes continue to be the most frequent subject matter with 675 percent of phishing scams containing this theme

bull The South Africa had the highest rate in January where one in 530 emails was a phishing scam

bull The United States tops the list of sources of phishing emails responsible for distributing 399 percent of phishing scams

bull Public Administration was the most targeted industry in January with one in every 761 emails received in this industry being a phishing scam

Phishing

Top 5 Activity for Phishing Destination by GeographySource Symantec

Geography Rate

South Africa 1 in 540

United Kingdom 1 in 731

Australia 1 in 821

Austria 1 in 1183

New Zealand 1 in 1215

Top 5 Activity for Phishing Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 761

Agriculture forestry amp fishing 1 in 874

Services - Professional 1 in 1189

Transportation communications electric gas amp Sanitary Services

1 in 14572

Construction 1 in 15715

Top 5 Activity for Phishing Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 1122

251-500 1 in 1130

501-1000 1 in 1463

1001-1500 1 in 1563

1501-2500 1 in 1590

2501+ 1 in 1865

Top 10 Sources of PhishingSource Symantec

Source Percent

United States 399

Australia 271

United Kingdom 243

South Africa 24

Netherlands 18

Sweden 15

Singapore 04

Japan 03

United Arab Emirates 03

New Zealand 02

p 23

Symantec CorporationSymantec Intelligence Report JANUARY 2014

363

32

16

07

581Automated Toolkits

Other Unique Domains

IP Address Domains

Free Web Hosting Sites

Typosquatting

Phishing DistributionPhishing Distribution

Phishing DistributionSource Symantec

291

36

09

01

675Financial

Information Services

Retail

Computer Software

Communications

Organizations Spoofedin Phishing AttacksOrganizations Spoofedin Phishing Attacks

Organizations Spoofed in Phishing AttacksSource Symantec

p 24

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Malware

1 in 0

1 in 50

1 in 100

1 in 150

1 in 200

1 in 250

1 in 300

1 in 350

1 in 400

1 in 450

1 in 500J

2014DNOSAJJMAMF

Proportion of Email Traffic in Which Virus Was DetectedSource Symantec

Top 10 Email Virus SourcesSource Symantec

Geography Percent

United States 665

United Kingdom 150

Australia 41

Netherlands 21

France 18

Germany 12

Japan 12

South Africa 11

Canada 09

Hong Kong 07

At a Glance

bull The global average virus rate in January was one in 431 emails compared to one in 164 in December

bull Hungary topped the list of geographies with one in 217 emails containing a virus

bull The United States was the largest source of virus-laden emails making up 665 percent of all email-based viruses

bull Organizations with 250-500 employees were the most targeted company size where one and 383 emails contained a virus

p 25

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 5 Activity for Malware Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 309

Agriculture forestry amp fishing 1 in 332

Services - Professional 1 in 343

Wholesale 1 in 397

Services - Non Traditional 1 in 467

Top 5 Activity for Malware Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 398

251-500 1 in 383

501-1000 1 in 459

1001-1500 1 in 396

1501-2500 1 in 475

2501+ 1 in 459

Top 5 Activity for Malware Destination by Geographic LocationSource Symantec

Geography Rate

Hungary 1 in 217

South Africa 1 in 221

United Kingdom 1 in 287

Hong Kong 1 in 306

Ireland 1 in 344

p 26

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull Variants of W32Ramnit accounted for 94 percent of all malware blocked at the endpoint

bull In comparison 61 percent of all malware were variants of W32Sality

bull Approximately 495 percent of the most frequently blocked malware last month was identified and blocked using generic detection

Endpoint Security

Top 10 Most Frequently Blocked MalwareSource Symantec

Malware Percent

W32SalityAE 54

W32Ramnithtml 38

W32AlmanaheBinf 34

W32DownadupB 34

W32RamnitB 31

TrojanZbot 25

W32RamnitBinf 22

W32SillyFDC 17

W32VirutCF 17

W32SillyFDCBDPlnk 10

p 27

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Policy Based FilteringSource Symantec

Category Percent

Social Networking 517

Advertisement amp Popups 205

Streaming Media 43

Hosting Sites 32

Computing amp Internet 28

Chat 19

Search 15

Gambling 10

News 09

Entertainment 08

Policy Based Filtering

At a Glance

bull The most common trigger for policy-based filtering applied by Symantec Web Security cloud for its business clients was for the ldquoSocial Networkingrdquo category which accounted for 517 percent of blocked Web activity in January

bull ldquoAdvertisement amp Popupsrdquo was the second-most common trigger comprising 205 percent of blocked Web activity

p 28

Symantec CorporationSymantec Intelligence Report JANUARY 2014

About Symantec

More Information

bull Security Response Publications httpwwwsymanteccomsecurity_responsepublications

bull Internet Security Threat Report Resource Page httpwwwsymanteccomthreatreport

bull Symantec Security Response httpwwwsymanteccomsecurity_response

bull Norton Threat Explorer httpusnortoncomsecurity_responsethreatexplorer

bull Norton Cybercrime Index httpusnortoncomcybercrimeindex

Symantec protects the worldrsquos information and is a global leader in security backup and availability solutions Our innovative products and services protect people and information in any environmentmdashfrom the smallest mobile device to the enterprise data center to cloud-based systems Our world-renowned expertise in protecting data identities and interactions gives our customers confidence in a connected world More information is available at wwwsymanteccom or by connecting with Symantec at gosymanteccomsocialmedia

Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners

For specific country offices and contact numbers

please visit our website

For product information in the US

call toll-free 1 (800) 745 6054

Symantec Corporation World Headquarters

350 Ellis Street

Mountain View CA 94043 USA

+1 (650) 527 8000

1 (800) 721 3934

wwwsymanteccom

Confidence in a connected world

Page 8: Symantec Intelligence Report

p 8

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Targeted Attacks

Targeted Attacks per DaySource Symantec

2014 2012 2013

TAR

GET

ED A

TTAC

KS

25

50

75

100

125

150

175

200

225

250

DECNOVOCTSEPAUGJULJUNMAYAPRMARFEBJAN

At a Glance

bull Targeted attacks were up in January reaching their highest levels since August of 2013

bull Small companies of 250 employees or less were targeted in 39 of attacks though organizations with 2500+ employees were targeted more often based on first attacks

bull The exe file type was the most common attachment making up 247 of email-based targeted attacks that included file attachments

First Attacks Logged by MonthSource Symantec

100

200

300

400

500

600

700

800

900

1000

1100

1200

J2014

DNOSAJJMAMF

p 9

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Attacks by Size of Targeted OrganizationSource Symantec

Company Size Percent

1-250 389

251-500 91

501-1000 58

1001-1500 34

1501-2500 48

2500+ 379

First Attacks Logged by SizeSource Symantec

Company Size Percent

1-250 292

251-500 85

501-1000 96

1001-1500 60

1501-2500 75

2500+ 391

File Extensions of AttachmentsSource Symantec

File Extension Percent

exe 247

doc 111

scr 84

au3 75

jpg 62

pdf 19

dat 15

com 04

rtf 04

zip 03

Top 10 Industries AttackedSource Symantec

Industry Percent

Manufacturing 213

Services - Non Traditional 206

Finance insurance amp Real Estate 137

Services - Professional 114

Wholesale 110

Transportation communications electric gas amp Sanitary Services

59

Public Administration 42

Retail 32

Construction 22

Mining 15

The ldquoProfessionalrdquo services category includes services such as Legal Accounting Health and Education ldquoNon-Traditionalrdquo services include Hospitality Recreational and Repair services

p 10

Symantec CorporationSymantec Intelligence Report JANUARY 2014

SOCIA

L MED

IA

p 11

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Social Media

At a Glance

bull 82 percent of all social media attacks in January where fake offerings

bull Likejacking is the second-most common type of social media attack at 8 percent

Methodology

Fake Offering These scams invite social network users to join a fake event or group with incentives such as free gift cards Joining often requires the user to share credentials with the attacker or send a text to a premium rate number

Fake Plug-in Scams Users are tricked into downloading fake browser extensions on their machines Rogue browser extensions can pose like legitimate extensions but when installed can steal sensitive information from the infected machine

Likejacking Using fake ldquoLikerdquo buttons attackers trick users into clicking website buttons that install malware and may post updates on a userrsquos newsfeed spreading the attack

Fake Apps Applications provided by attackers that appear to be legitimate apps however they contain a malicious payload The attackers often take legitimate apps bundle malware with them and then re-release it as a free version of the app

Manual Sharing Scams These rely on victims to actually do the hard work of sharing the scam by presenting them with intriguing videos fake offers or messages that they share with their friends

Top 5 Social Media AttacksSource Symantec

Top 5 Social Media Attacks

8

5

Fake Offering

Manual Sharing

Likejacking

2 Fake Apps

2 Comment Jacking

82

p 12

Symantec CorporationSymantec Intelligence Report JANUARY 2014

DATA

BR

EACHES

p 13

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Data Breaches

At a Glance

bull The largest data breach that was reported in January resulted in the exposure of 1058 million identities

bull The reported number of identities exposed in a late-November data breach has since been adjusted upward This breach is now estimated to have exposed 110 million identities

bull In the last 12 months more than 500 million identities have been exposed

Twelve-Month Timeline of Data BreachesSource Symantec

NU

MB

ER O

F IN

CID

ENTS

IDEN

TITI

ES B

RE

ACH

ED (M

ILLI

ON

S)

INCIDENTS IDENTITIES BREACHED

0

20

40

60

80

100

120

140

160

180

J2014

DNOSAJJMAMF

0

5

10

15

20

25

30

35

40

45

Top 5 Types of Information ExposedSource Symantec

39

39

37

31

70Real Names

Gov ID numbers (Soc Sec)

Birth Dates

Home Address

Medical Records

Information Exposed in BreachesInformation Exposed in Breaches

OF ALL BREACHES

Methodology

This data is procured from the Norton Cybercrime Index (CCI) The Norton CCI is a statistical model that measures the levels of threats including malicious software fraud identity theft spam phishing and social engineering daily The data breach section of the Norton CCI is derived from data breaches that have been reported by legitimate media sources and have exposed personal information

In some cases a data breach is not publicly reported during the same month the incident occurred or an adjustment is made in the number of identities reportedly exposed In these cases the data in the Norton CCI is updated This causes fluctuations in the numbers reported for previous months when a new report is released

Norton Cybercrime Indexhttpusnortoncomprotect-yourself

p 14

Symantec CorporationSymantec Intelligence Report JANUARY 2014

MO

BILE

p 15

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Mobile

At a Glance

bull 32 percent of mobile malware discovered over the last 12 months tracks users

bull Traditional threats such as back doors and downloaders are present in 14 percent of all mobile malware threats

bull Risks that collect data such as device info and banking details make up 15 percent of all risks

bull Three new mobile malware families were discovered in January along with 139 new variants

32

Track UserRisks that spy on the individual using the device collecting SMS messages or phone call logs tracking GPS coordinates recording phone calls or gathering pictures and video taken with the device

14

Traditional ThreatsThreats that carry out traditional malware functions such as back doors and downloaders

12

AdwareAnnoyanceMobile risks that display advertising or generally perform actions to disrupt the user

15

Send ContentThese risks will send text messages to premium SMS numbers ultimately appearing on the bill of the devicersquos owner Other risks can be used to send spam messages

13

Change SettingsThese types of risks attempt to elevate privileges or simply modify various settings within the operating system

15

Collect DataThis includes the collection of both device- and user-specific data such as device information configuration data or banking details

Mobile Malware by TypeSource Symantec

p 16

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Cumulative Mobile Android MalwareSource Symantec

VARIANTS FAMILIES

40

80

120

160

200

240

280

320

360

400

J2014

DNOSAJJMAMF

1000

2000

3000

4000

5000

6000

7000

8000

9000

10000

FAM

ILIE

S (

CU

MU

LATI

VE)

VAR

IAN

TS (

CU

MU

LATI

VE)

p 17

Symantec CorporationSymantec Intelligence Report JANUARY 2014

VU

LNER

AB

ILITIES

p 18

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Vulnerabilities

At a Glance

bull There were 555 new vulnerabilities discovered in January bringing the total for the last 12 months to 6443 This is a 17 percent increase over the prior twelve month period

bull There were two vulnerabilities in mobile operating systems disclosed during the month of January

bull Googlersquos Chrome browser continues to lead in reporting browser vulnerabilities while Oraclersquos Java leads in reported plug-in vulnerabilities

Total Vulnerabilities Disclosed by MonthSource Symantec

0

100

200

300

400

500

600

700

800

J2014

DNOSAJJMAMF

Plug-in VulnerabilitiesSource Symantec

10

20

30

40

50

60

70

80

Adobe Acrobat ReaderAdobe Flash PlayerApple QuickTimeOracle Sun Java

Browser VulnerabilitiesSource Symantec

10

20

30

40

50

60

Apple SafariGoogle ChromeMicrosoft Internet ExplorerMozilla FirefoxOpera

p 19

Symantec CorporationSymantec Intelligence Report JANUARY 2014

SPAM

PHISH

ING

amp M

ALW

AR

E

p 20

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global spam rate decreased 19 percentage points in January to 621 percent down from 640 percent in December

bull Mining was the most commonly targeted industry at 642 percent followed by Manufacturing at 632 percent

bull The com top-level domain (TLD) was again the most frequently used malicious TLD in January

bull Sex Dating spam is the most common category at 752 percent Pharmaceutical spam came in second at 201 percent

Spam

Top 5 Activity for Spam Destination by GeographySource Symantec

Geography Percent

Sri Lanka 747

Israel 688

Brazil 669

South Africa 653

Kuwait 648

Top 5 Activity for Spam Destination by IndustrySource Symantec

Industry Percent

Mining 642

Manufacturing 632

Agriculture forestry amp fishing 629

Services - Professional 621

Construction 621

p 21

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 10 Sources of SpamSource Symantec

Source Percent of All Spam

Canada 77

Spain 68

Russian Federation 64

United States 59

Finland 56

Italy 50

Argentina 42

India 37

Ukraine 32

Romania 31

Spam URL Distribution Based on Top Level Domain NameSource Symantec

Month com info ru biz

Dec 331 137 132 103

Nov 367 124 not listed 96

Data lags one month

Average Spam Message SizeSource Symantec

Month 0Kb ndash 5Kb 5Kb ndash 10Kb gt10Kb

Dec 284 192 523

Nov 370 247 384

Data lags one month

Spam by CategorySource Symantec

Category Percent

SexDating 752

Pharma 201

Jobs 18

Software 08

Watches 08

Top 5 Activity for Spam Destination by Company SizeSource Symantec

Company Size Percent

1-250 620

251-500 618

501-1000 624

1001-1500 622

1501-2500 620

2501+ 623

p 22

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global phishing rate is down in January comprising one in 1 in 1444 email messages In December this rate was one in 1 in 1053

bull Financial themes continue to be the most frequent subject matter with 675 percent of phishing scams containing this theme

bull The South Africa had the highest rate in January where one in 530 emails was a phishing scam

bull The United States tops the list of sources of phishing emails responsible for distributing 399 percent of phishing scams

bull Public Administration was the most targeted industry in January with one in every 761 emails received in this industry being a phishing scam

Phishing

Top 5 Activity for Phishing Destination by GeographySource Symantec

Geography Rate

South Africa 1 in 540

United Kingdom 1 in 731

Australia 1 in 821

Austria 1 in 1183

New Zealand 1 in 1215

Top 5 Activity for Phishing Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 761

Agriculture forestry amp fishing 1 in 874

Services - Professional 1 in 1189

Transportation communications electric gas amp Sanitary Services

1 in 14572

Construction 1 in 15715

Top 5 Activity for Phishing Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 1122

251-500 1 in 1130

501-1000 1 in 1463

1001-1500 1 in 1563

1501-2500 1 in 1590

2501+ 1 in 1865

Top 10 Sources of PhishingSource Symantec

Source Percent

United States 399

Australia 271

United Kingdom 243

South Africa 24

Netherlands 18

Sweden 15

Singapore 04

Japan 03

United Arab Emirates 03

New Zealand 02

p 23

Symantec CorporationSymantec Intelligence Report JANUARY 2014

363

32

16

07

581Automated Toolkits

Other Unique Domains

IP Address Domains

Free Web Hosting Sites

Typosquatting

Phishing DistributionPhishing Distribution

Phishing DistributionSource Symantec

291

36

09

01

675Financial

Information Services

Retail

Computer Software

Communications

Organizations Spoofedin Phishing AttacksOrganizations Spoofedin Phishing Attacks

Organizations Spoofed in Phishing AttacksSource Symantec

p 24

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Malware

1 in 0

1 in 50

1 in 100

1 in 150

1 in 200

1 in 250

1 in 300

1 in 350

1 in 400

1 in 450

1 in 500J

2014DNOSAJJMAMF

Proportion of Email Traffic in Which Virus Was DetectedSource Symantec

Top 10 Email Virus SourcesSource Symantec

Geography Percent

United States 665

United Kingdom 150

Australia 41

Netherlands 21

France 18

Germany 12

Japan 12

South Africa 11

Canada 09

Hong Kong 07

At a Glance

bull The global average virus rate in January was one in 431 emails compared to one in 164 in December

bull Hungary topped the list of geographies with one in 217 emails containing a virus

bull The United States was the largest source of virus-laden emails making up 665 percent of all email-based viruses

bull Organizations with 250-500 employees were the most targeted company size where one and 383 emails contained a virus

p 25

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 5 Activity for Malware Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 309

Agriculture forestry amp fishing 1 in 332

Services - Professional 1 in 343

Wholesale 1 in 397

Services - Non Traditional 1 in 467

Top 5 Activity for Malware Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 398

251-500 1 in 383

501-1000 1 in 459

1001-1500 1 in 396

1501-2500 1 in 475

2501+ 1 in 459

Top 5 Activity for Malware Destination by Geographic LocationSource Symantec

Geography Rate

Hungary 1 in 217

South Africa 1 in 221

United Kingdom 1 in 287

Hong Kong 1 in 306

Ireland 1 in 344

p 26

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull Variants of W32Ramnit accounted for 94 percent of all malware blocked at the endpoint

bull In comparison 61 percent of all malware were variants of W32Sality

bull Approximately 495 percent of the most frequently blocked malware last month was identified and blocked using generic detection

Endpoint Security

Top 10 Most Frequently Blocked MalwareSource Symantec

Malware Percent

W32SalityAE 54

W32Ramnithtml 38

W32AlmanaheBinf 34

W32DownadupB 34

W32RamnitB 31

TrojanZbot 25

W32RamnitBinf 22

W32SillyFDC 17

W32VirutCF 17

W32SillyFDCBDPlnk 10

p 27

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Policy Based FilteringSource Symantec

Category Percent

Social Networking 517

Advertisement amp Popups 205

Streaming Media 43

Hosting Sites 32

Computing amp Internet 28

Chat 19

Search 15

Gambling 10

News 09

Entertainment 08

Policy Based Filtering

At a Glance

bull The most common trigger for policy-based filtering applied by Symantec Web Security cloud for its business clients was for the ldquoSocial Networkingrdquo category which accounted for 517 percent of blocked Web activity in January

bull ldquoAdvertisement amp Popupsrdquo was the second-most common trigger comprising 205 percent of blocked Web activity

p 28

Symantec CorporationSymantec Intelligence Report JANUARY 2014

About Symantec

More Information

bull Security Response Publications httpwwwsymanteccomsecurity_responsepublications

bull Internet Security Threat Report Resource Page httpwwwsymanteccomthreatreport

bull Symantec Security Response httpwwwsymanteccomsecurity_response

bull Norton Threat Explorer httpusnortoncomsecurity_responsethreatexplorer

bull Norton Cybercrime Index httpusnortoncomcybercrimeindex

Symantec protects the worldrsquos information and is a global leader in security backup and availability solutions Our innovative products and services protect people and information in any environmentmdashfrom the smallest mobile device to the enterprise data center to cloud-based systems Our world-renowned expertise in protecting data identities and interactions gives our customers confidence in a connected world More information is available at wwwsymanteccom or by connecting with Symantec at gosymanteccomsocialmedia

Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners

For specific country offices and contact numbers

please visit our website

For product information in the US

call toll-free 1 (800) 745 6054

Symantec Corporation World Headquarters

350 Ellis Street

Mountain View CA 94043 USA

+1 (650) 527 8000

1 (800) 721 3934

wwwsymanteccom

Confidence in a connected world

Page 9: Symantec Intelligence Report

p 9

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Attacks by Size of Targeted OrganizationSource Symantec

Company Size Percent

1-250 389

251-500 91

501-1000 58

1001-1500 34

1501-2500 48

2500+ 379

First Attacks Logged by SizeSource Symantec

Company Size Percent

1-250 292

251-500 85

501-1000 96

1001-1500 60

1501-2500 75

2500+ 391

File Extensions of AttachmentsSource Symantec

File Extension Percent

exe 247

doc 111

scr 84

au3 75

jpg 62

pdf 19

dat 15

com 04

rtf 04

zip 03

Top 10 Industries AttackedSource Symantec

Industry Percent

Manufacturing 213

Services - Non Traditional 206

Finance insurance amp Real Estate 137

Services - Professional 114

Wholesale 110

Transportation communications electric gas amp Sanitary Services

59

Public Administration 42

Retail 32

Construction 22

Mining 15

The ldquoProfessionalrdquo services category includes services such as Legal Accounting Health and Education ldquoNon-Traditionalrdquo services include Hospitality Recreational and Repair services

p 10

Symantec CorporationSymantec Intelligence Report JANUARY 2014

SOCIA

L MED

IA

p 11

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Social Media

At a Glance

bull 82 percent of all social media attacks in January where fake offerings

bull Likejacking is the second-most common type of social media attack at 8 percent

Methodology

Fake Offering These scams invite social network users to join a fake event or group with incentives such as free gift cards Joining often requires the user to share credentials with the attacker or send a text to a premium rate number

Fake Plug-in Scams Users are tricked into downloading fake browser extensions on their machines Rogue browser extensions can pose like legitimate extensions but when installed can steal sensitive information from the infected machine

Likejacking Using fake ldquoLikerdquo buttons attackers trick users into clicking website buttons that install malware and may post updates on a userrsquos newsfeed spreading the attack

Fake Apps Applications provided by attackers that appear to be legitimate apps however they contain a malicious payload The attackers often take legitimate apps bundle malware with them and then re-release it as a free version of the app

Manual Sharing Scams These rely on victims to actually do the hard work of sharing the scam by presenting them with intriguing videos fake offers or messages that they share with their friends

Top 5 Social Media AttacksSource Symantec

Top 5 Social Media Attacks

8

5

Fake Offering

Manual Sharing

Likejacking

2 Fake Apps

2 Comment Jacking

82

p 12

Symantec CorporationSymantec Intelligence Report JANUARY 2014

DATA

BR

EACHES

p 13

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Data Breaches

At a Glance

bull The largest data breach that was reported in January resulted in the exposure of 1058 million identities

bull The reported number of identities exposed in a late-November data breach has since been adjusted upward This breach is now estimated to have exposed 110 million identities

bull In the last 12 months more than 500 million identities have been exposed

Twelve-Month Timeline of Data BreachesSource Symantec

NU

MB

ER O

F IN

CID

ENTS

IDEN

TITI

ES B

RE

ACH

ED (M

ILLI

ON

S)

INCIDENTS IDENTITIES BREACHED

0

20

40

60

80

100

120

140

160

180

J2014

DNOSAJJMAMF

0

5

10

15

20

25

30

35

40

45

Top 5 Types of Information ExposedSource Symantec

39

39

37

31

70Real Names

Gov ID numbers (Soc Sec)

Birth Dates

Home Address

Medical Records

Information Exposed in BreachesInformation Exposed in Breaches

OF ALL BREACHES

Methodology

This data is procured from the Norton Cybercrime Index (CCI) The Norton CCI is a statistical model that measures the levels of threats including malicious software fraud identity theft spam phishing and social engineering daily The data breach section of the Norton CCI is derived from data breaches that have been reported by legitimate media sources and have exposed personal information

In some cases a data breach is not publicly reported during the same month the incident occurred or an adjustment is made in the number of identities reportedly exposed In these cases the data in the Norton CCI is updated This causes fluctuations in the numbers reported for previous months when a new report is released

Norton Cybercrime Indexhttpusnortoncomprotect-yourself

p 14

Symantec CorporationSymantec Intelligence Report JANUARY 2014

MO

BILE

p 15

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Mobile

At a Glance

bull 32 percent of mobile malware discovered over the last 12 months tracks users

bull Traditional threats such as back doors and downloaders are present in 14 percent of all mobile malware threats

bull Risks that collect data such as device info and banking details make up 15 percent of all risks

bull Three new mobile malware families were discovered in January along with 139 new variants

32

Track UserRisks that spy on the individual using the device collecting SMS messages or phone call logs tracking GPS coordinates recording phone calls or gathering pictures and video taken with the device

14

Traditional ThreatsThreats that carry out traditional malware functions such as back doors and downloaders

12

AdwareAnnoyanceMobile risks that display advertising or generally perform actions to disrupt the user

15

Send ContentThese risks will send text messages to premium SMS numbers ultimately appearing on the bill of the devicersquos owner Other risks can be used to send spam messages

13

Change SettingsThese types of risks attempt to elevate privileges or simply modify various settings within the operating system

15

Collect DataThis includes the collection of both device- and user-specific data such as device information configuration data or banking details

Mobile Malware by TypeSource Symantec

p 16

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Cumulative Mobile Android MalwareSource Symantec

VARIANTS FAMILIES

40

80

120

160

200

240

280

320

360

400

J2014

DNOSAJJMAMF

1000

2000

3000

4000

5000

6000

7000

8000

9000

10000

FAM

ILIE

S (

CU

MU

LATI

VE)

VAR

IAN

TS (

CU

MU

LATI

VE)

p 17

Symantec CorporationSymantec Intelligence Report JANUARY 2014

VU

LNER

AB

ILITIES

p 18

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Vulnerabilities

At a Glance

bull There were 555 new vulnerabilities discovered in January bringing the total for the last 12 months to 6443 This is a 17 percent increase over the prior twelve month period

bull There were two vulnerabilities in mobile operating systems disclosed during the month of January

bull Googlersquos Chrome browser continues to lead in reporting browser vulnerabilities while Oraclersquos Java leads in reported plug-in vulnerabilities

Total Vulnerabilities Disclosed by MonthSource Symantec

0

100

200

300

400

500

600

700

800

J2014

DNOSAJJMAMF

Plug-in VulnerabilitiesSource Symantec

10

20

30

40

50

60

70

80

Adobe Acrobat ReaderAdobe Flash PlayerApple QuickTimeOracle Sun Java

Browser VulnerabilitiesSource Symantec

10

20

30

40

50

60

Apple SafariGoogle ChromeMicrosoft Internet ExplorerMozilla FirefoxOpera

p 19

Symantec CorporationSymantec Intelligence Report JANUARY 2014

SPAM

PHISH

ING

amp M

ALW

AR

E

p 20

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global spam rate decreased 19 percentage points in January to 621 percent down from 640 percent in December

bull Mining was the most commonly targeted industry at 642 percent followed by Manufacturing at 632 percent

bull The com top-level domain (TLD) was again the most frequently used malicious TLD in January

bull Sex Dating spam is the most common category at 752 percent Pharmaceutical spam came in second at 201 percent

Spam

Top 5 Activity for Spam Destination by GeographySource Symantec

Geography Percent

Sri Lanka 747

Israel 688

Brazil 669

South Africa 653

Kuwait 648

Top 5 Activity for Spam Destination by IndustrySource Symantec

Industry Percent

Mining 642

Manufacturing 632

Agriculture forestry amp fishing 629

Services - Professional 621

Construction 621

p 21

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 10 Sources of SpamSource Symantec

Source Percent of All Spam

Canada 77

Spain 68

Russian Federation 64

United States 59

Finland 56

Italy 50

Argentina 42

India 37

Ukraine 32

Romania 31

Spam URL Distribution Based on Top Level Domain NameSource Symantec

Month com info ru biz

Dec 331 137 132 103

Nov 367 124 not listed 96

Data lags one month

Average Spam Message SizeSource Symantec

Month 0Kb ndash 5Kb 5Kb ndash 10Kb gt10Kb

Dec 284 192 523

Nov 370 247 384

Data lags one month

Spam by CategorySource Symantec

Category Percent

SexDating 752

Pharma 201

Jobs 18

Software 08

Watches 08

Top 5 Activity for Spam Destination by Company SizeSource Symantec

Company Size Percent

1-250 620

251-500 618

501-1000 624

1001-1500 622

1501-2500 620

2501+ 623

p 22

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global phishing rate is down in January comprising one in 1 in 1444 email messages In December this rate was one in 1 in 1053

bull Financial themes continue to be the most frequent subject matter with 675 percent of phishing scams containing this theme

bull The South Africa had the highest rate in January where one in 530 emails was a phishing scam

bull The United States tops the list of sources of phishing emails responsible for distributing 399 percent of phishing scams

bull Public Administration was the most targeted industry in January with one in every 761 emails received in this industry being a phishing scam

Phishing

Top 5 Activity for Phishing Destination by GeographySource Symantec

Geography Rate

South Africa 1 in 540

United Kingdom 1 in 731

Australia 1 in 821

Austria 1 in 1183

New Zealand 1 in 1215

Top 5 Activity for Phishing Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 761

Agriculture forestry amp fishing 1 in 874

Services - Professional 1 in 1189

Transportation communications electric gas amp Sanitary Services

1 in 14572

Construction 1 in 15715

Top 5 Activity for Phishing Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 1122

251-500 1 in 1130

501-1000 1 in 1463

1001-1500 1 in 1563

1501-2500 1 in 1590

2501+ 1 in 1865

Top 10 Sources of PhishingSource Symantec

Source Percent

United States 399

Australia 271

United Kingdom 243

South Africa 24

Netherlands 18

Sweden 15

Singapore 04

Japan 03

United Arab Emirates 03

New Zealand 02

p 23

Symantec CorporationSymantec Intelligence Report JANUARY 2014

363

32

16

07

581Automated Toolkits

Other Unique Domains

IP Address Domains

Free Web Hosting Sites

Typosquatting

Phishing DistributionPhishing Distribution

Phishing DistributionSource Symantec

291

36

09

01

675Financial

Information Services

Retail

Computer Software

Communications

Organizations Spoofedin Phishing AttacksOrganizations Spoofedin Phishing Attacks

Organizations Spoofed in Phishing AttacksSource Symantec

p 24

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Malware

1 in 0

1 in 50

1 in 100

1 in 150

1 in 200

1 in 250

1 in 300

1 in 350

1 in 400

1 in 450

1 in 500J

2014DNOSAJJMAMF

Proportion of Email Traffic in Which Virus Was DetectedSource Symantec

Top 10 Email Virus SourcesSource Symantec

Geography Percent

United States 665

United Kingdom 150

Australia 41

Netherlands 21

France 18

Germany 12

Japan 12

South Africa 11

Canada 09

Hong Kong 07

At a Glance

bull The global average virus rate in January was one in 431 emails compared to one in 164 in December

bull Hungary topped the list of geographies with one in 217 emails containing a virus

bull The United States was the largest source of virus-laden emails making up 665 percent of all email-based viruses

bull Organizations with 250-500 employees were the most targeted company size where one and 383 emails contained a virus

p 25

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 5 Activity for Malware Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 309

Agriculture forestry amp fishing 1 in 332

Services - Professional 1 in 343

Wholesale 1 in 397

Services - Non Traditional 1 in 467

Top 5 Activity for Malware Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 398

251-500 1 in 383

501-1000 1 in 459

1001-1500 1 in 396

1501-2500 1 in 475

2501+ 1 in 459

Top 5 Activity for Malware Destination by Geographic LocationSource Symantec

Geography Rate

Hungary 1 in 217

South Africa 1 in 221

United Kingdom 1 in 287

Hong Kong 1 in 306

Ireland 1 in 344

p 26

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull Variants of W32Ramnit accounted for 94 percent of all malware blocked at the endpoint

bull In comparison 61 percent of all malware were variants of W32Sality

bull Approximately 495 percent of the most frequently blocked malware last month was identified and blocked using generic detection

Endpoint Security

Top 10 Most Frequently Blocked MalwareSource Symantec

Malware Percent

W32SalityAE 54

W32Ramnithtml 38

W32AlmanaheBinf 34

W32DownadupB 34

W32RamnitB 31

TrojanZbot 25

W32RamnitBinf 22

W32SillyFDC 17

W32VirutCF 17

W32SillyFDCBDPlnk 10

p 27

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Policy Based FilteringSource Symantec

Category Percent

Social Networking 517

Advertisement amp Popups 205

Streaming Media 43

Hosting Sites 32

Computing amp Internet 28

Chat 19

Search 15

Gambling 10

News 09

Entertainment 08

Policy Based Filtering

At a Glance

bull The most common trigger for policy-based filtering applied by Symantec Web Security cloud for its business clients was for the ldquoSocial Networkingrdquo category which accounted for 517 percent of blocked Web activity in January

bull ldquoAdvertisement amp Popupsrdquo was the second-most common trigger comprising 205 percent of blocked Web activity

p 28

Symantec CorporationSymantec Intelligence Report JANUARY 2014

About Symantec

More Information

bull Security Response Publications httpwwwsymanteccomsecurity_responsepublications

bull Internet Security Threat Report Resource Page httpwwwsymanteccomthreatreport

bull Symantec Security Response httpwwwsymanteccomsecurity_response

bull Norton Threat Explorer httpusnortoncomsecurity_responsethreatexplorer

bull Norton Cybercrime Index httpusnortoncomcybercrimeindex

Symantec protects the worldrsquos information and is a global leader in security backup and availability solutions Our innovative products and services protect people and information in any environmentmdashfrom the smallest mobile device to the enterprise data center to cloud-based systems Our world-renowned expertise in protecting data identities and interactions gives our customers confidence in a connected world More information is available at wwwsymanteccom or by connecting with Symantec at gosymanteccomsocialmedia

Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners

For specific country offices and contact numbers

please visit our website

For product information in the US

call toll-free 1 (800) 745 6054

Symantec Corporation World Headquarters

350 Ellis Street

Mountain View CA 94043 USA

+1 (650) 527 8000

1 (800) 721 3934

wwwsymanteccom

Confidence in a connected world

Page 10: Symantec Intelligence Report

p 10

Symantec CorporationSymantec Intelligence Report JANUARY 2014

SOCIA

L MED

IA

p 11

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Social Media

At a Glance

bull 82 percent of all social media attacks in January where fake offerings

bull Likejacking is the second-most common type of social media attack at 8 percent

Methodology

Fake Offering These scams invite social network users to join a fake event or group with incentives such as free gift cards Joining often requires the user to share credentials with the attacker or send a text to a premium rate number

Fake Plug-in Scams Users are tricked into downloading fake browser extensions on their machines Rogue browser extensions can pose like legitimate extensions but when installed can steal sensitive information from the infected machine

Likejacking Using fake ldquoLikerdquo buttons attackers trick users into clicking website buttons that install malware and may post updates on a userrsquos newsfeed spreading the attack

Fake Apps Applications provided by attackers that appear to be legitimate apps however they contain a malicious payload The attackers often take legitimate apps bundle malware with them and then re-release it as a free version of the app

Manual Sharing Scams These rely on victims to actually do the hard work of sharing the scam by presenting them with intriguing videos fake offers or messages that they share with their friends

Top 5 Social Media AttacksSource Symantec

Top 5 Social Media Attacks

8

5

Fake Offering

Manual Sharing

Likejacking

2 Fake Apps

2 Comment Jacking

82

p 12

Symantec CorporationSymantec Intelligence Report JANUARY 2014

DATA

BR

EACHES

p 13

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Data Breaches

At a Glance

bull The largest data breach that was reported in January resulted in the exposure of 1058 million identities

bull The reported number of identities exposed in a late-November data breach has since been adjusted upward This breach is now estimated to have exposed 110 million identities

bull In the last 12 months more than 500 million identities have been exposed

Twelve-Month Timeline of Data BreachesSource Symantec

NU

MB

ER O

F IN

CID

ENTS

IDEN

TITI

ES B

RE

ACH

ED (M

ILLI

ON

S)

INCIDENTS IDENTITIES BREACHED

0

20

40

60

80

100

120

140

160

180

J2014

DNOSAJJMAMF

0

5

10

15

20

25

30

35

40

45

Top 5 Types of Information ExposedSource Symantec

39

39

37

31

70Real Names

Gov ID numbers (Soc Sec)

Birth Dates

Home Address

Medical Records

Information Exposed in BreachesInformation Exposed in Breaches

OF ALL BREACHES

Methodology

This data is procured from the Norton Cybercrime Index (CCI) The Norton CCI is a statistical model that measures the levels of threats including malicious software fraud identity theft spam phishing and social engineering daily The data breach section of the Norton CCI is derived from data breaches that have been reported by legitimate media sources and have exposed personal information

In some cases a data breach is not publicly reported during the same month the incident occurred or an adjustment is made in the number of identities reportedly exposed In these cases the data in the Norton CCI is updated This causes fluctuations in the numbers reported for previous months when a new report is released

Norton Cybercrime Indexhttpusnortoncomprotect-yourself

p 14

Symantec CorporationSymantec Intelligence Report JANUARY 2014

MO

BILE

p 15

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Mobile

At a Glance

bull 32 percent of mobile malware discovered over the last 12 months tracks users

bull Traditional threats such as back doors and downloaders are present in 14 percent of all mobile malware threats

bull Risks that collect data such as device info and banking details make up 15 percent of all risks

bull Three new mobile malware families were discovered in January along with 139 new variants

32

Track UserRisks that spy on the individual using the device collecting SMS messages or phone call logs tracking GPS coordinates recording phone calls or gathering pictures and video taken with the device

14

Traditional ThreatsThreats that carry out traditional malware functions such as back doors and downloaders

12

AdwareAnnoyanceMobile risks that display advertising or generally perform actions to disrupt the user

15

Send ContentThese risks will send text messages to premium SMS numbers ultimately appearing on the bill of the devicersquos owner Other risks can be used to send spam messages

13

Change SettingsThese types of risks attempt to elevate privileges or simply modify various settings within the operating system

15

Collect DataThis includes the collection of both device- and user-specific data such as device information configuration data or banking details

Mobile Malware by TypeSource Symantec

p 16

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Cumulative Mobile Android MalwareSource Symantec

VARIANTS FAMILIES

40

80

120

160

200

240

280

320

360

400

J2014

DNOSAJJMAMF

1000

2000

3000

4000

5000

6000

7000

8000

9000

10000

FAM

ILIE

S (

CU

MU

LATI

VE)

VAR

IAN

TS (

CU

MU

LATI

VE)

p 17

Symantec CorporationSymantec Intelligence Report JANUARY 2014

VU

LNER

AB

ILITIES

p 18

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Vulnerabilities

At a Glance

bull There were 555 new vulnerabilities discovered in January bringing the total for the last 12 months to 6443 This is a 17 percent increase over the prior twelve month period

bull There were two vulnerabilities in mobile operating systems disclosed during the month of January

bull Googlersquos Chrome browser continues to lead in reporting browser vulnerabilities while Oraclersquos Java leads in reported plug-in vulnerabilities

Total Vulnerabilities Disclosed by MonthSource Symantec

0

100

200

300

400

500

600

700

800

J2014

DNOSAJJMAMF

Plug-in VulnerabilitiesSource Symantec

10

20

30

40

50

60

70

80

Adobe Acrobat ReaderAdobe Flash PlayerApple QuickTimeOracle Sun Java

Browser VulnerabilitiesSource Symantec

10

20

30

40

50

60

Apple SafariGoogle ChromeMicrosoft Internet ExplorerMozilla FirefoxOpera

p 19

Symantec CorporationSymantec Intelligence Report JANUARY 2014

SPAM

PHISH

ING

amp M

ALW

AR

E

p 20

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global spam rate decreased 19 percentage points in January to 621 percent down from 640 percent in December

bull Mining was the most commonly targeted industry at 642 percent followed by Manufacturing at 632 percent

bull The com top-level domain (TLD) was again the most frequently used malicious TLD in January

bull Sex Dating spam is the most common category at 752 percent Pharmaceutical spam came in second at 201 percent

Spam

Top 5 Activity for Spam Destination by GeographySource Symantec

Geography Percent

Sri Lanka 747

Israel 688

Brazil 669

South Africa 653

Kuwait 648

Top 5 Activity for Spam Destination by IndustrySource Symantec

Industry Percent

Mining 642

Manufacturing 632

Agriculture forestry amp fishing 629

Services - Professional 621

Construction 621

p 21

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 10 Sources of SpamSource Symantec

Source Percent of All Spam

Canada 77

Spain 68

Russian Federation 64

United States 59

Finland 56

Italy 50

Argentina 42

India 37

Ukraine 32

Romania 31

Spam URL Distribution Based on Top Level Domain NameSource Symantec

Month com info ru biz

Dec 331 137 132 103

Nov 367 124 not listed 96

Data lags one month

Average Spam Message SizeSource Symantec

Month 0Kb ndash 5Kb 5Kb ndash 10Kb gt10Kb

Dec 284 192 523

Nov 370 247 384

Data lags one month

Spam by CategorySource Symantec

Category Percent

SexDating 752

Pharma 201

Jobs 18

Software 08

Watches 08

Top 5 Activity for Spam Destination by Company SizeSource Symantec

Company Size Percent

1-250 620

251-500 618

501-1000 624

1001-1500 622

1501-2500 620

2501+ 623

p 22

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global phishing rate is down in January comprising one in 1 in 1444 email messages In December this rate was one in 1 in 1053

bull Financial themes continue to be the most frequent subject matter with 675 percent of phishing scams containing this theme

bull The South Africa had the highest rate in January where one in 530 emails was a phishing scam

bull The United States tops the list of sources of phishing emails responsible for distributing 399 percent of phishing scams

bull Public Administration was the most targeted industry in January with one in every 761 emails received in this industry being a phishing scam

Phishing

Top 5 Activity for Phishing Destination by GeographySource Symantec

Geography Rate

South Africa 1 in 540

United Kingdom 1 in 731

Australia 1 in 821

Austria 1 in 1183

New Zealand 1 in 1215

Top 5 Activity for Phishing Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 761

Agriculture forestry amp fishing 1 in 874

Services - Professional 1 in 1189

Transportation communications electric gas amp Sanitary Services

1 in 14572

Construction 1 in 15715

Top 5 Activity for Phishing Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 1122

251-500 1 in 1130

501-1000 1 in 1463

1001-1500 1 in 1563

1501-2500 1 in 1590

2501+ 1 in 1865

Top 10 Sources of PhishingSource Symantec

Source Percent

United States 399

Australia 271

United Kingdom 243

South Africa 24

Netherlands 18

Sweden 15

Singapore 04

Japan 03

United Arab Emirates 03

New Zealand 02

p 23

Symantec CorporationSymantec Intelligence Report JANUARY 2014

363

32

16

07

581Automated Toolkits

Other Unique Domains

IP Address Domains

Free Web Hosting Sites

Typosquatting

Phishing DistributionPhishing Distribution

Phishing DistributionSource Symantec

291

36

09

01

675Financial

Information Services

Retail

Computer Software

Communications

Organizations Spoofedin Phishing AttacksOrganizations Spoofedin Phishing Attacks

Organizations Spoofed in Phishing AttacksSource Symantec

p 24

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Malware

1 in 0

1 in 50

1 in 100

1 in 150

1 in 200

1 in 250

1 in 300

1 in 350

1 in 400

1 in 450

1 in 500J

2014DNOSAJJMAMF

Proportion of Email Traffic in Which Virus Was DetectedSource Symantec

Top 10 Email Virus SourcesSource Symantec

Geography Percent

United States 665

United Kingdom 150

Australia 41

Netherlands 21

France 18

Germany 12

Japan 12

South Africa 11

Canada 09

Hong Kong 07

At a Glance

bull The global average virus rate in January was one in 431 emails compared to one in 164 in December

bull Hungary topped the list of geographies with one in 217 emails containing a virus

bull The United States was the largest source of virus-laden emails making up 665 percent of all email-based viruses

bull Organizations with 250-500 employees were the most targeted company size where one and 383 emails contained a virus

p 25

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 5 Activity for Malware Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 309

Agriculture forestry amp fishing 1 in 332

Services - Professional 1 in 343

Wholesale 1 in 397

Services - Non Traditional 1 in 467

Top 5 Activity for Malware Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 398

251-500 1 in 383

501-1000 1 in 459

1001-1500 1 in 396

1501-2500 1 in 475

2501+ 1 in 459

Top 5 Activity for Malware Destination by Geographic LocationSource Symantec

Geography Rate

Hungary 1 in 217

South Africa 1 in 221

United Kingdom 1 in 287

Hong Kong 1 in 306

Ireland 1 in 344

p 26

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull Variants of W32Ramnit accounted for 94 percent of all malware blocked at the endpoint

bull In comparison 61 percent of all malware were variants of W32Sality

bull Approximately 495 percent of the most frequently blocked malware last month was identified and blocked using generic detection

Endpoint Security

Top 10 Most Frequently Blocked MalwareSource Symantec

Malware Percent

W32SalityAE 54

W32Ramnithtml 38

W32AlmanaheBinf 34

W32DownadupB 34

W32RamnitB 31

TrojanZbot 25

W32RamnitBinf 22

W32SillyFDC 17

W32VirutCF 17

W32SillyFDCBDPlnk 10

p 27

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Policy Based FilteringSource Symantec

Category Percent

Social Networking 517

Advertisement amp Popups 205

Streaming Media 43

Hosting Sites 32

Computing amp Internet 28

Chat 19

Search 15

Gambling 10

News 09

Entertainment 08

Policy Based Filtering

At a Glance

bull The most common trigger for policy-based filtering applied by Symantec Web Security cloud for its business clients was for the ldquoSocial Networkingrdquo category which accounted for 517 percent of blocked Web activity in January

bull ldquoAdvertisement amp Popupsrdquo was the second-most common trigger comprising 205 percent of blocked Web activity

p 28

Symantec CorporationSymantec Intelligence Report JANUARY 2014

About Symantec

More Information

bull Security Response Publications httpwwwsymanteccomsecurity_responsepublications

bull Internet Security Threat Report Resource Page httpwwwsymanteccomthreatreport

bull Symantec Security Response httpwwwsymanteccomsecurity_response

bull Norton Threat Explorer httpusnortoncomsecurity_responsethreatexplorer

bull Norton Cybercrime Index httpusnortoncomcybercrimeindex

Symantec protects the worldrsquos information and is a global leader in security backup and availability solutions Our innovative products and services protect people and information in any environmentmdashfrom the smallest mobile device to the enterprise data center to cloud-based systems Our world-renowned expertise in protecting data identities and interactions gives our customers confidence in a connected world More information is available at wwwsymanteccom or by connecting with Symantec at gosymanteccomsocialmedia

Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners

For specific country offices and contact numbers

please visit our website

For product information in the US

call toll-free 1 (800) 745 6054

Symantec Corporation World Headquarters

350 Ellis Street

Mountain View CA 94043 USA

+1 (650) 527 8000

1 (800) 721 3934

wwwsymanteccom

Confidence in a connected world

Page 11: Symantec Intelligence Report

p 11

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Social Media

At a Glance

bull 82 percent of all social media attacks in January where fake offerings

bull Likejacking is the second-most common type of social media attack at 8 percent

Methodology

Fake Offering These scams invite social network users to join a fake event or group with incentives such as free gift cards Joining often requires the user to share credentials with the attacker or send a text to a premium rate number

Fake Plug-in Scams Users are tricked into downloading fake browser extensions on their machines Rogue browser extensions can pose like legitimate extensions but when installed can steal sensitive information from the infected machine

Likejacking Using fake ldquoLikerdquo buttons attackers trick users into clicking website buttons that install malware and may post updates on a userrsquos newsfeed spreading the attack

Fake Apps Applications provided by attackers that appear to be legitimate apps however they contain a malicious payload The attackers often take legitimate apps bundle malware with them and then re-release it as a free version of the app

Manual Sharing Scams These rely on victims to actually do the hard work of sharing the scam by presenting them with intriguing videos fake offers or messages that they share with their friends

Top 5 Social Media AttacksSource Symantec

Top 5 Social Media Attacks

8

5

Fake Offering

Manual Sharing

Likejacking

2 Fake Apps

2 Comment Jacking

82

p 12

Symantec CorporationSymantec Intelligence Report JANUARY 2014

DATA

BR

EACHES

p 13

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Data Breaches

At a Glance

bull The largest data breach that was reported in January resulted in the exposure of 1058 million identities

bull The reported number of identities exposed in a late-November data breach has since been adjusted upward This breach is now estimated to have exposed 110 million identities

bull In the last 12 months more than 500 million identities have been exposed

Twelve-Month Timeline of Data BreachesSource Symantec

NU

MB

ER O

F IN

CID

ENTS

IDEN

TITI

ES B

RE

ACH

ED (M

ILLI

ON

S)

INCIDENTS IDENTITIES BREACHED

0

20

40

60

80

100

120

140

160

180

J2014

DNOSAJJMAMF

0

5

10

15

20

25

30

35

40

45

Top 5 Types of Information ExposedSource Symantec

39

39

37

31

70Real Names

Gov ID numbers (Soc Sec)

Birth Dates

Home Address

Medical Records

Information Exposed in BreachesInformation Exposed in Breaches

OF ALL BREACHES

Methodology

This data is procured from the Norton Cybercrime Index (CCI) The Norton CCI is a statistical model that measures the levels of threats including malicious software fraud identity theft spam phishing and social engineering daily The data breach section of the Norton CCI is derived from data breaches that have been reported by legitimate media sources and have exposed personal information

In some cases a data breach is not publicly reported during the same month the incident occurred or an adjustment is made in the number of identities reportedly exposed In these cases the data in the Norton CCI is updated This causes fluctuations in the numbers reported for previous months when a new report is released

Norton Cybercrime Indexhttpusnortoncomprotect-yourself

p 14

Symantec CorporationSymantec Intelligence Report JANUARY 2014

MO

BILE

p 15

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Mobile

At a Glance

bull 32 percent of mobile malware discovered over the last 12 months tracks users

bull Traditional threats such as back doors and downloaders are present in 14 percent of all mobile malware threats

bull Risks that collect data such as device info and banking details make up 15 percent of all risks

bull Three new mobile malware families were discovered in January along with 139 new variants

32

Track UserRisks that spy on the individual using the device collecting SMS messages or phone call logs tracking GPS coordinates recording phone calls or gathering pictures and video taken with the device

14

Traditional ThreatsThreats that carry out traditional malware functions such as back doors and downloaders

12

AdwareAnnoyanceMobile risks that display advertising or generally perform actions to disrupt the user

15

Send ContentThese risks will send text messages to premium SMS numbers ultimately appearing on the bill of the devicersquos owner Other risks can be used to send spam messages

13

Change SettingsThese types of risks attempt to elevate privileges or simply modify various settings within the operating system

15

Collect DataThis includes the collection of both device- and user-specific data such as device information configuration data or banking details

Mobile Malware by TypeSource Symantec

p 16

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Cumulative Mobile Android MalwareSource Symantec

VARIANTS FAMILIES

40

80

120

160

200

240

280

320

360

400

J2014

DNOSAJJMAMF

1000

2000

3000

4000

5000

6000

7000

8000

9000

10000

FAM

ILIE

S (

CU

MU

LATI

VE)

VAR

IAN

TS (

CU

MU

LATI

VE)

p 17

Symantec CorporationSymantec Intelligence Report JANUARY 2014

VU

LNER

AB

ILITIES

p 18

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Vulnerabilities

At a Glance

bull There were 555 new vulnerabilities discovered in January bringing the total for the last 12 months to 6443 This is a 17 percent increase over the prior twelve month period

bull There were two vulnerabilities in mobile operating systems disclosed during the month of January

bull Googlersquos Chrome browser continues to lead in reporting browser vulnerabilities while Oraclersquos Java leads in reported plug-in vulnerabilities

Total Vulnerabilities Disclosed by MonthSource Symantec

0

100

200

300

400

500

600

700

800

J2014

DNOSAJJMAMF

Plug-in VulnerabilitiesSource Symantec

10

20

30

40

50

60

70

80

Adobe Acrobat ReaderAdobe Flash PlayerApple QuickTimeOracle Sun Java

Browser VulnerabilitiesSource Symantec

10

20

30

40

50

60

Apple SafariGoogle ChromeMicrosoft Internet ExplorerMozilla FirefoxOpera

p 19

Symantec CorporationSymantec Intelligence Report JANUARY 2014

SPAM

PHISH

ING

amp M

ALW

AR

E

p 20

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global spam rate decreased 19 percentage points in January to 621 percent down from 640 percent in December

bull Mining was the most commonly targeted industry at 642 percent followed by Manufacturing at 632 percent

bull The com top-level domain (TLD) was again the most frequently used malicious TLD in January

bull Sex Dating spam is the most common category at 752 percent Pharmaceutical spam came in second at 201 percent

Spam

Top 5 Activity for Spam Destination by GeographySource Symantec

Geography Percent

Sri Lanka 747

Israel 688

Brazil 669

South Africa 653

Kuwait 648

Top 5 Activity for Spam Destination by IndustrySource Symantec

Industry Percent

Mining 642

Manufacturing 632

Agriculture forestry amp fishing 629

Services - Professional 621

Construction 621

p 21

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 10 Sources of SpamSource Symantec

Source Percent of All Spam

Canada 77

Spain 68

Russian Federation 64

United States 59

Finland 56

Italy 50

Argentina 42

India 37

Ukraine 32

Romania 31

Spam URL Distribution Based on Top Level Domain NameSource Symantec

Month com info ru biz

Dec 331 137 132 103

Nov 367 124 not listed 96

Data lags one month

Average Spam Message SizeSource Symantec

Month 0Kb ndash 5Kb 5Kb ndash 10Kb gt10Kb

Dec 284 192 523

Nov 370 247 384

Data lags one month

Spam by CategorySource Symantec

Category Percent

SexDating 752

Pharma 201

Jobs 18

Software 08

Watches 08

Top 5 Activity for Spam Destination by Company SizeSource Symantec

Company Size Percent

1-250 620

251-500 618

501-1000 624

1001-1500 622

1501-2500 620

2501+ 623

p 22

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global phishing rate is down in January comprising one in 1 in 1444 email messages In December this rate was one in 1 in 1053

bull Financial themes continue to be the most frequent subject matter with 675 percent of phishing scams containing this theme

bull The South Africa had the highest rate in January where one in 530 emails was a phishing scam

bull The United States tops the list of sources of phishing emails responsible for distributing 399 percent of phishing scams

bull Public Administration was the most targeted industry in January with one in every 761 emails received in this industry being a phishing scam

Phishing

Top 5 Activity for Phishing Destination by GeographySource Symantec

Geography Rate

South Africa 1 in 540

United Kingdom 1 in 731

Australia 1 in 821

Austria 1 in 1183

New Zealand 1 in 1215

Top 5 Activity for Phishing Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 761

Agriculture forestry amp fishing 1 in 874

Services - Professional 1 in 1189

Transportation communications electric gas amp Sanitary Services

1 in 14572

Construction 1 in 15715

Top 5 Activity for Phishing Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 1122

251-500 1 in 1130

501-1000 1 in 1463

1001-1500 1 in 1563

1501-2500 1 in 1590

2501+ 1 in 1865

Top 10 Sources of PhishingSource Symantec

Source Percent

United States 399

Australia 271

United Kingdom 243

South Africa 24

Netherlands 18

Sweden 15

Singapore 04

Japan 03

United Arab Emirates 03

New Zealand 02

p 23

Symantec CorporationSymantec Intelligence Report JANUARY 2014

363

32

16

07

581Automated Toolkits

Other Unique Domains

IP Address Domains

Free Web Hosting Sites

Typosquatting

Phishing DistributionPhishing Distribution

Phishing DistributionSource Symantec

291

36

09

01

675Financial

Information Services

Retail

Computer Software

Communications

Organizations Spoofedin Phishing AttacksOrganizations Spoofedin Phishing Attacks

Organizations Spoofed in Phishing AttacksSource Symantec

p 24

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Malware

1 in 0

1 in 50

1 in 100

1 in 150

1 in 200

1 in 250

1 in 300

1 in 350

1 in 400

1 in 450

1 in 500J

2014DNOSAJJMAMF

Proportion of Email Traffic in Which Virus Was DetectedSource Symantec

Top 10 Email Virus SourcesSource Symantec

Geography Percent

United States 665

United Kingdom 150

Australia 41

Netherlands 21

France 18

Germany 12

Japan 12

South Africa 11

Canada 09

Hong Kong 07

At a Glance

bull The global average virus rate in January was one in 431 emails compared to one in 164 in December

bull Hungary topped the list of geographies with one in 217 emails containing a virus

bull The United States was the largest source of virus-laden emails making up 665 percent of all email-based viruses

bull Organizations with 250-500 employees were the most targeted company size where one and 383 emails contained a virus

p 25

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 5 Activity for Malware Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 309

Agriculture forestry amp fishing 1 in 332

Services - Professional 1 in 343

Wholesale 1 in 397

Services - Non Traditional 1 in 467

Top 5 Activity for Malware Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 398

251-500 1 in 383

501-1000 1 in 459

1001-1500 1 in 396

1501-2500 1 in 475

2501+ 1 in 459

Top 5 Activity for Malware Destination by Geographic LocationSource Symantec

Geography Rate

Hungary 1 in 217

South Africa 1 in 221

United Kingdom 1 in 287

Hong Kong 1 in 306

Ireland 1 in 344

p 26

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull Variants of W32Ramnit accounted for 94 percent of all malware blocked at the endpoint

bull In comparison 61 percent of all malware were variants of W32Sality

bull Approximately 495 percent of the most frequently blocked malware last month was identified and blocked using generic detection

Endpoint Security

Top 10 Most Frequently Blocked MalwareSource Symantec

Malware Percent

W32SalityAE 54

W32Ramnithtml 38

W32AlmanaheBinf 34

W32DownadupB 34

W32RamnitB 31

TrojanZbot 25

W32RamnitBinf 22

W32SillyFDC 17

W32VirutCF 17

W32SillyFDCBDPlnk 10

p 27

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Policy Based FilteringSource Symantec

Category Percent

Social Networking 517

Advertisement amp Popups 205

Streaming Media 43

Hosting Sites 32

Computing amp Internet 28

Chat 19

Search 15

Gambling 10

News 09

Entertainment 08

Policy Based Filtering

At a Glance

bull The most common trigger for policy-based filtering applied by Symantec Web Security cloud for its business clients was for the ldquoSocial Networkingrdquo category which accounted for 517 percent of blocked Web activity in January

bull ldquoAdvertisement amp Popupsrdquo was the second-most common trigger comprising 205 percent of blocked Web activity

p 28

Symantec CorporationSymantec Intelligence Report JANUARY 2014

About Symantec

More Information

bull Security Response Publications httpwwwsymanteccomsecurity_responsepublications

bull Internet Security Threat Report Resource Page httpwwwsymanteccomthreatreport

bull Symantec Security Response httpwwwsymanteccomsecurity_response

bull Norton Threat Explorer httpusnortoncomsecurity_responsethreatexplorer

bull Norton Cybercrime Index httpusnortoncomcybercrimeindex

Symantec protects the worldrsquos information and is a global leader in security backup and availability solutions Our innovative products and services protect people and information in any environmentmdashfrom the smallest mobile device to the enterprise data center to cloud-based systems Our world-renowned expertise in protecting data identities and interactions gives our customers confidence in a connected world More information is available at wwwsymanteccom or by connecting with Symantec at gosymanteccomsocialmedia

Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners

For specific country offices and contact numbers

please visit our website

For product information in the US

call toll-free 1 (800) 745 6054

Symantec Corporation World Headquarters

350 Ellis Street

Mountain View CA 94043 USA

+1 (650) 527 8000

1 (800) 721 3934

wwwsymanteccom

Confidence in a connected world

Page 12: Symantec Intelligence Report

p 12

Symantec CorporationSymantec Intelligence Report JANUARY 2014

DATA

BR

EACHES

p 13

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Data Breaches

At a Glance

bull The largest data breach that was reported in January resulted in the exposure of 1058 million identities

bull The reported number of identities exposed in a late-November data breach has since been adjusted upward This breach is now estimated to have exposed 110 million identities

bull In the last 12 months more than 500 million identities have been exposed

Twelve-Month Timeline of Data BreachesSource Symantec

NU

MB

ER O

F IN

CID

ENTS

IDEN

TITI

ES B

RE

ACH

ED (M

ILLI

ON

S)

INCIDENTS IDENTITIES BREACHED

0

20

40

60

80

100

120

140

160

180

J2014

DNOSAJJMAMF

0

5

10

15

20

25

30

35

40

45

Top 5 Types of Information ExposedSource Symantec

39

39

37

31

70Real Names

Gov ID numbers (Soc Sec)

Birth Dates

Home Address

Medical Records

Information Exposed in BreachesInformation Exposed in Breaches

OF ALL BREACHES

Methodology

This data is procured from the Norton Cybercrime Index (CCI) The Norton CCI is a statistical model that measures the levels of threats including malicious software fraud identity theft spam phishing and social engineering daily The data breach section of the Norton CCI is derived from data breaches that have been reported by legitimate media sources and have exposed personal information

In some cases a data breach is not publicly reported during the same month the incident occurred or an adjustment is made in the number of identities reportedly exposed In these cases the data in the Norton CCI is updated This causes fluctuations in the numbers reported for previous months when a new report is released

Norton Cybercrime Indexhttpusnortoncomprotect-yourself

p 14

Symantec CorporationSymantec Intelligence Report JANUARY 2014

MO

BILE

p 15

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Mobile

At a Glance

bull 32 percent of mobile malware discovered over the last 12 months tracks users

bull Traditional threats such as back doors and downloaders are present in 14 percent of all mobile malware threats

bull Risks that collect data such as device info and banking details make up 15 percent of all risks

bull Three new mobile malware families were discovered in January along with 139 new variants

32

Track UserRisks that spy on the individual using the device collecting SMS messages or phone call logs tracking GPS coordinates recording phone calls or gathering pictures and video taken with the device

14

Traditional ThreatsThreats that carry out traditional malware functions such as back doors and downloaders

12

AdwareAnnoyanceMobile risks that display advertising or generally perform actions to disrupt the user

15

Send ContentThese risks will send text messages to premium SMS numbers ultimately appearing on the bill of the devicersquos owner Other risks can be used to send spam messages

13

Change SettingsThese types of risks attempt to elevate privileges or simply modify various settings within the operating system

15

Collect DataThis includes the collection of both device- and user-specific data such as device information configuration data or banking details

Mobile Malware by TypeSource Symantec

p 16

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Cumulative Mobile Android MalwareSource Symantec

VARIANTS FAMILIES

40

80

120

160

200

240

280

320

360

400

J2014

DNOSAJJMAMF

1000

2000

3000

4000

5000

6000

7000

8000

9000

10000

FAM

ILIE

S (

CU

MU

LATI

VE)

VAR

IAN

TS (

CU

MU

LATI

VE)

p 17

Symantec CorporationSymantec Intelligence Report JANUARY 2014

VU

LNER

AB

ILITIES

p 18

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Vulnerabilities

At a Glance

bull There were 555 new vulnerabilities discovered in January bringing the total for the last 12 months to 6443 This is a 17 percent increase over the prior twelve month period

bull There were two vulnerabilities in mobile operating systems disclosed during the month of January

bull Googlersquos Chrome browser continues to lead in reporting browser vulnerabilities while Oraclersquos Java leads in reported plug-in vulnerabilities

Total Vulnerabilities Disclosed by MonthSource Symantec

0

100

200

300

400

500

600

700

800

J2014

DNOSAJJMAMF

Plug-in VulnerabilitiesSource Symantec

10

20

30

40

50

60

70

80

Adobe Acrobat ReaderAdobe Flash PlayerApple QuickTimeOracle Sun Java

Browser VulnerabilitiesSource Symantec

10

20

30

40

50

60

Apple SafariGoogle ChromeMicrosoft Internet ExplorerMozilla FirefoxOpera

p 19

Symantec CorporationSymantec Intelligence Report JANUARY 2014

SPAM

PHISH

ING

amp M

ALW

AR

E

p 20

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global spam rate decreased 19 percentage points in January to 621 percent down from 640 percent in December

bull Mining was the most commonly targeted industry at 642 percent followed by Manufacturing at 632 percent

bull The com top-level domain (TLD) was again the most frequently used malicious TLD in January

bull Sex Dating spam is the most common category at 752 percent Pharmaceutical spam came in second at 201 percent

Spam

Top 5 Activity for Spam Destination by GeographySource Symantec

Geography Percent

Sri Lanka 747

Israel 688

Brazil 669

South Africa 653

Kuwait 648

Top 5 Activity for Spam Destination by IndustrySource Symantec

Industry Percent

Mining 642

Manufacturing 632

Agriculture forestry amp fishing 629

Services - Professional 621

Construction 621

p 21

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 10 Sources of SpamSource Symantec

Source Percent of All Spam

Canada 77

Spain 68

Russian Federation 64

United States 59

Finland 56

Italy 50

Argentina 42

India 37

Ukraine 32

Romania 31

Spam URL Distribution Based on Top Level Domain NameSource Symantec

Month com info ru biz

Dec 331 137 132 103

Nov 367 124 not listed 96

Data lags one month

Average Spam Message SizeSource Symantec

Month 0Kb ndash 5Kb 5Kb ndash 10Kb gt10Kb

Dec 284 192 523

Nov 370 247 384

Data lags one month

Spam by CategorySource Symantec

Category Percent

SexDating 752

Pharma 201

Jobs 18

Software 08

Watches 08

Top 5 Activity for Spam Destination by Company SizeSource Symantec

Company Size Percent

1-250 620

251-500 618

501-1000 624

1001-1500 622

1501-2500 620

2501+ 623

p 22

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global phishing rate is down in January comprising one in 1 in 1444 email messages In December this rate was one in 1 in 1053

bull Financial themes continue to be the most frequent subject matter with 675 percent of phishing scams containing this theme

bull The South Africa had the highest rate in January where one in 530 emails was a phishing scam

bull The United States tops the list of sources of phishing emails responsible for distributing 399 percent of phishing scams

bull Public Administration was the most targeted industry in January with one in every 761 emails received in this industry being a phishing scam

Phishing

Top 5 Activity for Phishing Destination by GeographySource Symantec

Geography Rate

South Africa 1 in 540

United Kingdom 1 in 731

Australia 1 in 821

Austria 1 in 1183

New Zealand 1 in 1215

Top 5 Activity for Phishing Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 761

Agriculture forestry amp fishing 1 in 874

Services - Professional 1 in 1189

Transportation communications electric gas amp Sanitary Services

1 in 14572

Construction 1 in 15715

Top 5 Activity for Phishing Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 1122

251-500 1 in 1130

501-1000 1 in 1463

1001-1500 1 in 1563

1501-2500 1 in 1590

2501+ 1 in 1865

Top 10 Sources of PhishingSource Symantec

Source Percent

United States 399

Australia 271

United Kingdom 243

South Africa 24

Netherlands 18

Sweden 15

Singapore 04

Japan 03

United Arab Emirates 03

New Zealand 02

p 23

Symantec CorporationSymantec Intelligence Report JANUARY 2014

363

32

16

07

581Automated Toolkits

Other Unique Domains

IP Address Domains

Free Web Hosting Sites

Typosquatting

Phishing DistributionPhishing Distribution

Phishing DistributionSource Symantec

291

36

09

01

675Financial

Information Services

Retail

Computer Software

Communications

Organizations Spoofedin Phishing AttacksOrganizations Spoofedin Phishing Attacks

Organizations Spoofed in Phishing AttacksSource Symantec

p 24

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Malware

1 in 0

1 in 50

1 in 100

1 in 150

1 in 200

1 in 250

1 in 300

1 in 350

1 in 400

1 in 450

1 in 500J

2014DNOSAJJMAMF

Proportion of Email Traffic in Which Virus Was DetectedSource Symantec

Top 10 Email Virus SourcesSource Symantec

Geography Percent

United States 665

United Kingdom 150

Australia 41

Netherlands 21

France 18

Germany 12

Japan 12

South Africa 11

Canada 09

Hong Kong 07

At a Glance

bull The global average virus rate in January was one in 431 emails compared to one in 164 in December

bull Hungary topped the list of geographies with one in 217 emails containing a virus

bull The United States was the largest source of virus-laden emails making up 665 percent of all email-based viruses

bull Organizations with 250-500 employees were the most targeted company size where one and 383 emails contained a virus

p 25

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 5 Activity for Malware Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 309

Agriculture forestry amp fishing 1 in 332

Services - Professional 1 in 343

Wholesale 1 in 397

Services - Non Traditional 1 in 467

Top 5 Activity for Malware Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 398

251-500 1 in 383

501-1000 1 in 459

1001-1500 1 in 396

1501-2500 1 in 475

2501+ 1 in 459

Top 5 Activity for Malware Destination by Geographic LocationSource Symantec

Geography Rate

Hungary 1 in 217

South Africa 1 in 221

United Kingdom 1 in 287

Hong Kong 1 in 306

Ireland 1 in 344

p 26

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull Variants of W32Ramnit accounted for 94 percent of all malware blocked at the endpoint

bull In comparison 61 percent of all malware were variants of W32Sality

bull Approximately 495 percent of the most frequently blocked malware last month was identified and blocked using generic detection

Endpoint Security

Top 10 Most Frequently Blocked MalwareSource Symantec

Malware Percent

W32SalityAE 54

W32Ramnithtml 38

W32AlmanaheBinf 34

W32DownadupB 34

W32RamnitB 31

TrojanZbot 25

W32RamnitBinf 22

W32SillyFDC 17

W32VirutCF 17

W32SillyFDCBDPlnk 10

p 27

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Policy Based FilteringSource Symantec

Category Percent

Social Networking 517

Advertisement amp Popups 205

Streaming Media 43

Hosting Sites 32

Computing amp Internet 28

Chat 19

Search 15

Gambling 10

News 09

Entertainment 08

Policy Based Filtering

At a Glance

bull The most common trigger for policy-based filtering applied by Symantec Web Security cloud for its business clients was for the ldquoSocial Networkingrdquo category which accounted for 517 percent of blocked Web activity in January

bull ldquoAdvertisement amp Popupsrdquo was the second-most common trigger comprising 205 percent of blocked Web activity

p 28

Symantec CorporationSymantec Intelligence Report JANUARY 2014

About Symantec

More Information

bull Security Response Publications httpwwwsymanteccomsecurity_responsepublications

bull Internet Security Threat Report Resource Page httpwwwsymanteccomthreatreport

bull Symantec Security Response httpwwwsymanteccomsecurity_response

bull Norton Threat Explorer httpusnortoncomsecurity_responsethreatexplorer

bull Norton Cybercrime Index httpusnortoncomcybercrimeindex

Symantec protects the worldrsquos information and is a global leader in security backup and availability solutions Our innovative products and services protect people and information in any environmentmdashfrom the smallest mobile device to the enterprise data center to cloud-based systems Our world-renowned expertise in protecting data identities and interactions gives our customers confidence in a connected world More information is available at wwwsymanteccom or by connecting with Symantec at gosymanteccomsocialmedia

Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners

For specific country offices and contact numbers

please visit our website

For product information in the US

call toll-free 1 (800) 745 6054

Symantec Corporation World Headquarters

350 Ellis Street

Mountain View CA 94043 USA

+1 (650) 527 8000

1 (800) 721 3934

wwwsymanteccom

Confidence in a connected world

Page 13: Symantec Intelligence Report

p 13

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Data Breaches

At a Glance

bull The largest data breach that was reported in January resulted in the exposure of 1058 million identities

bull The reported number of identities exposed in a late-November data breach has since been adjusted upward This breach is now estimated to have exposed 110 million identities

bull In the last 12 months more than 500 million identities have been exposed

Twelve-Month Timeline of Data BreachesSource Symantec

NU

MB

ER O

F IN

CID

ENTS

IDEN

TITI

ES B

RE

ACH

ED (M

ILLI

ON

S)

INCIDENTS IDENTITIES BREACHED

0

20

40

60

80

100

120

140

160

180

J2014

DNOSAJJMAMF

0

5

10

15

20

25

30

35

40

45

Top 5 Types of Information ExposedSource Symantec

39

39

37

31

70Real Names

Gov ID numbers (Soc Sec)

Birth Dates

Home Address

Medical Records

Information Exposed in BreachesInformation Exposed in Breaches

OF ALL BREACHES

Methodology

This data is procured from the Norton Cybercrime Index (CCI) The Norton CCI is a statistical model that measures the levels of threats including malicious software fraud identity theft spam phishing and social engineering daily The data breach section of the Norton CCI is derived from data breaches that have been reported by legitimate media sources and have exposed personal information

In some cases a data breach is not publicly reported during the same month the incident occurred or an adjustment is made in the number of identities reportedly exposed In these cases the data in the Norton CCI is updated This causes fluctuations in the numbers reported for previous months when a new report is released

Norton Cybercrime Indexhttpusnortoncomprotect-yourself

p 14

Symantec CorporationSymantec Intelligence Report JANUARY 2014

MO

BILE

p 15

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Mobile

At a Glance

bull 32 percent of mobile malware discovered over the last 12 months tracks users

bull Traditional threats such as back doors and downloaders are present in 14 percent of all mobile malware threats

bull Risks that collect data such as device info and banking details make up 15 percent of all risks

bull Three new mobile malware families were discovered in January along with 139 new variants

32

Track UserRisks that spy on the individual using the device collecting SMS messages or phone call logs tracking GPS coordinates recording phone calls or gathering pictures and video taken with the device

14

Traditional ThreatsThreats that carry out traditional malware functions such as back doors and downloaders

12

AdwareAnnoyanceMobile risks that display advertising or generally perform actions to disrupt the user

15

Send ContentThese risks will send text messages to premium SMS numbers ultimately appearing on the bill of the devicersquos owner Other risks can be used to send spam messages

13

Change SettingsThese types of risks attempt to elevate privileges or simply modify various settings within the operating system

15

Collect DataThis includes the collection of both device- and user-specific data such as device information configuration data or banking details

Mobile Malware by TypeSource Symantec

p 16

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Cumulative Mobile Android MalwareSource Symantec

VARIANTS FAMILIES

40

80

120

160

200

240

280

320

360

400

J2014

DNOSAJJMAMF

1000

2000

3000

4000

5000

6000

7000

8000

9000

10000

FAM

ILIE

S (

CU

MU

LATI

VE)

VAR

IAN

TS (

CU

MU

LATI

VE)

p 17

Symantec CorporationSymantec Intelligence Report JANUARY 2014

VU

LNER

AB

ILITIES

p 18

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Vulnerabilities

At a Glance

bull There were 555 new vulnerabilities discovered in January bringing the total for the last 12 months to 6443 This is a 17 percent increase over the prior twelve month period

bull There were two vulnerabilities in mobile operating systems disclosed during the month of January

bull Googlersquos Chrome browser continues to lead in reporting browser vulnerabilities while Oraclersquos Java leads in reported plug-in vulnerabilities

Total Vulnerabilities Disclosed by MonthSource Symantec

0

100

200

300

400

500

600

700

800

J2014

DNOSAJJMAMF

Plug-in VulnerabilitiesSource Symantec

10

20

30

40

50

60

70

80

Adobe Acrobat ReaderAdobe Flash PlayerApple QuickTimeOracle Sun Java

Browser VulnerabilitiesSource Symantec

10

20

30

40

50

60

Apple SafariGoogle ChromeMicrosoft Internet ExplorerMozilla FirefoxOpera

p 19

Symantec CorporationSymantec Intelligence Report JANUARY 2014

SPAM

PHISH

ING

amp M

ALW

AR

E

p 20

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global spam rate decreased 19 percentage points in January to 621 percent down from 640 percent in December

bull Mining was the most commonly targeted industry at 642 percent followed by Manufacturing at 632 percent

bull The com top-level domain (TLD) was again the most frequently used malicious TLD in January

bull Sex Dating spam is the most common category at 752 percent Pharmaceutical spam came in second at 201 percent

Spam

Top 5 Activity for Spam Destination by GeographySource Symantec

Geography Percent

Sri Lanka 747

Israel 688

Brazil 669

South Africa 653

Kuwait 648

Top 5 Activity for Spam Destination by IndustrySource Symantec

Industry Percent

Mining 642

Manufacturing 632

Agriculture forestry amp fishing 629

Services - Professional 621

Construction 621

p 21

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 10 Sources of SpamSource Symantec

Source Percent of All Spam

Canada 77

Spain 68

Russian Federation 64

United States 59

Finland 56

Italy 50

Argentina 42

India 37

Ukraine 32

Romania 31

Spam URL Distribution Based on Top Level Domain NameSource Symantec

Month com info ru biz

Dec 331 137 132 103

Nov 367 124 not listed 96

Data lags one month

Average Spam Message SizeSource Symantec

Month 0Kb ndash 5Kb 5Kb ndash 10Kb gt10Kb

Dec 284 192 523

Nov 370 247 384

Data lags one month

Spam by CategorySource Symantec

Category Percent

SexDating 752

Pharma 201

Jobs 18

Software 08

Watches 08

Top 5 Activity for Spam Destination by Company SizeSource Symantec

Company Size Percent

1-250 620

251-500 618

501-1000 624

1001-1500 622

1501-2500 620

2501+ 623

p 22

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global phishing rate is down in January comprising one in 1 in 1444 email messages In December this rate was one in 1 in 1053

bull Financial themes continue to be the most frequent subject matter with 675 percent of phishing scams containing this theme

bull The South Africa had the highest rate in January where one in 530 emails was a phishing scam

bull The United States tops the list of sources of phishing emails responsible for distributing 399 percent of phishing scams

bull Public Administration was the most targeted industry in January with one in every 761 emails received in this industry being a phishing scam

Phishing

Top 5 Activity for Phishing Destination by GeographySource Symantec

Geography Rate

South Africa 1 in 540

United Kingdom 1 in 731

Australia 1 in 821

Austria 1 in 1183

New Zealand 1 in 1215

Top 5 Activity for Phishing Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 761

Agriculture forestry amp fishing 1 in 874

Services - Professional 1 in 1189

Transportation communications electric gas amp Sanitary Services

1 in 14572

Construction 1 in 15715

Top 5 Activity for Phishing Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 1122

251-500 1 in 1130

501-1000 1 in 1463

1001-1500 1 in 1563

1501-2500 1 in 1590

2501+ 1 in 1865

Top 10 Sources of PhishingSource Symantec

Source Percent

United States 399

Australia 271

United Kingdom 243

South Africa 24

Netherlands 18

Sweden 15

Singapore 04

Japan 03

United Arab Emirates 03

New Zealand 02

p 23

Symantec CorporationSymantec Intelligence Report JANUARY 2014

363

32

16

07

581Automated Toolkits

Other Unique Domains

IP Address Domains

Free Web Hosting Sites

Typosquatting

Phishing DistributionPhishing Distribution

Phishing DistributionSource Symantec

291

36

09

01

675Financial

Information Services

Retail

Computer Software

Communications

Organizations Spoofedin Phishing AttacksOrganizations Spoofedin Phishing Attacks

Organizations Spoofed in Phishing AttacksSource Symantec

p 24

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Malware

1 in 0

1 in 50

1 in 100

1 in 150

1 in 200

1 in 250

1 in 300

1 in 350

1 in 400

1 in 450

1 in 500J

2014DNOSAJJMAMF

Proportion of Email Traffic in Which Virus Was DetectedSource Symantec

Top 10 Email Virus SourcesSource Symantec

Geography Percent

United States 665

United Kingdom 150

Australia 41

Netherlands 21

France 18

Germany 12

Japan 12

South Africa 11

Canada 09

Hong Kong 07

At a Glance

bull The global average virus rate in January was one in 431 emails compared to one in 164 in December

bull Hungary topped the list of geographies with one in 217 emails containing a virus

bull The United States was the largest source of virus-laden emails making up 665 percent of all email-based viruses

bull Organizations with 250-500 employees were the most targeted company size where one and 383 emails contained a virus

p 25

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 5 Activity for Malware Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 309

Agriculture forestry amp fishing 1 in 332

Services - Professional 1 in 343

Wholesale 1 in 397

Services - Non Traditional 1 in 467

Top 5 Activity for Malware Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 398

251-500 1 in 383

501-1000 1 in 459

1001-1500 1 in 396

1501-2500 1 in 475

2501+ 1 in 459

Top 5 Activity for Malware Destination by Geographic LocationSource Symantec

Geography Rate

Hungary 1 in 217

South Africa 1 in 221

United Kingdom 1 in 287

Hong Kong 1 in 306

Ireland 1 in 344

p 26

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull Variants of W32Ramnit accounted for 94 percent of all malware blocked at the endpoint

bull In comparison 61 percent of all malware were variants of W32Sality

bull Approximately 495 percent of the most frequently blocked malware last month was identified and blocked using generic detection

Endpoint Security

Top 10 Most Frequently Blocked MalwareSource Symantec

Malware Percent

W32SalityAE 54

W32Ramnithtml 38

W32AlmanaheBinf 34

W32DownadupB 34

W32RamnitB 31

TrojanZbot 25

W32RamnitBinf 22

W32SillyFDC 17

W32VirutCF 17

W32SillyFDCBDPlnk 10

p 27

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Policy Based FilteringSource Symantec

Category Percent

Social Networking 517

Advertisement amp Popups 205

Streaming Media 43

Hosting Sites 32

Computing amp Internet 28

Chat 19

Search 15

Gambling 10

News 09

Entertainment 08

Policy Based Filtering

At a Glance

bull The most common trigger for policy-based filtering applied by Symantec Web Security cloud for its business clients was for the ldquoSocial Networkingrdquo category which accounted for 517 percent of blocked Web activity in January

bull ldquoAdvertisement amp Popupsrdquo was the second-most common trigger comprising 205 percent of blocked Web activity

p 28

Symantec CorporationSymantec Intelligence Report JANUARY 2014

About Symantec

More Information

bull Security Response Publications httpwwwsymanteccomsecurity_responsepublications

bull Internet Security Threat Report Resource Page httpwwwsymanteccomthreatreport

bull Symantec Security Response httpwwwsymanteccomsecurity_response

bull Norton Threat Explorer httpusnortoncomsecurity_responsethreatexplorer

bull Norton Cybercrime Index httpusnortoncomcybercrimeindex

Symantec protects the worldrsquos information and is a global leader in security backup and availability solutions Our innovative products and services protect people and information in any environmentmdashfrom the smallest mobile device to the enterprise data center to cloud-based systems Our world-renowned expertise in protecting data identities and interactions gives our customers confidence in a connected world More information is available at wwwsymanteccom or by connecting with Symantec at gosymanteccomsocialmedia

Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners

For specific country offices and contact numbers

please visit our website

For product information in the US

call toll-free 1 (800) 745 6054

Symantec Corporation World Headquarters

350 Ellis Street

Mountain View CA 94043 USA

+1 (650) 527 8000

1 (800) 721 3934

wwwsymanteccom

Confidence in a connected world

Page 14: Symantec Intelligence Report

p 14

Symantec CorporationSymantec Intelligence Report JANUARY 2014

MO

BILE

p 15

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Mobile

At a Glance

bull 32 percent of mobile malware discovered over the last 12 months tracks users

bull Traditional threats such as back doors and downloaders are present in 14 percent of all mobile malware threats

bull Risks that collect data such as device info and banking details make up 15 percent of all risks

bull Three new mobile malware families were discovered in January along with 139 new variants

32

Track UserRisks that spy on the individual using the device collecting SMS messages or phone call logs tracking GPS coordinates recording phone calls or gathering pictures and video taken with the device

14

Traditional ThreatsThreats that carry out traditional malware functions such as back doors and downloaders

12

AdwareAnnoyanceMobile risks that display advertising or generally perform actions to disrupt the user

15

Send ContentThese risks will send text messages to premium SMS numbers ultimately appearing on the bill of the devicersquos owner Other risks can be used to send spam messages

13

Change SettingsThese types of risks attempt to elevate privileges or simply modify various settings within the operating system

15

Collect DataThis includes the collection of both device- and user-specific data such as device information configuration data or banking details

Mobile Malware by TypeSource Symantec

p 16

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Cumulative Mobile Android MalwareSource Symantec

VARIANTS FAMILIES

40

80

120

160

200

240

280

320

360

400

J2014

DNOSAJJMAMF

1000

2000

3000

4000

5000

6000

7000

8000

9000

10000

FAM

ILIE

S (

CU

MU

LATI

VE)

VAR

IAN

TS (

CU

MU

LATI

VE)

p 17

Symantec CorporationSymantec Intelligence Report JANUARY 2014

VU

LNER

AB

ILITIES

p 18

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Vulnerabilities

At a Glance

bull There were 555 new vulnerabilities discovered in January bringing the total for the last 12 months to 6443 This is a 17 percent increase over the prior twelve month period

bull There were two vulnerabilities in mobile operating systems disclosed during the month of January

bull Googlersquos Chrome browser continues to lead in reporting browser vulnerabilities while Oraclersquos Java leads in reported plug-in vulnerabilities

Total Vulnerabilities Disclosed by MonthSource Symantec

0

100

200

300

400

500

600

700

800

J2014

DNOSAJJMAMF

Plug-in VulnerabilitiesSource Symantec

10

20

30

40

50

60

70

80

Adobe Acrobat ReaderAdobe Flash PlayerApple QuickTimeOracle Sun Java

Browser VulnerabilitiesSource Symantec

10

20

30

40

50

60

Apple SafariGoogle ChromeMicrosoft Internet ExplorerMozilla FirefoxOpera

p 19

Symantec CorporationSymantec Intelligence Report JANUARY 2014

SPAM

PHISH

ING

amp M

ALW

AR

E

p 20

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global spam rate decreased 19 percentage points in January to 621 percent down from 640 percent in December

bull Mining was the most commonly targeted industry at 642 percent followed by Manufacturing at 632 percent

bull The com top-level domain (TLD) was again the most frequently used malicious TLD in January

bull Sex Dating spam is the most common category at 752 percent Pharmaceutical spam came in second at 201 percent

Spam

Top 5 Activity for Spam Destination by GeographySource Symantec

Geography Percent

Sri Lanka 747

Israel 688

Brazil 669

South Africa 653

Kuwait 648

Top 5 Activity for Spam Destination by IndustrySource Symantec

Industry Percent

Mining 642

Manufacturing 632

Agriculture forestry amp fishing 629

Services - Professional 621

Construction 621

p 21

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 10 Sources of SpamSource Symantec

Source Percent of All Spam

Canada 77

Spain 68

Russian Federation 64

United States 59

Finland 56

Italy 50

Argentina 42

India 37

Ukraine 32

Romania 31

Spam URL Distribution Based on Top Level Domain NameSource Symantec

Month com info ru biz

Dec 331 137 132 103

Nov 367 124 not listed 96

Data lags one month

Average Spam Message SizeSource Symantec

Month 0Kb ndash 5Kb 5Kb ndash 10Kb gt10Kb

Dec 284 192 523

Nov 370 247 384

Data lags one month

Spam by CategorySource Symantec

Category Percent

SexDating 752

Pharma 201

Jobs 18

Software 08

Watches 08

Top 5 Activity for Spam Destination by Company SizeSource Symantec

Company Size Percent

1-250 620

251-500 618

501-1000 624

1001-1500 622

1501-2500 620

2501+ 623

p 22

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global phishing rate is down in January comprising one in 1 in 1444 email messages In December this rate was one in 1 in 1053

bull Financial themes continue to be the most frequent subject matter with 675 percent of phishing scams containing this theme

bull The South Africa had the highest rate in January where one in 530 emails was a phishing scam

bull The United States tops the list of sources of phishing emails responsible for distributing 399 percent of phishing scams

bull Public Administration was the most targeted industry in January with one in every 761 emails received in this industry being a phishing scam

Phishing

Top 5 Activity for Phishing Destination by GeographySource Symantec

Geography Rate

South Africa 1 in 540

United Kingdom 1 in 731

Australia 1 in 821

Austria 1 in 1183

New Zealand 1 in 1215

Top 5 Activity for Phishing Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 761

Agriculture forestry amp fishing 1 in 874

Services - Professional 1 in 1189

Transportation communications electric gas amp Sanitary Services

1 in 14572

Construction 1 in 15715

Top 5 Activity for Phishing Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 1122

251-500 1 in 1130

501-1000 1 in 1463

1001-1500 1 in 1563

1501-2500 1 in 1590

2501+ 1 in 1865

Top 10 Sources of PhishingSource Symantec

Source Percent

United States 399

Australia 271

United Kingdom 243

South Africa 24

Netherlands 18

Sweden 15

Singapore 04

Japan 03

United Arab Emirates 03

New Zealand 02

p 23

Symantec CorporationSymantec Intelligence Report JANUARY 2014

363

32

16

07

581Automated Toolkits

Other Unique Domains

IP Address Domains

Free Web Hosting Sites

Typosquatting

Phishing DistributionPhishing Distribution

Phishing DistributionSource Symantec

291

36

09

01

675Financial

Information Services

Retail

Computer Software

Communications

Organizations Spoofedin Phishing AttacksOrganizations Spoofedin Phishing Attacks

Organizations Spoofed in Phishing AttacksSource Symantec

p 24

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Malware

1 in 0

1 in 50

1 in 100

1 in 150

1 in 200

1 in 250

1 in 300

1 in 350

1 in 400

1 in 450

1 in 500J

2014DNOSAJJMAMF

Proportion of Email Traffic in Which Virus Was DetectedSource Symantec

Top 10 Email Virus SourcesSource Symantec

Geography Percent

United States 665

United Kingdom 150

Australia 41

Netherlands 21

France 18

Germany 12

Japan 12

South Africa 11

Canada 09

Hong Kong 07

At a Glance

bull The global average virus rate in January was one in 431 emails compared to one in 164 in December

bull Hungary topped the list of geographies with one in 217 emails containing a virus

bull The United States was the largest source of virus-laden emails making up 665 percent of all email-based viruses

bull Organizations with 250-500 employees were the most targeted company size where one and 383 emails contained a virus

p 25

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 5 Activity for Malware Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 309

Agriculture forestry amp fishing 1 in 332

Services - Professional 1 in 343

Wholesale 1 in 397

Services - Non Traditional 1 in 467

Top 5 Activity for Malware Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 398

251-500 1 in 383

501-1000 1 in 459

1001-1500 1 in 396

1501-2500 1 in 475

2501+ 1 in 459

Top 5 Activity for Malware Destination by Geographic LocationSource Symantec

Geography Rate

Hungary 1 in 217

South Africa 1 in 221

United Kingdom 1 in 287

Hong Kong 1 in 306

Ireland 1 in 344

p 26

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull Variants of W32Ramnit accounted for 94 percent of all malware blocked at the endpoint

bull In comparison 61 percent of all malware were variants of W32Sality

bull Approximately 495 percent of the most frequently blocked malware last month was identified and blocked using generic detection

Endpoint Security

Top 10 Most Frequently Blocked MalwareSource Symantec

Malware Percent

W32SalityAE 54

W32Ramnithtml 38

W32AlmanaheBinf 34

W32DownadupB 34

W32RamnitB 31

TrojanZbot 25

W32RamnitBinf 22

W32SillyFDC 17

W32VirutCF 17

W32SillyFDCBDPlnk 10

p 27

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Policy Based FilteringSource Symantec

Category Percent

Social Networking 517

Advertisement amp Popups 205

Streaming Media 43

Hosting Sites 32

Computing amp Internet 28

Chat 19

Search 15

Gambling 10

News 09

Entertainment 08

Policy Based Filtering

At a Glance

bull The most common trigger for policy-based filtering applied by Symantec Web Security cloud for its business clients was for the ldquoSocial Networkingrdquo category which accounted for 517 percent of blocked Web activity in January

bull ldquoAdvertisement amp Popupsrdquo was the second-most common trigger comprising 205 percent of blocked Web activity

p 28

Symantec CorporationSymantec Intelligence Report JANUARY 2014

About Symantec

More Information

bull Security Response Publications httpwwwsymanteccomsecurity_responsepublications

bull Internet Security Threat Report Resource Page httpwwwsymanteccomthreatreport

bull Symantec Security Response httpwwwsymanteccomsecurity_response

bull Norton Threat Explorer httpusnortoncomsecurity_responsethreatexplorer

bull Norton Cybercrime Index httpusnortoncomcybercrimeindex

Symantec protects the worldrsquos information and is a global leader in security backup and availability solutions Our innovative products and services protect people and information in any environmentmdashfrom the smallest mobile device to the enterprise data center to cloud-based systems Our world-renowned expertise in protecting data identities and interactions gives our customers confidence in a connected world More information is available at wwwsymanteccom or by connecting with Symantec at gosymanteccomsocialmedia

Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners

For specific country offices and contact numbers

please visit our website

For product information in the US

call toll-free 1 (800) 745 6054

Symantec Corporation World Headquarters

350 Ellis Street

Mountain View CA 94043 USA

+1 (650) 527 8000

1 (800) 721 3934

wwwsymanteccom

Confidence in a connected world

Page 15: Symantec Intelligence Report

p 15

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Mobile

At a Glance

bull 32 percent of mobile malware discovered over the last 12 months tracks users

bull Traditional threats such as back doors and downloaders are present in 14 percent of all mobile malware threats

bull Risks that collect data such as device info and banking details make up 15 percent of all risks

bull Three new mobile malware families were discovered in January along with 139 new variants

32

Track UserRisks that spy on the individual using the device collecting SMS messages or phone call logs tracking GPS coordinates recording phone calls or gathering pictures and video taken with the device

14

Traditional ThreatsThreats that carry out traditional malware functions such as back doors and downloaders

12

AdwareAnnoyanceMobile risks that display advertising or generally perform actions to disrupt the user

15

Send ContentThese risks will send text messages to premium SMS numbers ultimately appearing on the bill of the devicersquos owner Other risks can be used to send spam messages

13

Change SettingsThese types of risks attempt to elevate privileges or simply modify various settings within the operating system

15

Collect DataThis includes the collection of both device- and user-specific data such as device information configuration data or banking details

Mobile Malware by TypeSource Symantec

p 16

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Cumulative Mobile Android MalwareSource Symantec

VARIANTS FAMILIES

40

80

120

160

200

240

280

320

360

400

J2014

DNOSAJJMAMF

1000

2000

3000

4000

5000

6000

7000

8000

9000

10000

FAM

ILIE

S (

CU

MU

LATI

VE)

VAR

IAN

TS (

CU

MU

LATI

VE)

p 17

Symantec CorporationSymantec Intelligence Report JANUARY 2014

VU

LNER

AB

ILITIES

p 18

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Vulnerabilities

At a Glance

bull There were 555 new vulnerabilities discovered in January bringing the total for the last 12 months to 6443 This is a 17 percent increase over the prior twelve month period

bull There were two vulnerabilities in mobile operating systems disclosed during the month of January

bull Googlersquos Chrome browser continues to lead in reporting browser vulnerabilities while Oraclersquos Java leads in reported plug-in vulnerabilities

Total Vulnerabilities Disclosed by MonthSource Symantec

0

100

200

300

400

500

600

700

800

J2014

DNOSAJJMAMF

Plug-in VulnerabilitiesSource Symantec

10

20

30

40

50

60

70

80

Adobe Acrobat ReaderAdobe Flash PlayerApple QuickTimeOracle Sun Java

Browser VulnerabilitiesSource Symantec

10

20

30

40

50

60

Apple SafariGoogle ChromeMicrosoft Internet ExplorerMozilla FirefoxOpera

p 19

Symantec CorporationSymantec Intelligence Report JANUARY 2014

SPAM

PHISH

ING

amp M

ALW

AR

E

p 20

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global spam rate decreased 19 percentage points in January to 621 percent down from 640 percent in December

bull Mining was the most commonly targeted industry at 642 percent followed by Manufacturing at 632 percent

bull The com top-level domain (TLD) was again the most frequently used malicious TLD in January

bull Sex Dating spam is the most common category at 752 percent Pharmaceutical spam came in second at 201 percent

Spam

Top 5 Activity for Spam Destination by GeographySource Symantec

Geography Percent

Sri Lanka 747

Israel 688

Brazil 669

South Africa 653

Kuwait 648

Top 5 Activity for Spam Destination by IndustrySource Symantec

Industry Percent

Mining 642

Manufacturing 632

Agriculture forestry amp fishing 629

Services - Professional 621

Construction 621

p 21

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 10 Sources of SpamSource Symantec

Source Percent of All Spam

Canada 77

Spain 68

Russian Federation 64

United States 59

Finland 56

Italy 50

Argentina 42

India 37

Ukraine 32

Romania 31

Spam URL Distribution Based on Top Level Domain NameSource Symantec

Month com info ru biz

Dec 331 137 132 103

Nov 367 124 not listed 96

Data lags one month

Average Spam Message SizeSource Symantec

Month 0Kb ndash 5Kb 5Kb ndash 10Kb gt10Kb

Dec 284 192 523

Nov 370 247 384

Data lags one month

Spam by CategorySource Symantec

Category Percent

SexDating 752

Pharma 201

Jobs 18

Software 08

Watches 08

Top 5 Activity for Spam Destination by Company SizeSource Symantec

Company Size Percent

1-250 620

251-500 618

501-1000 624

1001-1500 622

1501-2500 620

2501+ 623

p 22

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global phishing rate is down in January comprising one in 1 in 1444 email messages In December this rate was one in 1 in 1053

bull Financial themes continue to be the most frequent subject matter with 675 percent of phishing scams containing this theme

bull The South Africa had the highest rate in January where one in 530 emails was a phishing scam

bull The United States tops the list of sources of phishing emails responsible for distributing 399 percent of phishing scams

bull Public Administration was the most targeted industry in January with one in every 761 emails received in this industry being a phishing scam

Phishing

Top 5 Activity for Phishing Destination by GeographySource Symantec

Geography Rate

South Africa 1 in 540

United Kingdom 1 in 731

Australia 1 in 821

Austria 1 in 1183

New Zealand 1 in 1215

Top 5 Activity for Phishing Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 761

Agriculture forestry amp fishing 1 in 874

Services - Professional 1 in 1189

Transportation communications electric gas amp Sanitary Services

1 in 14572

Construction 1 in 15715

Top 5 Activity for Phishing Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 1122

251-500 1 in 1130

501-1000 1 in 1463

1001-1500 1 in 1563

1501-2500 1 in 1590

2501+ 1 in 1865

Top 10 Sources of PhishingSource Symantec

Source Percent

United States 399

Australia 271

United Kingdom 243

South Africa 24

Netherlands 18

Sweden 15

Singapore 04

Japan 03

United Arab Emirates 03

New Zealand 02

p 23

Symantec CorporationSymantec Intelligence Report JANUARY 2014

363

32

16

07

581Automated Toolkits

Other Unique Domains

IP Address Domains

Free Web Hosting Sites

Typosquatting

Phishing DistributionPhishing Distribution

Phishing DistributionSource Symantec

291

36

09

01

675Financial

Information Services

Retail

Computer Software

Communications

Organizations Spoofedin Phishing AttacksOrganizations Spoofedin Phishing Attacks

Organizations Spoofed in Phishing AttacksSource Symantec

p 24

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Malware

1 in 0

1 in 50

1 in 100

1 in 150

1 in 200

1 in 250

1 in 300

1 in 350

1 in 400

1 in 450

1 in 500J

2014DNOSAJJMAMF

Proportion of Email Traffic in Which Virus Was DetectedSource Symantec

Top 10 Email Virus SourcesSource Symantec

Geography Percent

United States 665

United Kingdom 150

Australia 41

Netherlands 21

France 18

Germany 12

Japan 12

South Africa 11

Canada 09

Hong Kong 07

At a Glance

bull The global average virus rate in January was one in 431 emails compared to one in 164 in December

bull Hungary topped the list of geographies with one in 217 emails containing a virus

bull The United States was the largest source of virus-laden emails making up 665 percent of all email-based viruses

bull Organizations with 250-500 employees were the most targeted company size where one and 383 emails contained a virus

p 25

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 5 Activity for Malware Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 309

Agriculture forestry amp fishing 1 in 332

Services - Professional 1 in 343

Wholesale 1 in 397

Services - Non Traditional 1 in 467

Top 5 Activity for Malware Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 398

251-500 1 in 383

501-1000 1 in 459

1001-1500 1 in 396

1501-2500 1 in 475

2501+ 1 in 459

Top 5 Activity for Malware Destination by Geographic LocationSource Symantec

Geography Rate

Hungary 1 in 217

South Africa 1 in 221

United Kingdom 1 in 287

Hong Kong 1 in 306

Ireland 1 in 344

p 26

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull Variants of W32Ramnit accounted for 94 percent of all malware blocked at the endpoint

bull In comparison 61 percent of all malware were variants of W32Sality

bull Approximately 495 percent of the most frequently blocked malware last month was identified and blocked using generic detection

Endpoint Security

Top 10 Most Frequently Blocked MalwareSource Symantec

Malware Percent

W32SalityAE 54

W32Ramnithtml 38

W32AlmanaheBinf 34

W32DownadupB 34

W32RamnitB 31

TrojanZbot 25

W32RamnitBinf 22

W32SillyFDC 17

W32VirutCF 17

W32SillyFDCBDPlnk 10

p 27

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Policy Based FilteringSource Symantec

Category Percent

Social Networking 517

Advertisement amp Popups 205

Streaming Media 43

Hosting Sites 32

Computing amp Internet 28

Chat 19

Search 15

Gambling 10

News 09

Entertainment 08

Policy Based Filtering

At a Glance

bull The most common trigger for policy-based filtering applied by Symantec Web Security cloud for its business clients was for the ldquoSocial Networkingrdquo category which accounted for 517 percent of blocked Web activity in January

bull ldquoAdvertisement amp Popupsrdquo was the second-most common trigger comprising 205 percent of blocked Web activity

p 28

Symantec CorporationSymantec Intelligence Report JANUARY 2014

About Symantec

More Information

bull Security Response Publications httpwwwsymanteccomsecurity_responsepublications

bull Internet Security Threat Report Resource Page httpwwwsymanteccomthreatreport

bull Symantec Security Response httpwwwsymanteccomsecurity_response

bull Norton Threat Explorer httpusnortoncomsecurity_responsethreatexplorer

bull Norton Cybercrime Index httpusnortoncomcybercrimeindex

Symantec protects the worldrsquos information and is a global leader in security backup and availability solutions Our innovative products and services protect people and information in any environmentmdashfrom the smallest mobile device to the enterprise data center to cloud-based systems Our world-renowned expertise in protecting data identities and interactions gives our customers confidence in a connected world More information is available at wwwsymanteccom or by connecting with Symantec at gosymanteccomsocialmedia

Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners

For specific country offices and contact numbers

please visit our website

For product information in the US

call toll-free 1 (800) 745 6054

Symantec Corporation World Headquarters

350 Ellis Street

Mountain View CA 94043 USA

+1 (650) 527 8000

1 (800) 721 3934

wwwsymanteccom

Confidence in a connected world

Page 16: Symantec Intelligence Report

p 16

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Cumulative Mobile Android MalwareSource Symantec

VARIANTS FAMILIES

40

80

120

160

200

240

280

320

360

400

J2014

DNOSAJJMAMF

1000

2000

3000

4000

5000

6000

7000

8000

9000

10000

FAM

ILIE

S (

CU

MU

LATI

VE)

VAR

IAN

TS (

CU

MU

LATI

VE)

p 17

Symantec CorporationSymantec Intelligence Report JANUARY 2014

VU

LNER

AB

ILITIES

p 18

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Vulnerabilities

At a Glance

bull There were 555 new vulnerabilities discovered in January bringing the total for the last 12 months to 6443 This is a 17 percent increase over the prior twelve month period

bull There were two vulnerabilities in mobile operating systems disclosed during the month of January

bull Googlersquos Chrome browser continues to lead in reporting browser vulnerabilities while Oraclersquos Java leads in reported plug-in vulnerabilities

Total Vulnerabilities Disclosed by MonthSource Symantec

0

100

200

300

400

500

600

700

800

J2014

DNOSAJJMAMF

Plug-in VulnerabilitiesSource Symantec

10

20

30

40

50

60

70

80

Adobe Acrobat ReaderAdobe Flash PlayerApple QuickTimeOracle Sun Java

Browser VulnerabilitiesSource Symantec

10

20

30

40

50

60

Apple SafariGoogle ChromeMicrosoft Internet ExplorerMozilla FirefoxOpera

p 19

Symantec CorporationSymantec Intelligence Report JANUARY 2014

SPAM

PHISH

ING

amp M

ALW

AR

E

p 20

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global spam rate decreased 19 percentage points in January to 621 percent down from 640 percent in December

bull Mining was the most commonly targeted industry at 642 percent followed by Manufacturing at 632 percent

bull The com top-level domain (TLD) was again the most frequently used malicious TLD in January

bull Sex Dating spam is the most common category at 752 percent Pharmaceutical spam came in second at 201 percent

Spam

Top 5 Activity for Spam Destination by GeographySource Symantec

Geography Percent

Sri Lanka 747

Israel 688

Brazil 669

South Africa 653

Kuwait 648

Top 5 Activity for Spam Destination by IndustrySource Symantec

Industry Percent

Mining 642

Manufacturing 632

Agriculture forestry amp fishing 629

Services - Professional 621

Construction 621

p 21

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 10 Sources of SpamSource Symantec

Source Percent of All Spam

Canada 77

Spain 68

Russian Federation 64

United States 59

Finland 56

Italy 50

Argentina 42

India 37

Ukraine 32

Romania 31

Spam URL Distribution Based on Top Level Domain NameSource Symantec

Month com info ru biz

Dec 331 137 132 103

Nov 367 124 not listed 96

Data lags one month

Average Spam Message SizeSource Symantec

Month 0Kb ndash 5Kb 5Kb ndash 10Kb gt10Kb

Dec 284 192 523

Nov 370 247 384

Data lags one month

Spam by CategorySource Symantec

Category Percent

SexDating 752

Pharma 201

Jobs 18

Software 08

Watches 08

Top 5 Activity for Spam Destination by Company SizeSource Symantec

Company Size Percent

1-250 620

251-500 618

501-1000 624

1001-1500 622

1501-2500 620

2501+ 623

p 22

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global phishing rate is down in January comprising one in 1 in 1444 email messages In December this rate was one in 1 in 1053

bull Financial themes continue to be the most frequent subject matter with 675 percent of phishing scams containing this theme

bull The South Africa had the highest rate in January where one in 530 emails was a phishing scam

bull The United States tops the list of sources of phishing emails responsible for distributing 399 percent of phishing scams

bull Public Administration was the most targeted industry in January with one in every 761 emails received in this industry being a phishing scam

Phishing

Top 5 Activity for Phishing Destination by GeographySource Symantec

Geography Rate

South Africa 1 in 540

United Kingdom 1 in 731

Australia 1 in 821

Austria 1 in 1183

New Zealand 1 in 1215

Top 5 Activity for Phishing Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 761

Agriculture forestry amp fishing 1 in 874

Services - Professional 1 in 1189

Transportation communications electric gas amp Sanitary Services

1 in 14572

Construction 1 in 15715

Top 5 Activity for Phishing Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 1122

251-500 1 in 1130

501-1000 1 in 1463

1001-1500 1 in 1563

1501-2500 1 in 1590

2501+ 1 in 1865

Top 10 Sources of PhishingSource Symantec

Source Percent

United States 399

Australia 271

United Kingdom 243

South Africa 24

Netherlands 18

Sweden 15

Singapore 04

Japan 03

United Arab Emirates 03

New Zealand 02

p 23

Symantec CorporationSymantec Intelligence Report JANUARY 2014

363

32

16

07

581Automated Toolkits

Other Unique Domains

IP Address Domains

Free Web Hosting Sites

Typosquatting

Phishing DistributionPhishing Distribution

Phishing DistributionSource Symantec

291

36

09

01

675Financial

Information Services

Retail

Computer Software

Communications

Organizations Spoofedin Phishing AttacksOrganizations Spoofedin Phishing Attacks

Organizations Spoofed in Phishing AttacksSource Symantec

p 24

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Malware

1 in 0

1 in 50

1 in 100

1 in 150

1 in 200

1 in 250

1 in 300

1 in 350

1 in 400

1 in 450

1 in 500J

2014DNOSAJJMAMF

Proportion of Email Traffic in Which Virus Was DetectedSource Symantec

Top 10 Email Virus SourcesSource Symantec

Geography Percent

United States 665

United Kingdom 150

Australia 41

Netherlands 21

France 18

Germany 12

Japan 12

South Africa 11

Canada 09

Hong Kong 07

At a Glance

bull The global average virus rate in January was one in 431 emails compared to one in 164 in December

bull Hungary topped the list of geographies with one in 217 emails containing a virus

bull The United States was the largest source of virus-laden emails making up 665 percent of all email-based viruses

bull Organizations with 250-500 employees were the most targeted company size where one and 383 emails contained a virus

p 25

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 5 Activity for Malware Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 309

Agriculture forestry amp fishing 1 in 332

Services - Professional 1 in 343

Wholesale 1 in 397

Services - Non Traditional 1 in 467

Top 5 Activity for Malware Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 398

251-500 1 in 383

501-1000 1 in 459

1001-1500 1 in 396

1501-2500 1 in 475

2501+ 1 in 459

Top 5 Activity for Malware Destination by Geographic LocationSource Symantec

Geography Rate

Hungary 1 in 217

South Africa 1 in 221

United Kingdom 1 in 287

Hong Kong 1 in 306

Ireland 1 in 344

p 26

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull Variants of W32Ramnit accounted for 94 percent of all malware blocked at the endpoint

bull In comparison 61 percent of all malware were variants of W32Sality

bull Approximately 495 percent of the most frequently blocked malware last month was identified and blocked using generic detection

Endpoint Security

Top 10 Most Frequently Blocked MalwareSource Symantec

Malware Percent

W32SalityAE 54

W32Ramnithtml 38

W32AlmanaheBinf 34

W32DownadupB 34

W32RamnitB 31

TrojanZbot 25

W32RamnitBinf 22

W32SillyFDC 17

W32VirutCF 17

W32SillyFDCBDPlnk 10

p 27

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Policy Based FilteringSource Symantec

Category Percent

Social Networking 517

Advertisement amp Popups 205

Streaming Media 43

Hosting Sites 32

Computing amp Internet 28

Chat 19

Search 15

Gambling 10

News 09

Entertainment 08

Policy Based Filtering

At a Glance

bull The most common trigger for policy-based filtering applied by Symantec Web Security cloud for its business clients was for the ldquoSocial Networkingrdquo category which accounted for 517 percent of blocked Web activity in January

bull ldquoAdvertisement amp Popupsrdquo was the second-most common trigger comprising 205 percent of blocked Web activity

p 28

Symantec CorporationSymantec Intelligence Report JANUARY 2014

About Symantec

More Information

bull Security Response Publications httpwwwsymanteccomsecurity_responsepublications

bull Internet Security Threat Report Resource Page httpwwwsymanteccomthreatreport

bull Symantec Security Response httpwwwsymanteccomsecurity_response

bull Norton Threat Explorer httpusnortoncomsecurity_responsethreatexplorer

bull Norton Cybercrime Index httpusnortoncomcybercrimeindex

Symantec protects the worldrsquos information and is a global leader in security backup and availability solutions Our innovative products and services protect people and information in any environmentmdashfrom the smallest mobile device to the enterprise data center to cloud-based systems Our world-renowned expertise in protecting data identities and interactions gives our customers confidence in a connected world More information is available at wwwsymanteccom or by connecting with Symantec at gosymanteccomsocialmedia

Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners

For specific country offices and contact numbers

please visit our website

For product information in the US

call toll-free 1 (800) 745 6054

Symantec Corporation World Headquarters

350 Ellis Street

Mountain View CA 94043 USA

+1 (650) 527 8000

1 (800) 721 3934

wwwsymanteccom

Confidence in a connected world

Page 17: Symantec Intelligence Report

p 17

Symantec CorporationSymantec Intelligence Report JANUARY 2014

VU

LNER

AB

ILITIES

p 18

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Vulnerabilities

At a Glance

bull There were 555 new vulnerabilities discovered in January bringing the total for the last 12 months to 6443 This is a 17 percent increase over the prior twelve month period

bull There were two vulnerabilities in mobile operating systems disclosed during the month of January

bull Googlersquos Chrome browser continues to lead in reporting browser vulnerabilities while Oraclersquos Java leads in reported plug-in vulnerabilities

Total Vulnerabilities Disclosed by MonthSource Symantec

0

100

200

300

400

500

600

700

800

J2014

DNOSAJJMAMF

Plug-in VulnerabilitiesSource Symantec

10

20

30

40

50

60

70

80

Adobe Acrobat ReaderAdobe Flash PlayerApple QuickTimeOracle Sun Java

Browser VulnerabilitiesSource Symantec

10

20

30

40

50

60

Apple SafariGoogle ChromeMicrosoft Internet ExplorerMozilla FirefoxOpera

p 19

Symantec CorporationSymantec Intelligence Report JANUARY 2014

SPAM

PHISH

ING

amp M

ALW

AR

E

p 20

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global spam rate decreased 19 percentage points in January to 621 percent down from 640 percent in December

bull Mining was the most commonly targeted industry at 642 percent followed by Manufacturing at 632 percent

bull The com top-level domain (TLD) was again the most frequently used malicious TLD in January

bull Sex Dating spam is the most common category at 752 percent Pharmaceutical spam came in second at 201 percent

Spam

Top 5 Activity for Spam Destination by GeographySource Symantec

Geography Percent

Sri Lanka 747

Israel 688

Brazil 669

South Africa 653

Kuwait 648

Top 5 Activity for Spam Destination by IndustrySource Symantec

Industry Percent

Mining 642

Manufacturing 632

Agriculture forestry amp fishing 629

Services - Professional 621

Construction 621

p 21

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 10 Sources of SpamSource Symantec

Source Percent of All Spam

Canada 77

Spain 68

Russian Federation 64

United States 59

Finland 56

Italy 50

Argentina 42

India 37

Ukraine 32

Romania 31

Spam URL Distribution Based on Top Level Domain NameSource Symantec

Month com info ru biz

Dec 331 137 132 103

Nov 367 124 not listed 96

Data lags one month

Average Spam Message SizeSource Symantec

Month 0Kb ndash 5Kb 5Kb ndash 10Kb gt10Kb

Dec 284 192 523

Nov 370 247 384

Data lags one month

Spam by CategorySource Symantec

Category Percent

SexDating 752

Pharma 201

Jobs 18

Software 08

Watches 08

Top 5 Activity for Spam Destination by Company SizeSource Symantec

Company Size Percent

1-250 620

251-500 618

501-1000 624

1001-1500 622

1501-2500 620

2501+ 623

p 22

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global phishing rate is down in January comprising one in 1 in 1444 email messages In December this rate was one in 1 in 1053

bull Financial themes continue to be the most frequent subject matter with 675 percent of phishing scams containing this theme

bull The South Africa had the highest rate in January where one in 530 emails was a phishing scam

bull The United States tops the list of sources of phishing emails responsible for distributing 399 percent of phishing scams

bull Public Administration was the most targeted industry in January with one in every 761 emails received in this industry being a phishing scam

Phishing

Top 5 Activity for Phishing Destination by GeographySource Symantec

Geography Rate

South Africa 1 in 540

United Kingdom 1 in 731

Australia 1 in 821

Austria 1 in 1183

New Zealand 1 in 1215

Top 5 Activity for Phishing Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 761

Agriculture forestry amp fishing 1 in 874

Services - Professional 1 in 1189

Transportation communications electric gas amp Sanitary Services

1 in 14572

Construction 1 in 15715

Top 5 Activity for Phishing Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 1122

251-500 1 in 1130

501-1000 1 in 1463

1001-1500 1 in 1563

1501-2500 1 in 1590

2501+ 1 in 1865

Top 10 Sources of PhishingSource Symantec

Source Percent

United States 399

Australia 271

United Kingdom 243

South Africa 24

Netherlands 18

Sweden 15

Singapore 04

Japan 03

United Arab Emirates 03

New Zealand 02

p 23

Symantec CorporationSymantec Intelligence Report JANUARY 2014

363

32

16

07

581Automated Toolkits

Other Unique Domains

IP Address Domains

Free Web Hosting Sites

Typosquatting

Phishing DistributionPhishing Distribution

Phishing DistributionSource Symantec

291

36

09

01

675Financial

Information Services

Retail

Computer Software

Communications

Organizations Spoofedin Phishing AttacksOrganizations Spoofedin Phishing Attacks

Organizations Spoofed in Phishing AttacksSource Symantec

p 24

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Malware

1 in 0

1 in 50

1 in 100

1 in 150

1 in 200

1 in 250

1 in 300

1 in 350

1 in 400

1 in 450

1 in 500J

2014DNOSAJJMAMF

Proportion of Email Traffic in Which Virus Was DetectedSource Symantec

Top 10 Email Virus SourcesSource Symantec

Geography Percent

United States 665

United Kingdom 150

Australia 41

Netherlands 21

France 18

Germany 12

Japan 12

South Africa 11

Canada 09

Hong Kong 07

At a Glance

bull The global average virus rate in January was one in 431 emails compared to one in 164 in December

bull Hungary topped the list of geographies with one in 217 emails containing a virus

bull The United States was the largest source of virus-laden emails making up 665 percent of all email-based viruses

bull Organizations with 250-500 employees were the most targeted company size where one and 383 emails contained a virus

p 25

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 5 Activity for Malware Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 309

Agriculture forestry amp fishing 1 in 332

Services - Professional 1 in 343

Wholesale 1 in 397

Services - Non Traditional 1 in 467

Top 5 Activity for Malware Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 398

251-500 1 in 383

501-1000 1 in 459

1001-1500 1 in 396

1501-2500 1 in 475

2501+ 1 in 459

Top 5 Activity for Malware Destination by Geographic LocationSource Symantec

Geography Rate

Hungary 1 in 217

South Africa 1 in 221

United Kingdom 1 in 287

Hong Kong 1 in 306

Ireland 1 in 344

p 26

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull Variants of W32Ramnit accounted for 94 percent of all malware blocked at the endpoint

bull In comparison 61 percent of all malware were variants of W32Sality

bull Approximately 495 percent of the most frequently blocked malware last month was identified and blocked using generic detection

Endpoint Security

Top 10 Most Frequently Blocked MalwareSource Symantec

Malware Percent

W32SalityAE 54

W32Ramnithtml 38

W32AlmanaheBinf 34

W32DownadupB 34

W32RamnitB 31

TrojanZbot 25

W32RamnitBinf 22

W32SillyFDC 17

W32VirutCF 17

W32SillyFDCBDPlnk 10

p 27

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Policy Based FilteringSource Symantec

Category Percent

Social Networking 517

Advertisement amp Popups 205

Streaming Media 43

Hosting Sites 32

Computing amp Internet 28

Chat 19

Search 15

Gambling 10

News 09

Entertainment 08

Policy Based Filtering

At a Glance

bull The most common trigger for policy-based filtering applied by Symantec Web Security cloud for its business clients was for the ldquoSocial Networkingrdquo category which accounted for 517 percent of blocked Web activity in January

bull ldquoAdvertisement amp Popupsrdquo was the second-most common trigger comprising 205 percent of blocked Web activity

p 28

Symantec CorporationSymantec Intelligence Report JANUARY 2014

About Symantec

More Information

bull Security Response Publications httpwwwsymanteccomsecurity_responsepublications

bull Internet Security Threat Report Resource Page httpwwwsymanteccomthreatreport

bull Symantec Security Response httpwwwsymanteccomsecurity_response

bull Norton Threat Explorer httpusnortoncomsecurity_responsethreatexplorer

bull Norton Cybercrime Index httpusnortoncomcybercrimeindex

Symantec protects the worldrsquos information and is a global leader in security backup and availability solutions Our innovative products and services protect people and information in any environmentmdashfrom the smallest mobile device to the enterprise data center to cloud-based systems Our world-renowned expertise in protecting data identities and interactions gives our customers confidence in a connected world More information is available at wwwsymanteccom or by connecting with Symantec at gosymanteccomsocialmedia

Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners

For specific country offices and contact numbers

please visit our website

For product information in the US

call toll-free 1 (800) 745 6054

Symantec Corporation World Headquarters

350 Ellis Street

Mountain View CA 94043 USA

+1 (650) 527 8000

1 (800) 721 3934

wwwsymanteccom

Confidence in a connected world

Page 18: Symantec Intelligence Report

p 18

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Vulnerabilities

At a Glance

bull There were 555 new vulnerabilities discovered in January bringing the total for the last 12 months to 6443 This is a 17 percent increase over the prior twelve month period

bull There were two vulnerabilities in mobile operating systems disclosed during the month of January

bull Googlersquos Chrome browser continues to lead in reporting browser vulnerabilities while Oraclersquos Java leads in reported plug-in vulnerabilities

Total Vulnerabilities Disclosed by MonthSource Symantec

0

100

200

300

400

500

600

700

800

J2014

DNOSAJJMAMF

Plug-in VulnerabilitiesSource Symantec

10

20

30

40

50

60

70

80

Adobe Acrobat ReaderAdobe Flash PlayerApple QuickTimeOracle Sun Java

Browser VulnerabilitiesSource Symantec

10

20

30

40

50

60

Apple SafariGoogle ChromeMicrosoft Internet ExplorerMozilla FirefoxOpera

p 19

Symantec CorporationSymantec Intelligence Report JANUARY 2014

SPAM

PHISH

ING

amp M

ALW

AR

E

p 20

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global spam rate decreased 19 percentage points in January to 621 percent down from 640 percent in December

bull Mining was the most commonly targeted industry at 642 percent followed by Manufacturing at 632 percent

bull The com top-level domain (TLD) was again the most frequently used malicious TLD in January

bull Sex Dating spam is the most common category at 752 percent Pharmaceutical spam came in second at 201 percent

Spam

Top 5 Activity for Spam Destination by GeographySource Symantec

Geography Percent

Sri Lanka 747

Israel 688

Brazil 669

South Africa 653

Kuwait 648

Top 5 Activity for Spam Destination by IndustrySource Symantec

Industry Percent

Mining 642

Manufacturing 632

Agriculture forestry amp fishing 629

Services - Professional 621

Construction 621

p 21

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 10 Sources of SpamSource Symantec

Source Percent of All Spam

Canada 77

Spain 68

Russian Federation 64

United States 59

Finland 56

Italy 50

Argentina 42

India 37

Ukraine 32

Romania 31

Spam URL Distribution Based on Top Level Domain NameSource Symantec

Month com info ru biz

Dec 331 137 132 103

Nov 367 124 not listed 96

Data lags one month

Average Spam Message SizeSource Symantec

Month 0Kb ndash 5Kb 5Kb ndash 10Kb gt10Kb

Dec 284 192 523

Nov 370 247 384

Data lags one month

Spam by CategorySource Symantec

Category Percent

SexDating 752

Pharma 201

Jobs 18

Software 08

Watches 08

Top 5 Activity for Spam Destination by Company SizeSource Symantec

Company Size Percent

1-250 620

251-500 618

501-1000 624

1001-1500 622

1501-2500 620

2501+ 623

p 22

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global phishing rate is down in January comprising one in 1 in 1444 email messages In December this rate was one in 1 in 1053

bull Financial themes continue to be the most frequent subject matter with 675 percent of phishing scams containing this theme

bull The South Africa had the highest rate in January where one in 530 emails was a phishing scam

bull The United States tops the list of sources of phishing emails responsible for distributing 399 percent of phishing scams

bull Public Administration was the most targeted industry in January with one in every 761 emails received in this industry being a phishing scam

Phishing

Top 5 Activity for Phishing Destination by GeographySource Symantec

Geography Rate

South Africa 1 in 540

United Kingdom 1 in 731

Australia 1 in 821

Austria 1 in 1183

New Zealand 1 in 1215

Top 5 Activity for Phishing Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 761

Agriculture forestry amp fishing 1 in 874

Services - Professional 1 in 1189

Transportation communications electric gas amp Sanitary Services

1 in 14572

Construction 1 in 15715

Top 5 Activity for Phishing Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 1122

251-500 1 in 1130

501-1000 1 in 1463

1001-1500 1 in 1563

1501-2500 1 in 1590

2501+ 1 in 1865

Top 10 Sources of PhishingSource Symantec

Source Percent

United States 399

Australia 271

United Kingdom 243

South Africa 24

Netherlands 18

Sweden 15

Singapore 04

Japan 03

United Arab Emirates 03

New Zealand 02

p 23

Symantec CorporationSymantec Intelligence Report JANUARY 2014

363

32

16

07

581Automated Toolkits

Other Unique Domains

IP Address Domains

Free Web Hosting Sites

Typosquatting

Phishing DistributionPhishing Distribution

Phishing DistributionSource Symantec

291

36

09

01

675Financial

Information Services

Retail

Computer Software

Communications

Organizations Spoofedin Phishing AttacksOrganizations Spoofedin Phishing Attacks

Organizations Spoofed in Phishing AttacksSource Symantec

p 24

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Malware

1 in 0

1 in 50

1 in 100

1 in 150

1 in 200

1 in 250

1 in 300

1 in 350

1 in 400

1 in 450

1 in 500J

2014DNOSAJJMAMF

Proportion of Email Traffic in Which Virus Was DetectedSource Symantec

Top 10 Email Virus SourcesSource Symantec

Geography Percent

United States 665

United Kingdom 150

Australia 41

Netherlands 21

France 18

Germany 12

Japan 12

South Africa 11

Canada 09

Hong Kong 07

At a Glance

bull The global average virus rate in January was one in 431 emails compared to one in 164 in December

bull Hungary topped the list of geographies with one in 217 emails containing a virus

bull The United States was the largest source of virus-laden emails making up 665 percent of all email-based viruses

bull Organizations with 250-500 employees were the most targeted company size where one and 383 emails contained a virus

p 25

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 5 Activity for Malware Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 309

Agriculture forestry amp fishing 1 in 332

Services - Professional 1 in 343

Wholesale 1 in 397

Services - Non Traditional 1 in 467

Top 5 Activity for Malware Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 398

251-500 1 in 383

501-1000 1 in 459

1001-1500 1 in 396

1501-2500 1 in 475

2501+ 1 in 459

Top 5 Activity for Malware Destination by Geographic LocationSource Symantec

Geography Rate

Hungary 1 in 217

South Africa 1 in 221

United Kingdom 1 in 287

Hong Kong 1 in 306

Ireland 1 in 344

p 26

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull Variants of W32Ramnit accounted for 94 percent of all malware blocked at the endpoint

bull In comparison 61 percent of all malware were variants of W32Sality

bull Approximately 495 percent of the most frequently blocked malware last month was identified and blocked using generic detection

Endpoint Security

Top 10 Most Frequently Blocked MalwareSource Symantec

Malware Percent

W32SalityAE 54

W32Ramnithtml 38

W32AlmanaheBinf 34

W32DownadupB 34

W32RamnitB 31

TrojanZbot 25

W32RamnitBinf 22

W32SillyFDC 17

W32VirutCF 17

W32SillyFDCBDPlnk 10

p 27

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Policy Based FilteringSource Symantec

Category Percent

Social Networking 517

Advertisement amp Popups 205

Streaming Media 43

Hosting Sites 32

Computing amp Internet 28

Chat 19

Search 15

Gambling 10

News 09

Entertainment 08

Policy Based Filtering

At a Glance

bull The most common trigger for policy-based filtering applied by Symantec Web Security cloud for its business clients was for the ldquoSocial Networkingrdquo category which accounted for 517 percent of blocked Web activity in January

bull ldquoAdvertisement amp Popupsrdquo was the second-most common trigger comprising 205 percent of blocked Web activity

p 28

Symantec CorporationSymantec Intelligence Report JANUARY 2014

About Symantec

More Information

bull Security Response Publications httpwwwsymanteccomsecurity_responsepublications

bull Internet Security Threat Report Resource Page httpwwwsymanteccomthreatreport

bull Symantec Security Response httpwwwsymanteccomsecurity_response

bull Norton Threat Explorer httpusnortoncomsecurity_responsethreatexplorer

bull Norton Cybercrime Index httpusnortoncomcybercrimeindex

Symantec protects the worldrsquos information and is a global leader in security backup and availability solutions Our innovative products and services protect people and information in any environmentmdashfrom the smallest mobile device to the enterprise data center to cloud-based systems Our world-renowned expertise in protecting data identities and interactions gives our customers confidence in a connected world More information is available at wwwsymanteccom or by connecting with Symantec at gosymanteccomsocialmedia

Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners

For specific country offices and contact numbers

please visit our website

For product information in the US

call toll-free 1 (800) 745 6054

Symantec Corporation World Headquarters

350 Ellis Street

Mountain View CA 94043 USA

+1 (650) 527 8000

1 (800) 721 3934

wwwsymanteccom

Confidence in a connected world

Page 19: Symantec Intelligence Report

p 19

Symantec CorporationSymantec Intelligence Report JANUARY 2014

SPAM

PHISH

ING

amp M

ALW

AR

E

p 20

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global spam rate decreased 19 percentage points in January to 621 percent down from 640 percent in December

bull Mining was the most commonly targeted industry at 642 percent followed by Manufacturing at 632 percent

bull The com top-level domain (TLD) was again the most frequently used malicious TLD in January

bull Sex Dating spam is the most common category at 752 percent Pharmaceutical spam came in second at 201 percent

Spam

Top 5 Activity for Spam Destination by GeographySource Symantec

Geography Percent

Sri Lanka 747

Israel 688

Brazil 669

South Africa 653

Kuwait 648

Top 5 Activity for Spam Destination by IndustrySource Symantec

Industry Percent

Mining 642

Manufacturing 632

Agriculture forestry amp fishing 629

Services - Professional 621

Construction 621

p 21

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 10 Sources of SpamSource Symantec

Source Percent of All Spam

Canada 77

Spain 68

Russian Federation 64

United States 59

Finland 56

Italy 50

Argentina 42

India 37

Ukraine 32

Romania 31

Spam URL Distribution Based on Top Level Domain NameSource Symantec

Month com info ru biz

Dec 331 137 132 103

Nov 367 124 not listed 96

Data lags one month

Average Spam Message SizeSource Symantec

Month 0Kb ndash 5Kb 5Kb ndash 10Kb gt10Kb

Dec 284 192 523

Nov 370 247 384

Data lags one month

Spam by CategorySource Symantec

Category Percent

SexDating 752

Pharma 201

Jobs 18

Software 08

Watches 08

Top 5 Activity for Spam Destination by Company SizeSource Symantec

Company Size Percent

1-250 620

251-500 618

501-1000 624

1001-1500 622

1501-2500 620

2501+ 623

p 22

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global phishing rate is down in January comprising one in 1 in 1444 email messages In December this rate was one in 1 in 1053

bull Financial themes continue to be the most frequent subject matter with 675 percent of phishing scams containing this theme

bull The South Africa had the highest rate in January where one in 530 emails was a phishing scam

bull The United States tops the list of sources of phishing emails responsible for distributing 399 percent of phishing scams

bull Public Administration was the most targeted industry in January with one in every 761 emails received in this industry being a phishing scam

Phishing

Top 5 Activity for Phishing Destination by GeographySource Symantec

Geography Rate

South Africa 1 in 540

United Kingdom 1 in 731

Australia 1 in 821

Austria 1 in 1183

New Zealand 1 in 1215

Top 5 Activity for Phishing Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 761

Agriculture forestry amp fishing 1 in 874

Services - Professional 1 in 1189

Transportation communications electric gas amp Sanitary Services

1 in 14572

Construction 1 in 15715

Top 5 Activity for Phishing Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 1122

251-500 1 in 1130

501-1000 1 in 1463

1001-1500 1 in 1563

1501-2500 1 in 1590

2501+ 1 in 1865

Top 10 Sources of PhishingSource Symantec

Source Percent

United States 399

Australia 271

United Kingdom 243

South Africa 24

Netherlands 18

Sweden 15

Singapore 04

Japan 03

United Arab Emirates 03

New Zealand 02

p 23

Symantec CorporationSymantec Intelligence Report JANUARY 2014

363

32

16

07

581Automated Toolkits

Other Unique Domains

IP Address Domains

Free Web Hosting Sites

Typosquatting

Phishing DistributionPhishing Distribution

Phishing DistributionSource Symantec

291

36

09

01

675Financial

Information Services

Retail

Computer Software

Communications

Organizations Spoofedin Phishing AttacksOrganizations Spoofedin Phishing Attacks

Organizations Spoofed in Phishing AttacksSource Symantec

p 24

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Malware

1 in 0

1 in 50

1 in 100

1 in 150

1 in 200

1 in 250

1 in 300

1 in 350

1 in 400

1 in 450

1 in 500J

2014DNOSAJJMAMF

Proportion of Email Traffic in Which Virus Was DetectedSource Symantec

Top 10 Email Virus SourcesSource Symantec

Geography Percent

United States 665

United Kingdom 150

Australia 41

Netherlands 21

France 18

Germany 12

Japan 12

South Africa 11

Canada 09

Hong Kong 07

At a Glance

bull The global average virus rate in January was one in 431 emails compared to one in 164 in December

bull Hungary topped the list of geographies with one in 217 emails containing a virus

bull The United States was the largest source of virus-laden emails making up 665 percent of all email-based viruses

bull Organizations with 250-500 employees were the most targeted company size where one and 383 emails contained a virus

p 25

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 5 Activity for Malware Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 309

Agriculture forestry amp fishing 1 in 332

Services - Professional 1 in 343

Wholesale 1 in 397

Services - Non Traditional 1 in 467

Top 5 Activity for Malware Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 398

251-500 1 in 383

501-1000 1 in 459

1001-1500 1 in 396

1501-2500 1 in 475

2501+ 1 in 459

Top 5 Activity for Malware Destination by Geographic LocationSource Symantec

Geography Rate

Hungary 1 in 217

South Africa 1 in 221

United Kingdom 1 in 287

Hong Kong 1 in 306

Ireland 1 in 344

p 26

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull Variants of W32Ramnit accounted for 94 percent of all malware blocked at the endpoint

bull In comparison 61 percent of all malware were variants of W32Sality

bull Approximately 495 percent of the most frequently blocked malware last month was identified and blocked using generic detection

Endpoint Security

Top 10 Most Frequently Blocked MalwareSource Symantec

Malware Percent

W32SalityAE 54

W32Ramnithtml 38

W32AlmanaheBinf 34

W32DownadupB 34

W32RamnitB 31

TrojanZbot 25

W32RamnitBinf 22

W32SillyFDC 17

W32VirutCF 17

W32SillyFDCBDPlnk 10

p 27

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Policy Based FilteringSource Symantec

Category Percent

Social Networking 517

Advertisement amp Popups 205

Streaming Media 43

Hosting Sites 32

Computing amp Internet 28

Chat 19

Search 15

Gambling 10

News 09

Entertainment 08

Policy Based Filtering

At a Glance

bull The most common trigger for policy-based filtering applied by Symantec Web Security cloud for its business clients was for the ldquoSocial Networkingrdquo category which accounted for 517 percent of blocked Web activity in January

bull ldquoAdvertisement amp Popupsrdquo was the second-most common trigger comprising 205 percent of blocked Web activity

p 28

Symantec CorporationSymantec Intelligence Report JANUARY 2014

About Symantec

More Information

bull Security Response Publications httpwwwsymanteccomsecurity_responsepublications

bull Internet Security Threat Report Resource Page httpwwwsymanteccomthreatreport

bull Symantec Security Response httpwwwsymanteccomsecurity_response

bull Norton Threat Explorer httpusnortoncomsecurity_responsethreatexplorer

bull Norton Cybercrime Index httpusnortoncomcybercrimeindex

Symantec protects the worldrsquos information and is a global leader in security backup and availability solutions Our innovative products and services protect people and information in any environmentmdashfrom the smallest mobile device to the enterprise data center to cloud-based systems Our world-renowned expertise in protecting data identities and interactions gives our customers confidence in a connected world More information is available at wwwsymanteccom or by connecting with Symantec at gosymanteccomsocialmedia

Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners

For specific country offices and contact numbers

please visit our website

For product information in the US

call toll-free 1 (800) 745 6054

Symantec Corporation World Headquarters

350 Ellis Street

Mountain View CA 94043 USA

+1 (650) 527 8000

1 (800) 721 3934

wwwsymanteccom

Confidence in a connected world

Page 20: Symantec Intelligence Report

p 20

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global spam rate decreased 19 percentage points in January to 621 percent down from 640 percent in December

bull Mining was the most commonly targeted industry at 642 percent followed by Manufacturing at 632 percent

bull The com top-level domain (TLD) was again the most frequently used malicious TLD in January

bull Sex Dating spam is the most common category at 752 percent Pharmaceutical spam came in second at 201 percent

Spam

Top 5 Activity for Spam Destination by GeographySource Symantec

Geography Percent

Sri Lanka 747

Israel 688

Brazil 669

South Africa 653

Kuwait 648

Top 5 Activity for Spam Destination by IndustrySource Symantec

Industry Percent

Mining 642

Manufacturing 632

Agriculture forestry amp fishing 629

Services - Professional 621

Construction 621

p 21

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 10 Sources of SpamSource Symantec

Source Percent of All Spam

Canada 77

Spain 68

Russian Federation 64

United States 59

Finland 56

Italy 50

Argentina 42

India 37

Ukraine 32

Romania 31

Spam URL Distribution Based on Top Level Domain NameSource Symantec

Month com info ru biz

Dec 331 137 132 103

Nov 367 124 not listed 96

Data lags one month

Average Spam Message SizeSource Symantec

Month 0Kb ndash 5Kb 5Kb ndash 10Kb gt10Kb

Dec 284 192 523

Nov 370 247 384

Data lags one month

Spam by CategorySource Symantec

Category Percent

SexDating 752

Pharma 201

Jobs 18

Software 08

Watches 08

Top 5 Activity for Spam Destination by Company SizeSource Symantec

Company Size Percent

1-250 620

251-500 618

501-1000 624

1001-1500 622

1501-2500 620

2501+ 623

p 22

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global phishing rate is down in January comprising one in 1 in 1444 email messages In December this rate was one in 1 in 1053

bull Financial themes continue to be the most frequent subject matter with 675 percent of phishing scams containing this theme

bull The South Africa had the highest rate in January where one in 530 emails was a phishing scam

bull The United States tops the list of sources of phishing emails responsible for distributing 399 percent of phishing scams

bull Public Administration was the most targeted industry in January with one in every 761 emails received in this industry being a phishing scam

Phishing

Top 5 Activity for Phishing Destination by GeographySource Symantec

Geography Rate

South Africa 1 in 540

United Kingdom 1 in 731

Australia 1 in 821

Austria 1 in 1183

New Zealand 1 in 1215

Top 5 Activity for Phishing Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 761

Agriculture forestry amp fishing 1 in 874

Services - Professional 1 in 1189

Transportation communications electric gas amp Sanitary Services

1 in 14572

Construction 1 in 15715

Top 5 Activity for Phishing Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 1122

251-500 1 in 1130

501-1000 1 in 1463

1001-1500 1 in 1563

1501-2500 1 in 1590

2501+ 1 in 1865

Top 10 Sources of PhishingSource Symantec

Source Percent

United States 399

Australia 271

United Kingdom 243

South Africa 24

Netherlands 18

Sweden 15

Singapore 04

Japan 03

United Arab Emirates 03

New Zealand 02

p 23

Symantec CorporationSymantec Intelligence Report JANUARY 2014

363

32

16

07

581Automated Toolkits

Other Unique Domains

IP Address Domains

Free Web Hosting Sites

Typosquatting

Phishing DistributionPhishing Distribution

Phishing DistributionSource Symantec

291

36

09

01

675Financial

Information Services

Retail

Computer Software

Communications

Organizations Spoofedin Phishing AttacksOrganizations Spoofedin Phishing Attacks

Organizations Spoofed in Phishing AttacksSource Symantec

p 24

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Malware

1 in 0

1 in 50

1 in 100

1 in 150

1 in 200

1 in 250

1 in 300

1 in 350

1 in 400

1 in 450

1 in 500J

2014DNOSAJJMAMF

Proportion of Email Traffic in Which Virus Was DetectedSource Symantec

Top 10 Email Virus SourcesSource Symantec

Geography Percent

United States 665

United Kingdom 150

Australia 41

Netherlands 21

France 18

Germany 12

Japan 12

South Africa 11

Canada 09

Hong Kong 07

At a Glance

bull The global average virus rate in January was one in 431 emails compared to one in 164 in December

bull Hungary topped the list of geographies with one in 217 emails containing a virus

bull The United States was the largest source of virus-laden emails making up 665 percent of all email-based viruses

bull Organizations with 250-500 employees were the most targeted company size where one and 383 emails contained a virus

p 25

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 5 Activity for Malware Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 309

Agriculture forestry amp fishing 1 in 332

Services - Professional 1 in 343

Wholesale 1 in 397

Services - Non Traditional 1 in 467

Top 5 Activity for Malware Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 398

251-500 1 in 383

501-1000 1 in 459

1001-1500 1 in 396

1501-2500 1 in 475

2501+ 1 in 459

Top 5 Activity for Malware Destination by Geographic LocationSource Symantec

Geography Rate

Hungary 1 in 217

South Africa 1 in 221

United Kingdom 1 in 287

Hong Kong 1 in 306

Ireland 1 in 344

p 26

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull Variants of W32Ramnit accounted for 94 percent of all malware blocked at the endpoint

bull In comparison 61 percent of all malware were variants of W32Sality

bull Approximately 495 percent of the most frequently blocked malware last month was identified and blocked using generic detection

Endpoint Security

Top 10 Most Frequently Blocked MalwareSource Symantec

Malware Percent

W32SalityAE 54

W32Ramnithtml 38

W32AlmanaheBinf 34

W32DownadupB 34

W32RamnitB 31

TrojanZbot 25

W32RamnitBinf 22

W32SillyFDC 17

W32VirutCF 17

W32SillyFDCBDPlnk 10

p 27

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Policy Based FilteringSource Symantec

Category Percent

Social Networking 517

Advertisement amp Popups 205

Streaming Media 43

Hosting Sites 32

Computing amp Internet 28

Chat 19

Search 15

Gambling 10

News 09

Entertainment 08

Policy Based Filtering

At a Glance

bull The most common trigger for policy-based filtering applied by Symantec Web Security cloud for its business clients was for the ldquoSocial Networkingrdquo category which accounted for 517 percent of blocked Web activity in January

bull ldquoAdvertisement amp Popupsrdquo was the second-most common trigger comprising 205 percent of blocked Web activity

p 28

Symantec CorporationSymantec Intelligence Report JANUARY 2014

About Symantec

More Information

bull Security Response Publications httpwwwsymanteccomsecurity_responsepublications

bull Internet Security Threat Report Resource Page httpwwwsymanteccomthreatreport

bull Symantec Security Response httpwwwsymanteccomsecurity_response

bull Norton Threat Explorer httpusnortoncomsecurity_responsethreatexplorer

bull Norton Cybercrime Index httpusnortoncomcybercrimeindex

Symantec protects the worldrsquos information and is a global leader in security backup and availability solutions Our innovative products and services protect people and information in any environmentmdashfrom the smallest mobile device to the enterprise data center to cloud-based systems Our world-renowned expertise in protecting data identities and interactions gives our customers confidence in a connected world More information is available at wwwsymanteccom or by connecting with Symantec at gosymanteccomsocialmedia

Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners

For specific country offices and contact numbers

please visit our website

For product information in the US

call toll-free 1 (800) 745 6054

Symantec Corporation World Headquarters

350 Ellis Street

Mountain View CA 94043 USA

+1 (650) 527 8000

1 (800) 721 3934

wwwsymanteccom

Confidence in a connected world

Page 21: Symantec Intelligence Report

p 21

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 10 Sources of SpamSource Symantec

Source Percent of All Spam

Canada 77

Spain 68

Russian Federation 64

United States 59

Finland 56

Italy 50

Argentina 42

India 37

Ukraine 32

Romania 31

Spam URL Distribution Based on Top Level Domain NameSource Symantec

Month com info ru biz

Dec 331 137 132 103

Nov 367 124 not listed 96

Data lags one month

Average Spam Message SizeSource Symantec

Month 0Kb ndash 5Kb 5Kb ndash 10Kb gt10Kb

Dec 284 192 523

Nov 370 247 384

Data lags one month

Spam by CategorySource Symantec

Category Percent

SexDating 752

Pharma 201

Jobs 18

Software 08

Watches 08

Top 5 Activity for Spam Destination by Company SizeSource Symantec

Company Size Percent

1-250 620

251-500 618

501-1000 624

1001-1500 622

1501-2500 620

2501+ 623

p 22

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global phishing rate is down in January comprising one in 1 in 1444 email messages In December this rate was one in 1 in 1053

bull Financial themes continue to be the most frequent subject matter with 675 percent of phishing scams containing this theme

bull The South Africa had the highest rate in January where one in 530 emails was a phishing scam

bull The United States tops the list of sources of phishing emails responsible for distributing 399 percent of phishing scams

bull Public Administration was the most targeted industry in January with one in every 761 emails received in this industry being a phishing scam

Phishing

Top 5 Activity for Phishing Destination by GeographySource Symantec

Geography Rate

South Africa 1 in 540

United Kingdom 1 in 731

Australia 1 in 821

Austria 1 in 1183

New Zealand 1 in 1215

Top 5 Activity for Phishing Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 761

Agriculture forestry amp fishing 1 in 874

Services - Professional 1 in 1189

Transportation communications electric gas amp Sanitary Services

1 in 14572

Construction 1 in 15715

Top 5 Activity for Phishing Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 1122

251-500 1 in 1130

501-1000 1 in 1463

1001-1500 1 in 1563

1501-2500 1 in 1590

2501+ 1 in 1865

Top 10 Sources of PhishingSource Symantec

Source Percent

United States 399

Australia 271

United Kingdom 243

South Africa 24

Netherlands 18

Sweden 15

Singapore 04

Japan 03

United Arab Emirates 03

New Zealand 02

p 23

Symantec CorporationSymantec Intelligence Report JANUARY 2014

363

32

16

07

581Automated Toolkits

Other Unique Domains

IP Address Domains

Free Web Hosting Sites

Typosquatting

Phishing DistributionPhishing Distribution

Phishing DistributionSource Symantec

291

36

09

01

675Financial

Information Services

Retail

Computer Software

Communications

Organizations Spoofedin Phishing AttacksOrganizations Spoofedin Phishing Attacks

Organizations Spoofed in Phishing AttacksSource Symantec

p 24

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Malware

1 in 0

1 in 50

1 in 100

1 in 150

1 in 200

1 in 250

1 in 300

1 in 350

1 in 400

1 in 450

1 in 500J

2014DNOSAJJMAMF

Proportion of Email Traffic in Which Virus Was DetectedSource Symantec

Top 10 Email Virus SourcesSource Symantec

Geography Percent

United States 665

United Kingdom 150

Australia 41

Netherlands 21

France 18

Germany 12

Japan 12

South Africa 11

Canada 09

Hong Kong 07

At a Glance

bull The global average virus rate in January was one in 431 emails compared to one in 164 in December

bull Hungary topped the list of geographies with one in 217 emails containing a virus

bull The United States was the largest source of virus-laden emails making up 665 percent of all email-based viruses

bull Organizations with 250-500 employees were the most targeted company size where one and 383 emails contained a virus

p 25

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 5 Activity for Malware Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 309

Agriculture forestry amp fishing 1 in 332

Services - Professional 1 in 343

Wholesale 1 in 397

Services - Non Traditional 1 in 467

Top 5 Activity for Malware Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 398

251-500 1 in 383

501-1000 1 in 459

1001-1500 1 in 396

1501-2500 1 in 475

2501+ 1 in 459

Top 5 Activity for Malware Destination by Geographic LocationSource Symantec

Geography Rate

Hungary 1 in 217

South Africa 1 in 221

United Kingdom 1 in 287

Hong Kong 1 in 306

Ireland 1 in 344

p 26

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull Variants of W32Ramnit accounted for 94 percent of all malware blocked at the endpoint

bull In comparison 61 percent of all malware were variants of W32Sality

bull Approximately 495 percent of the most frequently blocked malware last month was identified and blocked using generic detection

Endpoint Security

Top 10 Most Frequently Blocked MalwareSource Symantec

Malware Percent

W32SalityAE 54

W32Ramnithtml 38

W32AlmanaheBinf 34

W32DownadupB 34

W32RamnitB 31

TrojanZbot 25

W32RamnitBinf 22

W32SillyFDC 17

W32VirutCF 17

W32SillyFDCBDPlnk 10

p 27

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Policy Based FilteringSource Symantec

Category Percent

Social Networking 517

Advertisement amp Popups 205

Streaming Media 43

Hosting Sites 32

Computing amp Internet 28

Chat 19

Search 15

Gambling 10

News 09

Entertainment 08

Policy Based Filtering

At a Glance

bull The most common trigger for policy-based filtering applied by Symantec Web Security cloud for its business clients was for the ldquoSocial Networkingrdquo category which accounted for 517 percent of blocked Web activity in January

bull ldquoAdvertisement amp Popupsrdquo was the second-most common trigger comprising 205 percent of blocked Web activity

p 28

Symantec CorporationSymantec Intelligence Report JANUARY 2014

About Symantec

More Information

bull Security Response Publications httpwwwsymanteccomsecurity_responsepublications

bull Internet Security Threat Report Resource Page httpwwwsymanteccomthreatreport

bull Symantec Security Response httpwwwsymanteccomsecurity_response

bull Norton Threat Explorer httpusnortoncomsecurity_responsethreatexplorer

bull Norton Cybercrime Index httpusnortoncomcybercrimeindex

Symantec protects the worldrsquos information and is a global leader in security backup and availability solutions Our innovative products and services protect people and information in any environmentmdashfrom the smallest mobile device to the enterprise data center to cloud-based systems Our world-renowned expertise in protecting data identities and interactions gives our customers confidence in a connected world More information is available at wwwsymanteccom or by connecting with Symantec at gosymanteccomsocialmedia

Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners

For specific country offices and contact numbers

please visit our website

For product information in the US

call toll-free 1 (800) 745 6054

Symantec Corporation World Headquarters

350 Ellis Street

Mountain View CA 94043 USA

+1 (650) 527 8000

1 (800) 721 3934

wwwsymanteccom

Confidence in a connected world

Page 22: Symantec Intelligence Report

p 22

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull The global phishing rate is down in January comprising one in 1 in 1444 email messages In December this rate was one in 1 in 1053

bull Financial themes continue to be the most frequent subject matter with 675 percent of phishing scams containing this theme

bull The South Africa had the highest rate in January where one in 530 emails was a phishing scam

bull The United States tops the list of sources of phishing emails responsible for distributing 399 percent of phishing scams

bull Public Administration was the most targeted industry in January with one in every 761 emails received in this industry being a phishing scam

Phishing

Top 5 Activity for Phishing Destination by GeographySource Symantec

Geography Rate

South Africa 1 in 540

United Kingdom 1 in 731

Australia 1 in 821

Austria 1 in 1183

New Zealand 1 in 1215

Top 5 Activity for Phishing Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 761

Agriculture forestry amp fishing 1 in 874

Services - Professional 1 in 1189

Transportation communications electric gas amp Sanitary Services

1 in 14572

Construction 1 in 15715

Top 5 Activity for Phishing Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 1122

251-500 1 in 1130

501-1000 1 in 1463

1001-1500 1 in 1563

1501-2500 1 in 1590

2501+ 1 in 1865

Top 10 Sources of PhishingSource Symantec

Source Percent

United States 399

Australia 271

United Kingdom 243

South Africa 24

Netherlands 18

Sweden 15

Singapore 04

Japan 03

United Arab Emirates 03

New Zealand 02

p 23

Symantec CorporationSymantec Intelligence Report JANUARY 2014

363

32

16

07

581Automated Toolkits

Other Unique Domains

IP Address Domains

Free Web Hosting Sites

Typosquatting

Phishing DistributionPhishing Distribution

Phishing DistributionSource Symantec

291

36

09

01

675Financial

Information Services

Retail

Computer Software

Communications

Organizations Spoofedin Phishing AttacksOrganizations Spoofedin Phishing Attacks

Organizations Spoofed in Phishing AttacksSource Symantec

p 24

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Malware

1 in 0

1 in 50

1 in 100

1 in 150

1 in 200

1 in 250

1 in 300

1 in 350

1 in 400

1 in 450

1 in 500J

2014DNOSAJJMAMF

Proportion of Email Traffic in Which Virus Was DetectedSource Symantec

Top 10 Email Virus SourcesSource Symantec

Geography Percent

United States 665

United Kingdom 150

Australia 41

Netherlands 21

France 18

Germany 12

Japan 12

South Africa 11

Canada 09

Hong Kong 07

At a Glance

bull The global average virus rate in January was one in 431 emails compared to one in 164 in December

bull Hungary topped the list of geographies with one in 217 emails containing a virus

bull The United States was the largest source of virus-laden emails making up 665 percent of all email-based viruses

bull Organizations with 250-500 employees were the most targeted company size where one and 383 emails contained a virus

p 25

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 5 Activity for Malware Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 309

Agriculture forestry amp fishing 1 in 332

Services - Professional 1 in 343

Wholesale 1 in 397

Services - Non Traditional 1 in 467

Top 5 Activity for Malware Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 398

251-500 1 in 383

501-1000 1 in 459

1001-1500 1 in 396

1501-2500 1 in 475

2501+ 1 in 459

Top 5 Activity for Malware Destination by Geographic LocationSource Symantec

Geography Rate

Hungary 1 in 217

South Africa 1 in 221

United Kingdom 1 in 287

Hong Kong 1 in 306

Ireland 1 in 344

p 26

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull Variants of W32Ramnit accounted for 94 percent of all malware blocked at the endpoint

bull In comparison 61 percent of all malware were variants of W32Sality

bull Approximately 495 percent of the most frequently blocked malware last month was identified and blocked using generic detection

Endpoint Security

Top 10 Most Frequently Blocked MalwareSource Symantec

Malware Percent

W32SalityAE 54

W32Ramnithtml 38

W32AlmanaheBinf 34

W32DownadupB 34

W32RamnitB 31

TrojanZbot 25

W32RamnitBinf 22

W32SillyFDC 17

W32VirutCF 17

W32SillyFDCBDPlnk 10

p 27

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Policy Based FilteringSource Symantec

Category Percent

Social Networking 517

Advertisement amp Popups 205

Streaming Media 43

Hosting Sites 32

Computing amp Internet 28

Chat 19

Search 15

Gambling 10

News 09

Entertainment 08

Policy Based Filtering

At a Glance

bull The most common trigger for policy-based filtering applied by Symantec Web Security cloud for its business clients was for the ldquoSocial Networkingrdquo category which accounted for 517 percent of blocked Web activity in January

bull ldquoAdvertisement amp Popupsrdquo was the second-most common trigger comprising 205 percent of blocked Web activity

p 28

Symantec CorporationSymantec Intelligence Report JANUARY 2014

About Symantec

More Information

bull Security Response Publications httpwwwsymanteccomsecurity_responsepublications

bull Internet Security Threat Report Resource Page httpwwwsymanteccomthreatreport

bull Symantec Security Response httpwwwsymanteccomsecurity_response

bull Norton Threat Explorer httpusnortoncomsecurity_responsethreatexplorer

bull Norton Cybercrime Index httpusnortoncomcybercrimeindex

Symantec protects the worldrsquos information and is a global leader in security backup and availability solutions Our innovative products and services protect people and information in any environmentmdashfrom the smallest mobile device to the enterprise data center to cloud-based systems Our world-renowned expertise in protecting data identities and interactions gives our customers confidence in a connected world More information is available at wwwsymanteccom or by connecting with Symantec at gosymanteccomsocialmedia

Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners

For specific country offices and contact numbers

please visit our website

For product information in the US

call toll-free 1 (800) 745 6054

Symantec Corporation World Headquarters

350 Ellis Street

Mountain View CA 94043 USA

+1 (650) 527 8000

1 (800) 721 3934

wwwsymanteccom

Confidence in a connected world

Page 23: Symantec Intelligence Report

p 23

Symantec CorporationSymantec Intelligence Report JANUARY 2014

363

32

16

07

581Automated Toolkits

Other Unique Domains

IP Address Domains

Free Web Hosting Sites

Typosquatting

Phishing DistributionPhishing Distribution

Phishing DistributionSource Symantec

291

36

09

01

675Financial

Information Services

Retail

Computer Software

Communications

Organizations Spoofedin Phishing AttacksOrganizations Spoofedin Phishing Attacks

Organizations Spoofed in Phishing AttacksSource Symantec

p 24

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Malware

1 in 0

1 in 50

1 in 100

1 in 150

1 in 200

1 in 250

1 in 300

1 in 350

1 in 400

1 in 450

1 in 500J

2014DNOSAJJMAMF

Proportion of Email Traffic in Which Virus Was DetectedSource Symantec

Top 10 Email Virus SourcesSource Symantec

Geography Percent

United States 665

United Kingdom 150

Australia 41

Netherlands 21

France 18

Germany 12

Japan 12

South Africa 11

Canada 09

Hong Kong 07

At a Glance

bull The global average virus rate in January was one in 431 emails compared to one in 164 in December

bull Hungary topped the list of geographies with one in 217 emails containing a virus

bull The United States was the largest source of virus-laden emails making up 665 percent of all email-based viruses

bull Organizations with 250-500 employees were the most targeted company size where one and 383 emails contained a virus

p 25

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 5 Activity for Malware Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 309

Agriculture forestry amp fishing 1 in 332

Services - Professional 1 in 343

Wholesale 1 in 397

Services - Non Traditional 1 in 467

Top 5 Activity for Malware Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 398

251-500 1 in 383

501-1000 1 in 459

1001-1500 1 in 396

1501-2500 1 in 475

2501+ 1 in 459

Top 5 Activity for Malware Destination by Geographic LocationSource Symantec

Geography Rate

Hungary 1 in 217

South Africa 1 in 221

United Kingdom 1 in 287

Hong Kong 1 in 306

Ireland 1 in 344

p 26

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull Variants of W32Ramnit accounted for 94 percent of all malware blocked at the endpoint

bull In comparison 61 percent of all malware were variants of W32Sality

bull Approximately 495 percent of the most frequently blocked malware last month was identified and blocked using generic detection

Endpoint Security

Top 10 Most Frequently Blocked MalwareSource Symantec

Malware Percent

W32SalityAE 54

W32Ramnithtml 38

W32AlmanaheBinf 34

W32DownadupB 34

W32RamnitB 31

TrojanZbot 25

W32RamnitBinf 22

W32SillyFDC 17

W32VirutCF 17

W32SillyFDCBDPlnk 10

p 27

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Policy Based FilteringSource Symantec

Category Percent

Social Networking 517

Advertisement amp Popups 205

Streaming Media 43

Hosting Sites 32

Computing amp Internet 28

Chat 19

Search 15

Gambling 10

News 09

Entertainment 08

Policy Based Filtering

At a Glance

bull The most common trigger for policy-based filtering applied by Symantec Web Security cloud for its business clients was for the ldquoSocial Networkingrdquo category which accounted for 517 percent of blocked Web activity in January

bull ldquoAdvertisement amp Popupsrdquo was the second-most common trigger comprising 205 percent of blocked Web activity

p 28

Symantec CorporationSymantec Intelligence Report JANUARY 2014

About Symantec

More Information

bull Security Response Publications httpwwwsymanteccomsecurity_responsepublications

bull Internet Security Threat Report Resource Page httpwwwsymanteccomthreatreport

bull Symantec Security Response httpwwwsymanteccomsecurity_response

bull Norton Threat Explorer httpusnortoncomsecurity_responsethreatexplorer

bull Norton Cybercrime Index httpusnortoncomcybercrimeindex

Symantec protects the worldrsquos information and is a global leader in security backup and availability solutions Our innovative products and services protect people and information in any environmentmdashfrom the smallest mobile device to the enterprise data center to cloud-based systems Our world-renowned expertise in protecting data identities and interactions gives our customers confidence in a connected world More information is available at wwwsymanteccom or by connecting with Symantec at gosymanteccomsocialmedia

Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners

For specific country offices and contact numbers

please visit our website

For product information in the US

call toll-free 1 (800) 745 6054

Symantec Corporation World Headquarters

350 Ellis Street

Mountain View CA 94043 USA

+1 (650) 527 8000

1 (800) 721 3934

wwwsymanteccom

Confidence in a connected world

Page 24: Symantec Intelligence Report

p 24

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Malware

1 in 0

1 in 50

1 in 100

1 in 150

1 in 200

1 in 250

1 in 300

1 in 350

1 in 400

1 in 450

1 in 500J

2014DNOSAJJMAMF

Proportion of Email Traffic in Which Virus Was DetectedSource Symantec

Top 10 Email Virus SourcesSource Symantec

Geography Percent

United States 665

United Kingdom 150

Australia 41

Netherlands 21

France 18

Germany 12

Japan 12

South Africa 11

Canada 09

Hong Kong 07

At a Glance

bull The global average virus rate in January was one in 431 emails compared to one in 164 in December

bull Hungary topped the list of geographies with one in 217 emails containing a virus

bull The United States was the largest source of virus-laden emails making up 665 percent of all email-based viruses

bull Organizations with 250-500 employees were the most targeted company size where one and 383 emails contained a virus

p 25

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 5 Activity for Malware Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 309

Agriculture forestry amp fishing 1 in 332

Services - Professional 1 in 343

Wholesale 1 in 397

Services - Non Traditional 1 in 467

Top 5 Activity for Malware Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 398

251-500 1 in 383

501-1000 1 in 459

1001-1500 1 in 396

1501-2500 1 in 475

2501+ 1 in 459

Top 5 Activity for Malware Destination by Geographic LocationSource Symantec

Geography Rate

Hungary 1 in 217

South Africa 1 in 221

United Kingdom 1 in 287

Hong Kong 1 in 306

Ireland 1 in 344

p 26

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull Variants of W32Ramnit accounted for 94 percent of all malware blocked at the endpoint

bull In comparison 61 percent of all malware were variants of W32Sality

bull Approximately 495 percent of the most frequently blocked malware last month was identified and blocked using generic detection

Endpoint Security

Top 10 Most Frequently Blocked MalwareSource Symantec

Malware Percent

W32SalityAE 54

W32Ramnithtml 38

W32AlmanaheBinf 34

W32DownadupB 34

W32RamnitB 31

TrojanZbot 25

W32RamnitBinf 22

W32SillyFDC 17

W32VirutCF 17

W32SillyFDCBDPlnk 10

p 27

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Policy Based FilteringSource Symantec

Category Percent

Social Networking 517

Advertisement amp Popups 205

Streaming Media 43

Hosting Sites 32

Computing amp Internet 28

Chat 19

Search 15

Gambling 10

News 09

Entertainment 08

Policy Based Filtering

At a Glance

bull The most common trigger for policy-based filtering applied by Symantec Web Security cloud for its business clients was for the ldquoSocial Networkingrdquo category which accounted for 517 percent of blocked Web activity in January

bull ldquoAdvertisement amp Popupsrdquo was the second-most common trigger comprising 205 percent of blocked Web activity

p 28

Symantec CorporationSymantec Intelligence Report JANUARY 2014

About Symantec

More Information

bull Security Response Publications httpwwwsymanteccomsecurity_responsepublications

bull Internet Security Threat Report Resource Page httpwwwsymanteccomthreatreport

bull Symantec Security Response httpwwwsymanteccomsecurity_response

bull Norton Threat Explorer httpusnortoncomsecurity_responsethreatexplorer

bull Norton Cybercrime Index httpusnortoncomcybercrimeindex

Symantec protects the worldrsquos information and is a global leader in security backup and availability solutions Our innovative products and services protect people and information in any environmentmdashfrom the smallest mobile device to the enterprise data center to cloud-based systems Our world-renowned expertise in protecting data identities and interactions gives our customers confidence in a connected world More information is available at wwwsymanteccom or by connecting with Symantec at gosymanteccomsocialmedia

Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners

For specific country offices and contact numbers

please visit our website

For product information in the US

call toll-free 1 (800) 745 6054

Symantec Corporation World Headquarters

350 Ellis Street

Mountain View CA 94043 USA

+1 (650) 527 8000

1 (800) 721 3934

wwwsymanteccom

Confidence in a connected world

Page 25: Symantec Intelligence Report

p 25

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Top 5 Activity for Malware Destination by IndustrySource Symantec

Industry Rate

Public Administration 1 in 309

Agriculture forestry amp fishing 1 in 332

Services - Professional 1 in 343

Wholesale 1 in 397

Services - Non Traditional 1 in 467

Top 5 Activity for Malware Destination by Company SizeSource Symantec

Company Size Rate

1-250 1 in 398

251-500 1 in 383

501-1000 1 in 459

1001-1500 1 in 396

1501-2500 1 in 475

2501+ 1 in 459

Top 5 Activity for Malware Destination by Geographic LocationSource Symantec

Geography Rate

Hungary 1 in 217

South Africa 1 in 221

United Kingdom 1 in 287

Hong Kong 1 in 306

Ireland 1 in 344

p 26

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull Variants of W32Ramnit accounted for 94 percent of all malware blocked at the endpoint

bull In comparison 61 percent of all malware were variants of W32Sality

bull Approximately 495 percent of the most frequently blocked malware last month was identified and blocked using generic detection

Endpoint Security

Top 10 Most Frequently Blocked MalwareSource Symantec

Malware Percent

W32SalityAE 54

W32Ramnithtml 38

W32AlmanaheBinf 34

W32DownadupB 34

W32RamnitB 31

TrojanZbot 25

W32RamnitBinf 22

W32SillyFDC 17

W32VirutCF 17

W32SillyFDCBDPlnk 10

p 27

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Policy Based FilteringSource Symantec

Category Percent

Social Networking 517

Advertisement amp Popups 205

Streaming Media 43

Hosting Sites 32

Computing amp Internet 28

Chat 19

Search 15

Gambling 10

News 09

Entertainment 08

Policy Based Filtering

At a Glance

bull The most common trigger for policy-based filtering applied by Symantec Web Security cloud for its business clients was for the ldquoSocial Networkingrdquo category which accounted for 517 percent of blocked Web activity in January

bull ldquoAdvertisement amp Popupsrdquo was the second-most common trigger comprising 205 percent of blocked Web activity

p 28

Symantec CorporationSymantec Intelligence Report JANUARY 2014

About Symantec

More Information

bull Security Response Publications httpwwwsymanteccomsecurity_responsepublications

bull Internet Security Threat Report Resource Page httpwwwsymanteccomthreatreport

bull Symantec Security Response httpwwwsymanteccomsecurity_response

bull Norton Threat Explorer httpusnortoncomsecurity_responsethreatexplorer

bull Norton Cybercrime Index httpusnortoncomcybercrimeindex

Symantec protects the worldrsquos information and is a global leader in security backup and availability solutions Our innovative products and services protect people and information in any environmentmdashfrom the smallest mobile device to the enterprise data center to cloud-based systems Our world-renowned expertise in protecting data identities and interactions gives our customers confidence in a connected world More information is available at wwwsymanteccom or by connecting with Symantec at gosymanteccomsocialmedia

Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners

For specific country offices and contact numbers

please visit our website

For product information in the US

call toll-free 1 (800) 745 6054

Symantec Corporation World Headquarters

350 Ellis Street

Mountain View CA 94043 USA

+1 (650) 527 8000

1 (800) 721 3934

wwwsymanteccom

Confidence in a connected world

Page 26: Symantec Intelligence Report

p 26

Symantec CorporationSymantec Intelligence Report JANUARY 2014

At a Glance

bull Variants of W32Ramnit accounted for 94 percent of all malware blocked at the endpoint

bull In comparison 61 percent of all malware were variants of W32Sality

bull Approximately 495 percent of the most frequently blocked malware last month was identified and blocked using generic detection

Endpoint Security

Top 10 Most Frequently Blocked MalwareSource Symantec

Malware Percent

W32SalityAE 54

W32Ramnithtml 38

W32AlmanaheBinf 34

W32DownadupB 34

W32RamnitB 31

TrojanZbot 25

W32RamnitBinf 22

W32SillyFDC 17

W32VirutCF 17

W32SillyFDCBDPlnk 10

p 27

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Policy Based FilteringSource Symantec

Category Percent

Social Networking 517

Advertisement amp Popups 205

Streaming Media 43

Hosting Sites 32

Computing amp Internet 28

Chat 19

Search 15

Gambling 10

News 09

Entertainment 08

Policy Based Filtering

At a Glance

bull The most common trigger for policy-based filtering applied by Symantec Web Security cloud for its business clients was for the ldquoSocial Networkingrdquo category which accounted for 517 percent of blocked Web activity in January

bull ldquoAdvertisement amp Popupsrdquo was the second-most common trigger comprising 205 percent of blocked Web activity

p 28

Symantec CorporationSymantec Intelligence Report JANUARY 2014

About Symantec

More Information

bull Security Response Publications httpwwwsymanteccomsecurity_responsepublications

bull Internet Security Threat Report Resource Page httpwwwsymanteccomthreatreport

bull Symantec Security Response httpwwwsymanteccomsecurity_response

bull Norton Threat Explorer httpusnortoncomsecurity_responsethreatexplorer

bull Norton Cybercrime Index httpusnortoncomcybercrimeindex

Symantec protects the worldrsquos information and is a global leader in security backup and availability solutions Our innovative products and services protect people and information in any environmentmdashfrom the smallest mobile device to the enterprise data center to cloud-based systems Our world-renowned expertise in protecting data identities and interactions gives our customers confidence in a connected world More information is available at wwwsymanteccom or by connecting with Symantec at gosymanteccomsocialmedia

Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners

For specific country offices and contact numbers

please visit our website

For product information in the US

call toll-free 1 (800) 745 6054

Symantec Corporation World Headquarters

350 Ellis Street

Mountain View CA 94043 USA

+1 (650) 527 8000

1 (800) 721 3934

wwwsymanteccom

Confidence in a connected world

Page 27: Symantec Intelligence Report

p 27

Symantec CorporationSymantec Intelligence Report JANUARY 2014

Policy Based FilteringSource Symantec

Category Percent

Social Networking 517

Advertisement amp Popups 205

Streaming Media 43

Hosting Sites 32

Computing amp Internet 28

Chat 19

Search 15

Gambling 10

News 09

Entertainment 08

Policy Based Filtering

At a Glance

bull The most common trigger for policy-based filtering applied by Symantec Web Security cloud for its business clients was for the ldquoSocial Networkingrdquo category which accounted for 517 percent of blocked Web activity in January

bull ldquoAdvertisement amp Popupsrdquo was the second-most common trigger comprising 205 percent of blocked Web activity

p 28

Symantec CorporationSymantec Intelligence Report JANUARY 2014

About Symantec

More Information

bull Security Response Publications httpwwwsymanteccomsecurity_responsepublications

bull Internet Security Threat Report Resource Page httpwwwsymanteccomthreatreport

bull Symantec Security Response httpwwwsymanteccomsecurity_response

bull Norton Threat Explorer httpusnortoncomsecurity_responsethreatexplorer

bull Norton Cybercrime Index httpusnortoncomcybercrimeindex

Symantec protects the worldrsquos information and is a global leader in security backup and availability solutions Our innovative products and services protect people and information in any environmentmdashfrom the smallest mobile device to the enterprise data center to cloud-based systems Our world-renowned expertise in protecting data identities and interactions gives our customers confidence in a connected world More information is available at wwwsymanteccom or by connecting with Symantec at gosymanteccomsocialmedia

Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners

For specific country offices and contact numbers

please visit our website

For product information in the US

call toll-free 1 (800) 745 6054

Symantec Corporation World Headquarters

350 Ellis Street

Mountain View CA 94043 USA

+1 (650) 527 8000

1 (800) 721 3934

wwwsymanteccom

Confidence in a connected world

Page 28: Symantec Intelligence Report

p 28

Symantec CorporationSymantec Intelligence Report JANUARY 2014

About Symantec

More Information

bull Security Response Publications httpwwwsymanteccomsecurity_responsepublications

bull Internet Security Threat Report Resource Page httpwwwsymanteccomthreatreport

bull Symantec Security Response httpwwwsymanteccomsecurity_response

bull Norton Threat Explorer httpusnortoncomsecurity_responsethreatexplorer

bull Norton Cybercrime Index httpusnortoncomcybercrimeindex

Symantec protects the worldrsquos information and is a global leader in security backup and availability solutions Our innovative products and services protect people and information in any environmentmdashfrom the smallest mobile device to the enterprise data center to cloud-based systems Our world-renowned expertise in protecting data identities and interactions gives our customers confidence in a connected world More information is available at wwwsymanteccom or by connecting with Symantec at gosymanteccomsocialmedia

Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners

For specific country offices and contact numbers

please visit our website

For product information in the US

call toll-free 1 (800) 745 6054

Symantec Corporation World Headquarters

350 Ellis Street

Mountain View CA 94043 USA

+1 (650) 527 8000

1 (800) 721 3934

wwwsymanteccom

Confidence in a connected world

Page 29: Symantec Intelligence Report

Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners

For specific country offices and contact numbers

please visit our website

For product information in the US

call toll-free 1 (800) 745 6054

Symantec Corporation World Headquarters

350 Ellis Street

Mountain View CA 94043 USA

+1 (650) 527 8000

1 (800) 721 3934

wwwsymanteccom

Confidence in a connected world