internet security tHreAt rePOrt GOVernMent 2013

Recommendations

Info

p. 24 Symantec Corporation Internet Security Threat Report <strong>2013</strong> :: Volume 18 VULNERabILITIES, ExPLOITS, aNd TOOLkITS Introduction Recent research by the Ponemon Institute suggests that the cost of cybercrime rose by six percent in 2012 with a 42 percent increase in the number of cyberattacks. The cost is significant with businesses incurring an average cost of $591,780. 13 Given the increase availability of vulnerabilities and exploits it comes as no surprise that the cybercriminals have increased their ability to make a profit. Quite a few diverse skills are needed to find vulnerabilities, create ways to exploit them, and then run attacks using them. Fortunately for the cybercriminal, a black market exists where these skills can be purchased in the form of toolkits. Hackers find and exploit and or sell vulnerabilities. Toolkit authors find or buy exploit code and incorporate it into their “products.” Cybercriminals in turn buy or steal the latest versions of toolkits which allow them to run massive attacks without the trouble of learning the skills needed to run the whole operation. data browser Vulnerabilities 2010 – 2012 Source: Symantec 50% 45 40 35 30 25 20 15 10 5 2010 Apple Safari Google Chrome Mozilla Firefox Microsoft Internet Explorer Opera 2011 2012 at a glance • Usage of zero-day vulnerabilities is up, from 8 to 14 in 2012. • There is an increasingly sophisticated black market serving a multi-billion dollar online crime industry. • These vulnerabilities are later commercialized and added to Web-attack toolkits, usually after they become published publicly. • In 2012, drive-by Web attacks increased by one third, possibly driven by malvertising. • Around 600,000 Macs were infected with Flashback malware this year. • The Sakura toolkit, which had little impact in 2011, now accounts for approximately 22 percent of Web-based toolkit attacks, overtaking Blackhole during some points of the year. Plug-in Vulnerabilities 2010 – 2012 Source: Symantec 50% 45 40 35 30 25 20 15 10 5 2010 Adobe Flash Player Oracle Sun Java Adobe Acrobat Reader Apple QuickTime 2011 2012
p. 25 Symantec Corporation Internet Security Threat Report <strong>2013</strong> :: Volume 18 VULNERabILITIES, ExPLOITS, aNd TOOLkITS Total Vulnerabilities Source: Symantec 600 500 400 300 200 100 0 Zero-day Vulnerabilities Source: Symantec 3 2 1 JAN JAN FEB FEB MAR MAR APR APR MAY MAY JUN JUN JUL JUL AUG AUG SEP SEP OCT OCT NOV NOV DEC DEC • There were 5,291 vulnerabilities reported in 2012, compared with 4,989 in 2011. • Reported vulnerabilities per month in 2012 fluctuated roughly between 300 and 500 per month. • In 2012, there were 85 public SCADA (Supervisory Control and Data Acquisition) vulnerabilities, a massive decrease over the 129 vulnerabilities in 2011. • There were 415 mobile vulnerabilities identified in 2012, compared with 315 in 2011. • A zero-day vulnerability is one that is reported to have been exploited in the wild before the vulnerability is public knowledge and prior to a patch being publicly available. • There were 14 zero-day vulnerabilities reported in 2012. • There were up to 3 zero-day vulnerabilities reported each month.
Page 1 and 2: internet security tHreAt rePOrt GOV
Page 3 and 4: p. 3 Symantec Corporation Internet
Page 23: p. 23 Symantec Corporation Internet
Page 57 and 58: internet security tHreAt rePOrt APP
Page 75 and 76:
p. 75 Symantec Corporation Internet
Page 77 and 78:
Page 79 and 80:
Page 81 and 82:
Page 83 and 84:
Page 85 and 86:
Page 87 and 88:
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
p. 101 Symantec Corporation Interne
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Page 137 and 138:
Page 139 and 140:
Page 141 and 142:
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
Page 159 and 160:
show all

internet security tHreAt rePOrt GOVernMent 2013

Create successful ePaper yourself

Delete template?

Save as template?