Andrew Horbury Product Marketing Manager
Andrew ShepherdEMEA Marketing Manager
WEBSITE SECURITY THREATS:DECEMBER 2013 UPDATE
Wednesday 4th December 2013
Agenda
Website Security Threats: December 2013 Update
1
2
3
4
5
6
Month in Numbers
2014 Security Predictions
Every Organisation a Target
Ransomware Update
Attack, Attack, Attack
Good news
The month in numbers…..• Eurobarometer Survey out this week reveals
– 76% European Internet users believe that the risk of becoming a victim of cybercrime has increased in the past year
– 46% have installed antivirus software
– 10% of EU Internet users have experienced online fraud and a further 6% were victims of identity theft
– 37% worried about a malicious party taking or misusing their personal data. When banking or shopping online.
• Anchorfree Survey on Public Wi-Fi usage– 4 out of 5 concerned about ID theft when using public
Wi-Fi
– 8 out of 10 however still happy to connect to public Wi-Fi
– Smartphone and tablet users were three times more likely than laptop users to connect to Wi-Fi in a shopping mall or tourist attraction.
Website Security Threats: December 2013 Update
Love by numbers• Stolen Cupid data reveals weak
password choices
Website Security Threats: December 2013 Update
Password Times used123456 1,902,801111111 1,212,235123456789 574,9141234567 173,23512345678 140,7340000000 107,996Iloveyou 91,2691234567890 81,755?????? 79,046123123 79,013
Love plus one
Website Security Threats: December 2013 Update
Password Times usedIloveyou 91,269lovely 54,045qwerty 40,023password 37,241azerty 33,579loveme 32,645aaaaaa 30,273mylove 28,266iloveu 23,787zxcvbnm 20,362
Password creation tips
A strong password:• Is at least eight characters
long• Does not contain your user
name, real name, or company name.
• Does not contain a complete word.
• Is significantly different from previous passwords.
• Contains Uppercase, lowercase, numbers and symbols.
Security Predictions for 2014
Symantec:
• People will finally begin taking active steps to keep their information private
• Scammers, data collectors and cybercriminals will not ignore any social network, no matter how “niche” or obscure
• The “Internet of Things” becomes the “Internet of Vulnerabilities”
• Mobile apps will prove that you can like yourself too much
Other:
• Advanced malware volume will decrease
• Attackers will be more interested in cloud data than your network
• Attackers will increasingly lure executives and compromise organizations via professional social networks
• Exploit kits will struggle for power in the wake of the Blackhole author arrest
Website Security Threats: December 2013 Update
Every organisation could be a target for
hackers
Website Security Threats: December 2013 Update
Assumption #1: I’m too small to be attacked
Greatest growth in 2012 is at companies with <250 employees
Small business often not well protected, but connected to others
Employees2,501+
50% 2,501+ 50% 1 to 2,500
50%
1,501 to 2,500
1,001 to 1,500501 to 1,000251 to 500
1 to 250
9%
2%3%5%
31%
Website Security Threats: December 2013 Update
Targeted Attacks by Company Size
Greatest growth in 2012 is at companies with <250 employees
Small business often not well protected, but connected to others
Employees2,501+
50% 2,501+ 50% 1 to 2,500
50%
1,501 to 2,500
1,001 to 1,500501 to 1,000251 to 500
1 to 250
18%in 2011
9%
2%3%5%
31%
87% of SMBs suffered a cyberattack last year, only
44% see security as a priority.
Website Security Threats: December 2013 Update
0%
5%
10%
15%
20%
25%
30% R&D27%
Senior12%
C-Level17%
Sales24%
Shared Mailbox
13%
Recruitment4% Media
3% PA1%
Attacks may start with the ultimate target, but often look opportunistically for any entry into a company
Assumption #2: Only CEOs and Senior Management are targeted
Website Security Threats: December 2013 Update
Every Organisation could be a target3 tips to bear in mind
Attacking weak passwords: A surprising number of servers and applications have default passwords or simple passwords.
Phishing key users: A now age-old trick that is becoming even more sophisticated as hackers pick up passwords and gain access by targeting key users.
Exploiting old and unpatched software: Unpatched systems are an easy target, especially given all the well-known and distributed exploits for old software.
Website Security Threats: December 2013 Update
1
2
3
Ransomware – Like a Business
Website Security Threats: December 2013 Update
• Anti-Fraud Service for Fraudsters• Multiple Pricing options
• “FBI" Ransomware – Now offers optional extras
– Authors resort to disturbing images in bid to make victims pay
• Cryptolocker– Continues to cause problems
– Roughly 25 per cent of computers are not running any real-time protection vs. malware
– Encrypts files with full PKI encryption and sets a deadline
– Offers a discount? 2 0.5 Bitcoins
Encrypting the world’s Web traffic• All Web traffic could be
encrypted under new HTTP standard proposals
• Yahoo Mail enabling SSL by default
• If you want to make sure you’re using an SSL connection whenever possible, also check out the Electronic Frontier Foundation’s HTTPS Everywhere browser plugin for Chrome and Firefox.
Website Security Threats: December 2013 Update
https://www.eff.org/https-everywhere
Attack, Attack, Attack • Google Dork: 35,000 websites using a type of
proprietary internet message board software that were vulnerable to a flaw that allowed hackers to create new admin account.
• Anonymous claimed to have hacked UK Parliament’s Wi-Fi during Million Mask march in London
Website Security Threats: December 2013 Update
Good News
• It can happen to the best of us…–Chief Wiggum not such
a distant reality• No Beard? No worries!
–Red-haired women tend to choose the best passwords and men with bushy beards or unkempt hair, the worst
Website Security Threats: December 2013 Update
Link Glossary (Press Print screen now)
• EFF Always on SSL App– https://www.eff.org/https-everywhere
• Infographic for 2014 predictions– http://www.symantec.com/connect/blogs/2014-predictions-symantec-0
• Register Article on Anonymous parliament– http://www.theregister.co.uk/2013/11/12/anonymous_hacked_government_sites_usin
g_parliament_wifi/
• BBC The gentle art of cracking passwords– http://www.bbc.co.uk/news/technology-24519306
• Symantec WSS Resources– @nortonsecured
– www.facebook.com/websitesecuritysolutions
– www.symantec-wss.comWebsite Security Threats: December 2013 Update
Thank you!
Copyright © 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Andrew [email protected] / +44 7912 552 896Andrew [email protected] / +44 7703 468 966
Website Security Threats: December 2013 Update
Next webinar: Thursday 9th January 2014 9.30am UK / 10.30am CET
Top Related