Symantec Government Internet Security Threat Report Trends for July December 07. Volume XIII, Published April 2008

Size: px
Start display at page:

Download "Symantec Government Internet Security Threat Report Trends for July December 07. Volume XIII, Published April 2008"

Transcription

1 Symantec enterprise security Symantec Government Internet Security Threat Report Trends for July December 07 Volume XIII, Published April 2008

2 Dean Turner Executive Editor Director, Global Intelligence Network Symantec Security Response Marc Fossi Manager, Development Symantec Security Response Eric Johnson Editor Symantec Security Response Trevor Mack Associate Editor Symantec Security Response Joseph Blackbird Threat Analyst Symantec Security Response Stephen Entwisle Threat Analyst Symantec Security Response Mo King Low Threat Analyst Symantec Security Response David McKinney Threat Analyst Symantec Security Response Candid Wueest Analyst Symantec Security Response

3 Volume XIII, Published April 2008 Symantec Government Internet Security Threat Report Contents Overview...4 Highlights...6 Attack Trends Malicious Code Trends Phishing Trends Spam Trends Appendix A Symantec Best Practices Appendix B Attack Trends Methodology Appendix C Malicious Code Trends Methodology Appendix D Phishing and Spam Trends Methodology... 69

4 Overview The Symantec Government Internet Security Threat Report provides a six-month summary and analysis of trends in attacks, vulnerabilities, malicious code, phishing, and spam as they pertain to organizations in government and critical infrastructure sectors. Where possible, it will also include an overview of legislative efforts to combat these activities. Over the past several reporting periods, Symantec has observed a shift in the threat landscape in which attackers have increasingly moved away from nuisance and destructive attacks towards targets and methods that are driven by financial motives. Today s attackers are increasingly sophisticated, determined, and organized, and have begun to adopt methods that are similar to traditional software development and business practices. The previous volume of the Symantec Internet Security Threat Report observed that global, decentralized networks of malicious activity were continuing to rise and that, increasingly, regional threat patterns were beginning to emerge. Today, the threat landscape is arguably more dynamic than ever. As security measures are developed and implemented to protect the data of end users and organizations, attackers are rapidly adapting new techniques and strategies to circumvent them. As a result, the identification, analysis, and trending of these techniques and strategies must also evolve. The Government Internet Security Threat Report will provide an analysis of attack activity that Symantec observed between July 1 and December 31, 2007 that targets or affects services, organizations, and/or industries of concern to government organizations around the world. For the purposes of this discussion, these government organizations include national, state/provincial, and municipal governments. Furthermore, this discussion will incorporate data and discussion that is relevant to threat activity that affects critical infrastructure industries that support or affect government and military institutions, which include: Aerospace Agriculture Biotech/pharmaceutical Financial services Health care Internet service providers Manufacturing Telecommunications Transportation Utilities and energy 4

5 Symantec has established some of the most comprehensive sources of Internet threat data in the world. The Symantec Global Intelligence Network encompasses worldwide security intelligence data gathered from a wide range of sources, including more than 40,000 sensors monitoring networks in over 180 countries through Symantec products and services such as Symantec DeepSight Threat Management System and Symantec Managed Security Services, and from other third-party sources. Symantec gathers malicious code reports from over 120 million client, server, and gateway systems that have deployed its antivirus product, and also maintains one of the world s most comprehensive vulnerability databases, currently consisting of over 25,000 recorded vulnerabilities (spanning more than two decades) affecting more than 55,000 technologies from over 8,000 vendors. Symantec also operates the BugTraq mailing list, one of the most popular forums for the disclosure and discussion of vulnerabilities on the Internet, which has approximately 50,000 direct subscribers who contribute, receive, and discuss vulnerability research on a daily basis. As well, the Symantec Probe Network, a system of over two million decoy accounts in more than 30 countries, attracts from around the world to gauge global spam and phishing activity. Symantec also gathers phishing information through the Symantec Phish Report Network, an extensive antifraud community of enterprises and consumers whose members contribute and receive fraudulent Web site addresses for alerting and filtering across a broad range of solutions. These resources give Symantec s analysts unparalleled sources of data with which to identify, analyze, and provide informed commentary on emerging trends in attacks, malicious code activity, phishing, and spam. The Symantec Government Internet Security Threat Report gives government organizations essential information to effectively secure their systems now and into the future. 5

6 Highlights This section provides highlights of the security trends that Symantec observed during this period based on the data gathered from the sources listed above. Selected metrics will be discussed in greater depth in their respective sections following these highlights. Attack Trends Highlights During this reporting period, the United States accounted for 31 percent of all malicious activity, an increase from 30 percent in the first half of The United States was the top country of attack origin in the second half of 2007, accounting for 24 percent of worldwide activity, a decrease from 25 percent in the first half of Peru was the country with the highest rate of malicious activity per broadband subscriber in the second half of 2007, accounting for nine percent of the total. Telecommunications was the top critical infrastructure sector for malicious activity in the last half of 2007, accounting for 95 percent of the total. This was an increase from 90 percent in the first half of The education sector accounted for 24 percent of data breaches that could lead to identity theft during this period, more than any other sector. This was a decrease from the previous reporting period, when it accounted for 30 percent of the total. Government was the top sector for identities exposed, accounting for 60 percent of the total, a significant increase from 12 percent in the first half of Theft or loss of computer or other data-storage medium was the cause of the most data breaches that could lead to identity theft during this reporting period, accounting for 57 percent of the total. It accounted for 61 percent of the identities exposed in the second half of 2007, more than any other sector. The United States was the top country for hosting underground economy servers, accounting for 58 percent of the total identified by Symantec, a decrease from the first half of 2007, when it accounted for 64 percent of the total. Bank accounts were the most commonly advertised item for sale on underground economy servers known to Symantec, accounting for 22 percent of all items, an increase from the first half of 2007, when they made up 21 percent. Symantec observed an average of 61,940 active bot-infected computers per day in the second half of 2007, an increase of 17 percent from the previous period. The average lifespan of a bot-infected computer during the last six months of 2007 was four days, unchanged from the first half of The United States had the most bot-infected computers, accounting for 14 percent of the worldwide total, a slight increase from 13 percent in first half of

7 Madrid was the city with the most bot-infected computers, accounting for three percent of the worldwide total. In the last six months of 2007, Symantec identified 4,091 bot command-and-control servers. This is an 11 percent decrease from the previous reporting period, when 4,622 bot command-and-control servers were identified. Of these, 45 percent were located in the United States, more than any other country. The United States was the country most frequently targeted by denial-of-service attacks, accounting for 56 percent of the worldwide total. This is a decrease from 61 percent reported in the first half of The top country of origin for attacks targeting the government sector was the United States, which accounted for 21 percent of the total. This was an increase from the first half of 2007 when the United States accounted for 19 percent of the total. Denial-of-service attacks were the most common attack type targeting government and critical infrastructure organizations, accounting for 46 percent of the top 10 attacks. This is a decrease from the first half of 2007, when denial-of-service attacks accounted for 35 percent of the top 10 and ranked second. Malicious Code Trends Highlights In the second half of 2007, 499,811 new malicious code threats were reported to Symantec, a 136 percent increase over the first half of Of the top 10 new malicious code families detected in the last six months of 2007, five were Trojans, two were worms, two were worms with a back door component, and one was a worm with a virus component. During the second half of 2007, Trojans made up 71 percent of the volume of the top 50 malicious code samples, a decrease from 73 percent in the first six months of Forty-three percent of worms originated in the Europe, Middle East, and Africa (EMEA) region. North America accounted for 46 percent of Trojans for this period. Threats to confidential information made up 68 percent of the volume of the top 50 potential malicious code infections reported to Symantec. Of all confidential information threats detected this period, 76 percent had a keystroke logging component and 86 percent had remote access capabilities, a decrease for each from 88 percent in the previous period. Forty percent of malicious code that propagated did so through executable file sharing, a significant increase from 14 percent in the first half of 2007, making this the most commonly used propagation mechanism during this period. Seven percent of the volume of the top 50 malicious code samples modified Web pages this period, up from three percent in the previous period. 7

8 During the second half of 2007, 10 percent of the 1,032 documented malicious code samples exploited vulnerabilities. This is lower than the 18 percent proportion of the 1,509 malicious code instances documented in the first half of Seven of the top 10 staged downloaders this period were Trojans, two were worms, and one was a worm with a viral infection component. Of the top 10 downloaded components for this period, eight were Trojans and two were back doors. Malicious code that targets online games made up eight percent of the volume of the top 50 potential malicious code infections, up from five percent in the previous period. Phishing Trends Highlights The Symantec Probe Network detected a total of 207,547 unique phishing messages, a five percent increase over the first six months of This equates to an average of 1,134 unique phishing messages per day for the second half of Eighty percent of all unique brands used in phishing attacks were in the financial sector, compared to 79 percent in the previous period. One percent of phishing attacks spoofed the government sector this period. During this period, 66 percent of all phishing Web sites spoofed financial services brands, down from 72 percent in the first half of In the second half of 2007, 66 percent of all phishing Web sites identified by Symantec were located in the United States. Two social networking sites together were the target of 91 percent of phishing attacks for Web sites hosted in the United States. The most common top-level domain used in phishing Web sites for this period was.com, accounting for 44 percent; the second most common top-level domain used by phishing Web sites was.cn, accounting for 23 percent. The most common government top-level domain used in phishing Web sites for this period was gov.br, which was used by Web sites that are registered to the government of Brazil, with 19 percent of the total. Symantec observed 87,963 phishing hosts worldwide this period, an increase of 167 percent from the 32,939 observed in the first half of the year. Sixty-three percent of all phishing hosts identified were in the United States, a much higher proportion than any other country. Three phishing toolkits were responsible for 26 percent of all phishing attacks observed by Symantec in the second half of

9 Spam Highlights Between July 1 and December 31, 2007, spam made up 71 percent of all traffic monitored at the gateway, a 16 percent increase over the first six months of 2007, when 61 percent of was classified as spam. Eighty percent of all spam detected during this period was composed in English, up from 60 percent in the previous reporting period. In the second half of 2007, 0.16 percent of all spam contained malicious code, compared to 0.43 percent of spam that contained malicious code in the first half of This means that one out of every 617 spam messages blocked by Symantec Brightmail AntiSpam contained malicious code. Spam related to commercial products made up 27 percent of all spam during this period, the most of any category and an increase from 22 percent in the previous period. During the last six months of 2007, 42 percent of all spam detected worldwide originated in the United States, compared to 50 percent in the previous period. The United States hosted the most spam zombies of any country, with 10 percent of the worldwide total, representing no change from the first six months of In the second half of 2007, the daily average percentage of spam that was image spam was seven percent. This is down from a daily average of 27 percent during the first six months of

10 Attack Trends This section of the Government Internet Security Threat Report will provide an analysis of attack activity, data breaches that could lead to identity theft, and the advertisement and trade of stolen information and services on underground economy servers that Symantec observed between July 1 and December 31, The malicious activity discussed in this section includes not only attack activity, but also phishing Web site hosts, malicious code, spam zombies, and command-and-control server activity. Attacks are defined as any malicious activity carried out over a network that has been detected by an intrusion detection system (IDS) or firewall. Definitions for the other types of malicious activity can be found in their respective sections of this report. This section will discuss the following metrics in greater depth, providing analysis and discussion of the trends indicated by the data: Malicious activity by country Malicious activity by country per broadband subscriber Malicious activity by critical infrastructure sectors Top countries of origin for government-targeted attacks Attacks by type notable critical infrastructure sectors Data breaches that could lead to identity theft Underground economy servers Bot-infected computers Bot command-and-control servers Attacks protection and mitigation Malicious activity by country This metric will assess the countries in which the largest amount of malicious activity takes place or originates. To determine this, Symantec has compiled geographic data on numerous malicious activities, namely: bot-infected computers, bot command-and-control servers, phishing Web site hosts, malicious code reports, spam zombies, and Internet attack origins. The rankings are determined by calculating the mean average of the proportion of these malicious activities that originated in each country. Between July 1 and December 31, 2007, the United States was the top country for malicious activity, making up 31 percent of worldwide malicious activity (table 1). This represents a small change from the first half of 2007, when the United States was also first, with 30 percent. For each of the malicious activities in this metric, the United States ranked first by a large margin. 10

11 Current Rank Previous Rank Country United States China Germany United Kingdom Spain France Canada Italy Brazil South Korea Table 1. Malicious activity by country Source: TableXX_MalicousCountry_v4.eps Symantec Corporation Current Percentage 31% 7% 7% 4% 4% 4% 3% 3% 3% 2% Previous Percentage 30% 10% 7% 4% 3% 4% 4% 3% 2% 3% Bot Rank Commandand-Control Server Rank Phishing Web Sites Host Rank Malicious Code Rank Spam Zombies Rank Attack Origin Rank Malicious activity usually affects computers that are connected to high-speed broadband Internet. Broadband connections provide larger bandwidth capacities than other connection types, and the connections are frequently continuous. The United States has the most established broadband infrastructure in the world: 94 percent of U.S. households have access to broadband connectivity. Furthermore, the 65.5 million broadband subscribers there represent over 20 percent of the world s total, the most of any country. As a result, it is not surprising that the U.S. is the site of the most malicious activity in the world. 1 China had the second highest amount of worldwide malicious activity during the last six months of 2007, accounting for seven percent, a decrease from 10 percent in the previous reporting period. China ranked high in most of the contributing criteria, which is not surprising since China has the second highest number of broadband subscribers in the world, with 19 percent of the worldwide broadband total. 2 The main reason for China s percentage decrease was the large drop in bot-infected computers there in the second half of China dropped to third for bot-infected computers in the second half of 2007, with eight percent, a large decrease from the first half of 2007, when it had 29 percent and ranked first. This decrease is attributable to a significant reduction in the availability of many Web sites, forums, and blogs in China for several months during this period. 3 Dynamic sites such as forums and blogs are prime targets for attackers using bots to propagate and host malicious content. Symantec believes that, because of their scalability, bots are responsible for much of the malicious attack activity that is observed, and any serious reduction in the number of bots should result in a corresponding drop in total attack activity. This is also supported by the decrease in China of spam zombies, which are often associated with bot-infected computers. China dropped from third in spam zombies in the first half of 2007, with nine percent of the worldwide total, to fourth and six percent in the second half of

12 Another possible reason for the change in malicious activity originating in China this period was that China ranked second for hosting phishing Web sites, accounting for four percent of the worldwide total. This was a large increase from the previous reporting period, when it ranked eighteenth with one percent of the total. One possible cause for the increase may be the recent rise in phishing scams and fraudulent Web sites attempting to exploit the popularity of the upcoming 2008 Beijing Olympics. 4 Such activities will likely continue in the lead-up to the August 8, 2008 Olympics start date. Furthermore, the increase may have been influenced by the shutdown of the Russian Business Network (RBN) in November 2007 and its subsequent emergence in China, which may have a less well-established security infrastructure or security laws than Russia. 5 Russia dropped in rank for hosting phishing Web sites, from fifth in the previous period to eighth in this period. The RBN reputedly specializes in the distribution of malicious code, hosting malicious Web sites, and other malicious activities, including the development and sale of the MPack toolkit. The RBN has been credited for creating approximately half of the phishing incidents that occurred worldwide last year, and hosts Web sites that are responsible for a large amount of the world s Internet crime. 6 In the last six months of 2007, Germany again ranked third, with seven percent of all Internet-wide malicious activity, the same percentage as in the first half of As with the previous reporting period, Germany ranked high in spam zombies, command-and-control servers, hosting phishing Web sites, and bot-infected computers. Factors that influence its high rank include a well-established Internet infrastructure and a high number of broadband subscribers, as Germany ranks in the top five countries for broadband subscribers in the world, with six percent of the total. 7 It is reasonable to expect that the United States, Germany, and China will continue to rank as the top three countries for the highest amount of malicious activity since they also added the greatest number of broadband subscribers over the course of 2007: the United States added 4.2 million broadband subscribers, China added 6.8 million, and Germany added 2.4 million. 8 On a global scale, the distribution of malicious activity seems to be relatively static, with the countries listed in the top 20 remaining unchanged from the first half of This follows a trend first noted in the Symantec Internet Security Threat Report Volume XII that a country that is established as a frequent source of malicious activity tends to remain so. 9 This is likely to remain the case until more effective measures such as increased filtering for malicious activity, securely-coded applications, and more education for end users are taken to reduce the amount of originating malicious activity. Also, increased cooperation between government agencies, private sector ISPs and vendors, and law enforcement may help reduce the amount of malicious activity in countries and 5 and : p. 31

13 Having a higher proportion of malicious activity indicates that each computer in the country is more likely to be involved with some form of attack activity. Symantec has observed previously that computers often target computers within their own region or country. 10 As a result, countries with higher proportions of malicious activity are more likely to suffer the effects of such malicious activity. This includes computers in the government sector, as well as other sectors that make up critical infrastructure. Furthermore, as discussed in the Underground economy servers metric, Symantec has observed that attackers may be more motivated by profit from their activities. Many malicious activities reported in this metric can be made profitable using the sensitive personal, financial, and proprietary information often gained from these attacks. As a result, attacks and malicious activity are likely to remain prominent within a country as long as they remain profitable. Malicious activity by country per broadband subscriber In addition to assessing the top countries by malicious activity, Symantec also evaluates malicious activity in the top 25 countries according to the number of broadband subscribers located there. Symantec has observed that malicious activity most often affects computers with high-speed broadband Internet connections through large ISPs, and that malicious activity often increases in correlation with the expansion of broadband infrastructure. Rapidly expanding ISPs may often focus their resources on meeting growing broadband demand at the expense of implementing adequate security measures, such as port blocking and ingress and egress filtering, 11 resulting in security infrastructures and practices that are insufficient for their needs. Also, new broadband subscribers may not be aware of the security measures necessary to protect themselves from attacks. Measurement of this metric has changed from previous reports, when Symantec assessed malicious activity by country per Internet user. This is in order to provide a more precise look into malicious activity because it is more likely that broadband subscribers are the major contributors to malicious activity. To determine the top countries by malicious activity, Symantec divided the amount of malicious activity originating in each of the top 25 countries by the number of broadband subscribers located in that country. The percentage assigned to each country in this discussion thus represents the percentage of malicious activity that could be attributed to broadband subscribers in that country. This is intended to remove the inherent bias towards countries with high numbers of broadband subscribers from the consideration of the Malicious activity by country metric. During the last six months of 2007, Peru had the most malicious activity per broadband subscriber, with nine percent (table 2). In other words, for attacks occurring in the top 25 countries averaged out by broadband subscriber per country, there is a nine percent probability that the attack came from a broadband subscriber in Peru. Peru did not rank in the top 25 countries for malicious activity in the first half of 2007 and, thus, was not ranked in the previous period for malicious activity by country per broadband subscriber. 10 : p ingress traffic refers to traffic that is coming into a network from the Internet or another network. Egress traffic refers to traffic that is leaving a network, bound for the Internet or another network. 13

14 Current Rank Previous Rank Country/Region Current Percentage Previous Percentage N/A N/A 7 14 Peru United States Poland Argentina Israel India Taiwan Chile Canada Sweden 9% 7% 6% 6% 6% 5% 5% 5% 5% 4% N/A 6% 7% 6% 8% 7% 5% N/A 5% 3% Table 2. Malicious activity by country per broadband subscriber Source: Symantec Corporation TableXX_MalActBBUser_v3.eps Peru ranked high in bot-infected computers, spam zombies, and command-and-control servers, all of which are often associated with bot networks (botnets). In fact, the number of bot-infected computers in Peru increased by 261 percent from the first half of Also, ISPs in Peru may not be adequately performing ingress and egress filtering on their network traffic, nor implementing security controls that would inhibit this type of activity. Peru s major ISP, Telefónica del Peru, dominates with 99 percent of broadband subscribers in the country. 12 Its parent company, Telefónica, is headquartered in Spain and ranked third for malicious activity identified on computers registered to ISPs in the second half of Most Internet users in Peru do not own their own computer, with 80 percent using cabinas públicas, public Internet booths located in virtually every city and small town in the country, most of which have broadband connections. 13 Security programs on these public computers, such as antivirus software, may not be adequately maintained, especially since maintenance could make them inaccessible to potential customers, resulting in a loss of profit. As such, these computers may be more vulnerable to malicious activity. Also, since the computers are frequently shared by large numbers of people for a wide variety of purposes such as , banking, and gaming criminals wanting to gain access to customers personal information may take advantage of these high traffic areas to compromise the computers and track customers activities by installing malicious code, such as keystroke loggers. It is also possible that users may not be taking sufficient precautions such as not opening attachments or not visiting insecure Web sites when they are on shared public computers. The United States ranked second in malicious activity per broadband subscriber, accounting for seven percent of the worldwide total. In the first half of 2007, the United States ranked fifth in this category, with six percent. Although its rise to second from fifth can be attributed to the change in ranking of other countries in this metric, factors that may contribute to its high rank include that the United States had the fourth highest number of hours spent online per unique Internet user, 14 and that broadband penetration increased to 86 percent among active Internet users in the second half of

15 Poland ranked third for this period, accounting for six percent of malicious activity per broadband subscriber. It also ranked third in the first half of the year, with seven percent. The prominence of Poland in this metric is due to its high ranking in the number of bot-infected computers, which increased 91 percent in Poland from the first half of One reason for Poland s position may be the recent rapid growth in broadband connectivity. Poland experienced a large increase in broadband subscribers in 2006, a growth of 56 percent from the previous year, 16 as well as a rapid growth in the number of broadband lines. 17 As noted, the rapid growth of broadband availability in a country often comes at a cost to security measures if companies become more focused on obtaining clients than on securing their networks. 18 Another reason may be the Internet landscape in Poland. For one thing, the former state monopoly carrier, Telekomunikacja Polska S.A. (TP SA), is the major ISP in Poland with a 61 percent share of broadband subscribers. 19 In the second half of 2007, it ranked sixth for malicious activity identified on ISPs globally. Along with its growth in broadband infrastructure, Poland also introduced measures to stimulate competition, 20 including the removal of international trade restrictions and local loop unbundling of the telecommunications sector. 21 To compete with TP SA, smaller ISPs have offered special deals at lower prices to increase their market share. One of Poland s alternative operators, Netia, recently offered 1 PLN (approx. $0.40 USD) subscription packages, which facilitated Netia s 28 percent broadband subscriber growth from the first half of Another carrier, Tele2, offered free Internet connectivity for 15 months with the signing of a three-year contract. 23 These smaller ISPs may be more focused on increasing their market share and maximizing profits, by promoting cheap high-speed connections, than on maintaining security measures more commonly seen with other major ISPs, such as network traffic filtering. As well, customers may not be inclined to purchase extra services that include premium computer security when subscribing to a relatively inexpensive product. Malicious activity by critical infrastructure sectors This metric will evaluate the amount of malicious activity originating from computers and networks that are known to belong to government and critical infrastructure sectors. Symantec cross-references the IP addresses of known malicious computers with Standard Industrial Classification (SIC) codes 24 assigned to each industry and provided by a third-party service. 25 Symantec has compiled data on numerous malicious activities that were detected originating from the IP address space of these organizations. These activities include: bot-infected computers, hosting phishing Web sites, spam zombies, and attack origins. This metric is significant because it indicates the level to which government and critical infrastructure organizations may have been compromised and are being used by attackers as launching pads for malicious activity. These attacks could potentially expose sensitive information, which could have serious ramifications for government and critical infrastructure organizations. Such information could be used for : p channelid=4&categoryid=29&country=poland 21 Local loop unbundling is the process of allowing multiple telecommunications operators the use of connections from the telephone exchange to the subscriber s premises (local loops). This process provides more equal competitive access to the local loops. For more information, see SIC codes are the standard industry codes that are used by the United States Securities and Exchange Commission to identify organizations belonging to each industry. For more, on this, please see

16 strategic purposes in the case of state- or group-sponsored attacks, especially since attackers who use compromised computers for malicious activity can mask their actual location. For instance, it was recently reported that each month approximately 500,000 attacks are attempted against Kazakhstan s state information networks. 26 In the last six months of 2007, 95 percent of all malicious activity originating from critical infrastructure sectors originated from telecommunications organizations (table 3). This was an increase from the first half of 2007 when telecommunications accounted for 90 percent of the total. For each of the malicious activities in this metric, telecommunications ranked first by a significant margin. Current Rank Previous Rank Sector Current Percentage Previous Percentage Telecommunications Manufacturing Financial services Health care Transportation Utilities/energy Military Agriculture Biotech/pharmaceutical Law enforcement 95% 2% 1% <1% <1% <1% <1% <1% <1% <1% 90% 7% 1% 1% <1% <1% <1% <1% <1% <1% Table 3. Malicious activity by critical infrastructure sector Source: Symantec Corporation Table03_GovMaliciousCIS_v1.eps There are several reasons why attackers may target computers in the telecommunications sector. These organizations, which include ISPs and Web hosting companies, are likely to have a large number of Internet-facing computers. For example, call centers often use a large number of computers to interact with customers; the challenges of managing such computers may contribute to the extremely high proportion of malicious activity originating from this sector. As a consequence, computers in telecommunications organizations likely represent fertile targets for attackers. Attackers may also view telecommunications organizations as excellent platforms for launching subsequent attacks, as organizations within this sector are likely to have high-bandwidth and hightraffic networks. This would enable an attacker to carry out large attacks, such as denial-of-service (DoS) attacks, or other malicious activity, such as spam hosting. This is illustrated by the high percentage of spam zombies found in the telecommunications sector. High-bandwidth capacity networks may also allow an attacker to hide attack and bot traffic more effectively. During the current reporting period, 94 percent of attacks and 96 percent of bot-infected computers were situated on the networks of telecommunications organizations. Also, Symantec observed that 73 percent of attacks against the telecommunications sector were shellcode exploits, 27 which may indicate that attackers are attempting to take control of computers in this sector and use them to conduct malicious activity Shellcode is a small piece of code used as the payload in the exploitation of a vulnerability.

17 Since telecommunications organizations typically control the flow of data through networks, attackers may compromise strategically located computers inside organizations within the industry. This is important as government organizations, such as the military, are reliant on the telecommunications sector for their day-to-day communications and command-and-control systems. Computers within telecommunications organizations may effectively serve as platforms from which to launch attacks against organizations served by telecommunications firms because they provide communications for other sectors as well, including government. As such, attackers who are seeking confidential or sensitive information may specifically target this sector. Successful compromise of computers in the telecommunications sector could allow an attacker to eavesdrop on or disrupt key communications in other sectors. Finally, attackers using compromised computers within telecommunications organizations could deny access to confidential communications by authorized personnel, allowing the attacker to impose his or her own command, control, and communication processes on the compromised systems. This could result in the loss of situational awareness. Were such an attack to be state- or group-sponsored, access to critical infrastructures could be used to disable key services as a prelude to a larger event or attack. The manufacturing sector was the origin of the second highest amount of malicious activity during the last half of 2007, accounting for two percent of the total. This was a decrease from the first half of 2007, when it accounted for seven percent of the total. The manufacturing sector is highly competitive, with organizations investing large amounts of time and money into research and development into new methods and products, as well as using the Internet to sell their products online. The importance of implementing effective security measures to prevent industrial espionage and data leakage has become a major issue with many organizations in this sector as these issues can result in the loss of intellectual property, resulting in financial loss. The main reason for the drop in percentage was the large decrease in phishing Web sites hosted, from 22 percent in the first half of 2007 to four percent in this reporting period. This decrease is due to the proportional increase in phishing Web sites hosts in the telecommunications sector, which rose from 77 percent in the first half of 2007 to 90 percent in the second half of Because attackers can more easily hide their traffic in larger bandwidths, they may be targeting the higher number of servers in the telecommunications sector. The financial services sector ranked third for malicious activity within critical infrastructure sectors, accounting for one percent of the total detected during this period. Financial services also ranked third in the first half of 2007, also with one percent of malicious activity. Computers in the financial services sector may represent a lucrative opportunity for attackers with profit motives. This sector increased in phishing Web sites hosts from one percent in the first half of 2007 to three percent in the second half of Attackers are likely using financial services servers to host phishing Web sites because this adds legitimacy to their phishing sites and can more easily fool consumers. 17

18 Top countries of origin for government-targeted attacks Attacks targeting governments are largely driven by criminal intent and political motivation. Governments store considerable amounts of personal identification data that could be used for fraudulent purposes, such as identity theft, which could be exploited for profit (as discussed in Data breaches that could lead to identity theft section, in this report). Government databases also store sensitive information that could facilitate politically motivated attacks, including critical infrastructure information, sensitive but unclassified information, or other intelligence. Attacks targeting government organizations may serve as a means of expressing disagreement with policies and programs that the government has developed and implemented. These attacks may result in the disruption of critical services, as with DoS attacks, or the exposure of highly sensitive information. An attack that disrupts the availability of a high-profile government organization Web site, such as the DoS attacks on Estonia in 2007, 28 will get much wider notice than one that takes a single user offline. In addition, attacks may also be motivated by espionage and attempts to steal government classified information. In the second half of 2007, the top country of origin for attacks that targeted the government sector was the United States, which accounted for 21 percent of the total (table 4), an increase from 19 percent in the first half of The percentage of attacks against government organizations that originated in the United States was lower than the number of Internet-wide attacks originating there, which accounted for 24 percent of the total in the last half of This may indicate that attacks originating from within the United States were not specifically targeting the government sector. Current Rank Previous Rank Country/Region Current Percentage Previous Percentage United States Spain China South Korea France Germany Italy United Kingdom Canada Taiwan 21% 11% 8% 7% 7% 7% 6% 4% 4% 3% 19% 14% 6% 2% 10% 9% 7% 4% 3% 2% Table 4. Top countries/regions of origin for government-targeted attacks Source: Symantec Corporation Table04_GovAttackOrigin_v1.eps

19 Spain accounted for 11 percent of attacks targeting government in the last half of 2007, a decrease from 14 percent in the first half of This percentage was five points higher than the percentage of worldwide attacks originating there. This indicates that a large number of attacks originating in Spain are targeting the government sector. There are a number of factors that likely contribute to this. Spain ranked high in bot-infected computers and originating attacks worldwide, which may indicate politically motivated attacks against government organizations. Such attacks are likely to be carried out for a variety of reasons, including blocking access to government Internet-based resources, gaining access to potentially sensitive information, and discrediting the government itself. In the case of Spain, the current political climate there may contribute to the high number of attacks targeting the government. Spain is conducting general elections in March 2008, and there have been protests against the current government, which is seeking re-election. The protests have been from groups who are in favor of traditional family views and are against controversial legislation introduced by the current government. 29 Many young voters are also dissatisfied with low wages and job opportunities available in the country. 30 Also, ongoing government negotiations with the Basque separatist organization, Euskadi Ta Askatasuna (ETA), have met with widespread opposition among the population in Spain, who accuse the government of easing up on ETA. 31 Supporters of ETA have held demonstrations protesting judicial orders to dissolve a Basque-affiliated political wing as well as the government s ban of Basque political parties from the federal government. 32 These political issues may contribute to the motivation of attackers targeting Spanish government organizations. China accounted for eight percent of attacks targeting government organizations, which is two percent less than the ten percent of worldwide attacks that originate there. The small difference indicates that attacks originating from China are not specifically targeting government organizations in China, but are part of worldwide attacks in general. China s increase in rank to third for this period from sixth in the previous period may be attributable to attacks originating in China that were reputed to be specifically targeting foreign governments, including the United States, the United Kingdom, Germany and France. Chinese hackers are suspected of compromising the servers of high-security government networks, such as the Pentagon in the United States, the office of the Chancellor of Germany, and French government systems. 33,34,35,

20 Attacks by type notable critical infrastructure sectors This section of the Government Internet Security Threat Report will focus on the types of attacks detected Government Fig1_v by sensors deployed in notable critical infrastructure sectors. The ability to identify attacks by type assists security administrators in evaluating which assets may be targeted. In doing so, this may assist security administrators in securing those assets receiving a disproportionate number of attacks. The following sectors will be discussed in detail: Government and critical infrastructure organizations Government Biotech/pharmaceutical Health care Financial services Transportation Government and critical infrastructure organizations Government and critical infrastructure organizations are the target of a wide variety of attack types. The most common attack type seen by all sensors in the government and critical infrastructure sectors in the last six months of 2007 was DoS attacks, which accounted for 46 percent of the top 10 attacks (figure 1). SMTP ( ) 38% Backscatter 12% Shellcode/exploit 5% DoS 46% Figure 1. Top attack types, government and critical infrastructure 37 Source: Symantec Corporation Due to rounding, percentages may not add up to 100 percent.

Symantec Global Internet Security Threat Report Trends for July December 07. Volume XIII, Published April 2008

Symantec Global Internet Security Threat Report Trends for July December 07. Volume XIII, Published April 2008 Symantec enterprise security Symantec Global Internet Security Threat Report Trends for July December 07 Volume XIII, Published April 2008 Dean Turner Executive Editor Director, Global Intelligence Network

More information

Symantec enterprise security. Symantec Internet Security Threat Report April 2009. An important note about these statistics.

Symantec enterprise security. Symantec Internet Security Threat Report April 2009. An important note about these statistics. Symantec enterprise security Symantec Internet Security Threat Report April 00 Regional Data Sheet Latin America An important note about these statistics The statistics discussed in this document are based

More information

Internet Security Threat Report Volume XII. B-Security(1)

Internet Security Threat Report Volume XII. B-Security(1) Internet Security Threat Report Volume XII B-Security(1) Internet Security Threat Report XII Important Facts Data Sources Symantec Global Intelligence Network 40,000 registered sensors in 180 countries.

More information

ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS

ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS The Internet Threat Landscape Symantec TM Dean Turner Director Global Intelligence Network Symantec Security

More information

S y m a n t e c e n t e r p r i s e s e c u r i t y. Symantec Internet Security Threat Report Trends for July December 07.

S y m a n t e c e n t e r p r i s e s e c u r i t y. Symantec Internet Security Threat Report Trends for July December 07. S y m a n t e c e n t e r p r i s e s e c u r i t y Symantec Internet Security Threat Report Trends for July December 07 Volume XIII, Published April 2008 Executive Summary The Symantec Internet Security

More information

Quarterly Report: Symantec Intelligence Quarterly

Quarterly Report: Symantec Intelligence Quarterly Symantec Intelligence Quarterly: Best Practices and Methodologies Quarterly Report: Symantec Intelligence Quarterly Symantec Intelligence Quarterly: Best Practices and Methodologies Contents Symantec

More information

Symantec Global Internet Security Threat Report Trends for 2008. Volume XIV, Published April 2009

Symantec Global Internet Security Threat Report Trends for 2008. Volume XIV, Published April 2009 Symantec enterprise security Symantec Global Internet Security Threat Report Trends for 2008 Volume XIV, Published April 2009 Marc Fossi Executive Editor Manager, Development Security Technology and Response

More information

SYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report Trends for July December 06 Volume XI, Published March 2007

SYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report Trends for July December 06 Volume XI, Published March 2007 SYMANTEC ENTERPRISE SECURITY Symantec Internet Security Threat Report Trends for July December 06 Volume XI, Published March 2007 Dean Turner Executive Editor Symantec Security Response Stephen Entwisle

More information

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop

More information

2012 Bit9 Cyber Security Research Report

2012 Bit9 Cyber Security Research Report 2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by

More information

Symantec Intelligence Report: February 2013

Symantec Intelligence Report: February 2013 Symantec Intelligence Symantec Intelligence Report: February 2013 Welcome to the February edition of the Symantec Intelligence report, which provides the latest analysis of cyber security threats, trends,

More information

Phishing Activity Trends Report June, 2006

Phishing Activity Trends Report June, 2006 Phishing Activity Trends Report, 26 Phishing is a form of online identity theft that employs both social engineering and technical subterfuge to steal consumers' personal identity data and financial account

More information

Email Threat Trend Report Second Quarter 2007

Email Threat Trend Report Second Quarter 2007 Email Threat Trend Report Second Quarter 2007, Ltd. 2550 SW Grapevine Parkway, Suite 150 Grapevine, Texas 76051 Phone: (817) 601-3222 Fax: (817) 601-3223 http://www.altn.com/ 2007 Contents Emerging Email

More information

Symantec Internet Security Threat Report Trends for 2009

Symantec Internet Security Threat Report Trends for 2009 Symantec enterprise security Symantec Internet Security Threat Report Trends for 009 Volume XV, Published April 00 Executive Summary This summary will discuss current trends, impending threats, and the

More information

Microsoft Security Intelligence Report volume 7 (January through June 2009)

Microsoft Security Intelligence Report volume 7 (January through June 2009) Microsoft Security Intelligence Report volume 7 (January through June 2009) Key Findings Summary Volume 7 of the Microsoft Security Intelligence Report provides an in-depth perspective on malicious and

More information

Top tips for improved network security

Top tips for improved network security Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a

More information

Phishing Activity Trends

Phishing Activity Trends Phishing Activity Trends Report for the Month of, 27 Summarization of Report Findings The number of phishing reports received by the (APWG) came to 23,61 in, a drop of over 6, from January s previous record

More information

Email Security: A Holistic Approach for SMB. 041: Email Security. Insight White Paper

Email Security: A Holistic Approach for SMB. 041: Email Security. Insight White Paper Implementing the latest anti-virus software and security protection systems can prevent many internal and external threats. But these security solutions have to be updated regularly to keep up with new

More information

March 2010 Report #39

March 2010 Report #39 March 2010 Report #39 Scam and phishing messages in February accounted for 19 percent of all spam, which is 2 percentage points lower than in January, but nevertheless an elevated level. Spammers continued

More information

Software Engineering 4C03 SPAM

Software Engineering 4C03 SPAM Software Engineering 4C03 SPAM Introduction As the commercialization of the Internet continues, unsolicited bulk email has reached epidemic proportions as more and more marketers turn to bulk email as

More information

Security Business Review

Security Business Review Security Business Review Security Business Review Q4: 2014 2 By Bitdefender Labs Security Business Review Botnet Anonymization Raises New Security Concerns Executive Overview While botnets, which are large

More information

QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY

QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY EXPLOIT KITS UP 75 PERCENT The Infoblox DNS Threat Index, powered by IID, stood at 122 in the third quarter of 2015, with exploit kits up 75 percent

More information

The State of Spam A Monthly Report August 2008. Generated by Symantec Messaging and Web Security

The State of Spam A Monthly Report August 2008. Generated by Symantec Messaging and Web Security The State of Spam A Monthly Report August 2008 Generated by Symantec Messaging and Web Security Doug Bowers Executive Editor Antispam Engineering Dermot Harnett Editor Antispam Engineering Joseph Long

More information

Symantec Global Internet Security Threat Report Trends for 2009. Volume XV, Published April 2010

Symantec Global Internet Security Threat Report Trends for 2009. Volume XV, Published April 2010 Symantec enterprise security Symantec Global Internet Security Threat Report Trends for 2009 Volume XV, Published April 2010 Marc Fossi Executive Editor Manager, Development Security Technology and Response

More information

Protection for Mac and Linux computers: genuine need or nice to have?

Protection for Mac and Linux computers: genuine need or nice to have? Protection for Mac and Linux computers: genuine need or nice to have? The current risk to computers running non-windows platforms is small but growing. As Mac and Linux computers become more prevalent

More information

September 2009 Report #23. There was a 11 percent increase from the previous month in non-english phishing sites

September 2009 Report #23. There was a 11 percent increase from the previous month in non-english phishing sites September 2009 Report #23 The data in this report is aggregated from a combination of sources including Symantec s Phish Report Network (PRN), strategic partners, customers and security solutions. This

More information

Spyware: Securing gateway and endpoint against data theft

Spyware: Securing gateway and endpoint against data theft Spyware: Securing gateway and endpoint against data theft The explosion in spyware has presented businesses with increasing concerns about security issues, from data theft and network damage to reputation

More information

Global IT Security Risks: 2012

Global IT Security Risks: 2012 Global IT Security Risks: 2012 Kaspersky Lab is a leading developer of secure content and threat management solutions and was recently named a Leader in the Gartner Magic Quadrant for Endpoint Protection

More information

Ipswitch IMail Server with Integrated Technology

Ipswitch IMail Server with Integrated Technology Ipswitch IMail Server with Integrated Technology As spammers grow in their cleverness, their means of inundating your life with spam continues to grow very ingeniously. The majority of spam messages these

More information

Phishing Activity Trends Report for the Month of December, 2007

Phishing Activity Trends Report for the Month of December, 2007 Phishing Activity Trends Report for the Month of December, 2007 Summarization of December Report Findings The total number of unique phishing reports submitted to APWG in December 2007 was 25,683, a decrease

More information

OIG Fraud Alert Phishing

OIG Fraud Alert Phishing U.S. EQUAL EMPLOYMENT OPPORTUNITY COMMISSION Washington, D.C. 20507 Office of Inspector General Aletha L. Brown Inspector General July 22, 2005 OIG Fraud Alert Phishing What is Phishing? Phishing is a

More information

Managing IT Security with Penetration Testing

Managing IT Security with Penetration Testing Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to

More information

September 20, 2013 Senior IT Examiner Gene Lilienthal

September 20, 2013 Senior IT Examiner Gene Lilienthal Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank

More information

2009 Phishing Monthly Report, May. The State of Phishing A Monthly Report May 2009. Compiled by Symantec Security Response Anti-Fraud Team

2009 Phishing Monthly Report, May. The State of Phishing A Monthly Report May 2009. Compiled by Symantec Security Response Anti-Fraud Team The State of Phishing A Monthly Report May 2009 Compiled by Symantec Security Response Anti-Fraud Team Sainarayan Nambiar Principal Author Security Response Suyog Sainkar Principal Author Security Response

More information

Data Center security trends

Data Center security trends Data Center security trends Tomislav Tucibat Major accounts Manager, Adriatic Copyright Fortinet Inc. All rights reserved. IT Security evolution How did threat market change over the recent years? Problem:

More information

Unknown threats in Sweden. Study publication August 27, 2014

Unknown threats in Sweden. Study publication August 27, 2014 Unknown threats in Sweden Study publication August 27, 2014 Executive summary To many international organisations today, cyber attacks are no longer a matter of if but when. Recent cyber breaches at large

More information

The Impact of Cybercrime on Business

The Impact of Cybercrime on Business The Impact of Cybercrime on Business Studies of IT practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil Sponsored by Check Point Software Technologies Independently conducted

More information

INTERNET SECURITY THREAT REPORT

INTERNET SECURITY THREAT REPORT APRIL 2015 VOLUME 20 INTERNET SECURITY THREAT REPORT APPENDICES 2 2015 Internet Security Threat Report Appendices THREAT ACTIVITY TRENDS MALICIOUS CODE TRENDS SPAM & FRAUD ACTIVITY TRENDS VULNERABILITY

More information

December 2010 Report #48

December 2010 Report #48 December 2010 Report #48 With the holidays in full gear, Symantec observed an increase of 30 percent in the product spam category as spammers try to push Christmas gifts and other products. While the increase

More information

Phishing Activity Trends Report. 1 st Half 2009. Committed to Wiping Out Internet Scams and Fraud

Phishing Activity Trends Report. 1 st Half 2009. Committed to Wiping Out Internet Scams and Fraud 1 st Half 2009 Committed to Wiping Out Internet Scams and Fraud January June 2009 Phishing Report Scope The quarterly APWG analyzes phishing attacks reported to the APWG by its member companies, its Global

More information

Symantec Government Internet Security Threat Report Trends for 2009. Volume XV, Published April 2010

Symantec Government Internet Security Threat Report Trends for 2009. Volume XV, Published April 2010 Symantec enterprise security Symantec Government Internet Security Threat Report Trends for 2009 Volume XV, Published April 2010 Marc Fossi Executive Editor Manager, Development Security Technology and

More information

10 Things Every Web Application Firewall Should Provide Share this ebook

10 Things Every Web Application Firewall Should Provide Share this ebook The Future of Web Security 10 Things Every Web Application Firewall Should Provide Contents THE FUTURE OF WEB SECURITY EBOOK SECTION 1: The Future of Web Security SECTION 2: Why Traditional Network Security

More information

SYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report Trends for January 05 June 05 Volume VIII, Published September 2005

SYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report Trends for January 05 June 05 Volume VIII, Published September 2005 SYMANTEC ENTERPRISE SECURITY Symantec Internet Security Threat Report Trends for January 05 June 05 Volume VIII, Published September 2005 Dean Turner Executive Editor Symantec Security Response Stephen

More information

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1 Threats and Attacks Modifications by Prof. Dong Xuan and Adam C. Champion Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to:

More information

Phishing Activity Trends Report. 1 st Quarter 2014. Unifying the. To Cybercrime. January March 2014

Phishing Activity Trends Report. 1 st Quarter 2014. Unifying the. To Cybercrime. January March 2014 1 st Quarter 2014 Unifying the Global Response To Cybercrime January March 2014 Published June 23, 2014 , Phishing Report Scope The APWG analyzes phishing attacks reported to the APWG by its member companies,

More information

Anti-Phishing Best Practices for ISPs and Mailbox Providers

Anti-Phishing Best Practices for ISPs and Mailbox Providers Anti-Phishing Best Practices for ISPs and Mailbox Providers Version 2.01, June 2015 A document jointly produced by the Messaging, Malware and Mobile Anti-Abuse Working Group (M 3 AAWG) and the Anti-Phishing

More information

Promoting Network Security (A Service Provider Perspective)

Promoting Network Security (A Service Provider Perspective) Promoting Network Security (A Service Provider Perspective) Prevention is the Foundation H S Gupta DGM (Technical) Data Networks, BSNL hsgupta@bsnl.co.in DNW, BSNL 1 Agenda Importance of Network Security

More information

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to

More information

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks White paper Phishing, Vishing and Smishing: Old Threats Present New Risks How much do you really know about phishing, vishing and smishing? Phishing, vishing, and smishing are not new threats. They have

More information

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Express Websense Hosted Web Security

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Express Websense Hosted Web Security Web Security Gateway Web Security Web Filter Express Hosted Web Security Web Security Solutions The Approach In the past, most Web content was static and predictable. But today s reality is that Web content

More information

Internet Safety and Security: Strategies for Building an Internet Safety Wall

Internet Safety and Security: Strategies for Building an Internet Safety Wall Internet Safety and Security: Strategies for Building an Internet Safety Wall Sylvanus A. EHIKIOYA, PhD Director, New Media & Information Security Nigerian Communications Commission Abuja, NIGERIA Internet

More information

May 2011 Report #53. The following trends are highlighted in the May 2011 report:

May 2011 Report #53. The following trends are highlighted in the May 2011 report: May 2011 Report #53 The unexpected raid and resulting death of Osama Bin Laden shocked the world. As always, spammers were quick to jump on this headline, and send a variety of spam messages leveraging

More information

E-Guide. Sponsored By:

E-Guide. Sponsored By: E-Guide Signature vs. anomaly-based behavior analysis News of successful network attacks has become so commonplace that they are almost no longer news. Hackers have broken into commercial sites to steal

More information

When Reputation is Not Enough: Barracuda Spam & Virus Firewall Predictive Sender Profiling

When Reputation is Not Enough: Barracuda Spam & Virus Firewall Predictive Sender Profiling When Reputation is Not Enough: Barracuda Spam & Virus Firewall Predictive Sender Profiling As spam continues to evolve, Barracuda Networks remains committed to providing the highest level of protection

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

NEW ZEALAND S CYBER SECURITY STRATEGY

NEW ZEALAND S CYBER SECURITY STRATEGY Appendix 1 NEW ZEALAND S CYBER SECURITY STRATEGY June 2011 New Zealand Government 7 June 2011 ISBN: 978-0-478-38200-6 www.med.govt.nz/cyberstrategy MED11 Foreword from the Minister The Internet and digital

More information

LASTLINE WHITEPAPER. Using Passive DNS Analysis to Automatically Detect Malicious Domains

LASTLINE WHITEPAPER. Using Passive DNS Analysis to Automatically Detect Malicious Domains LASTLINE WHITEPAPER Using Passive DNS Analysis to Automatically Detect Malicious Domains Abstract The domain name service (DNS) plays an important role in the operation of the Internet, providing a two-way

More information

Global Corporate IT Security Risks: 2013

Global Corporate IT Security Risks: 2013 Global Corporate IT Security Risks: 2013 May 2013 For Kaspersky Lab, the world s largest private developer of advanced security solutions for home users and corporate IT infrastructures, meeting the needs

More information

Information & network security in the new threat landscape. Sarah Greenwood

Information & network security in the new threat landscape. Sarah Greenwood Information & network security in the new threat landscape Sarah Greenwood Today s Discussion 6 The current threat landscape Security technology moving forward The role of policy makers 2 Symantec Global

More information

Office of Inspector General

Office of Inspector General Audit Report OIG-05-040 INFORMATION TECHNOLOGY: Mint s Computer Security Incident Response Capability Needs Improvement July 13, 2005 Office of Inspector General Department of the Treasury Contents Audit

More information

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Hosted Web Security

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Hosted Web Security Web Security Gateway Web Security Web Filter Hosted Web Security Web Security Solutions The Approach In the past, most Web content was static and predictable. But today s reality is that Web content even

More information

Commissioned Study. SURVEY: Web Threats Expose Businesses to Data Loss

Commissioned Study. SURVEY: Web Threats Expose Businesses to Data Loss Commissioned Study SURVEY: Web Threats Expose Businesses to Data Loss Introduction Web-borne attacks are on the rise as cybercriminals and others who do harm to computer systems for profit or malice prey

More information

Recurrent Patterns Detection Technology. White Paper

Recurrent Patterns Detection Technology. White Paper SeCure your Network Recurrent Patterns Detection Technology White Paper January, 2007 Powered by RPD Technology Network Based Protection against Email-Borne Threats Spam, Phishing and email-borne Malware

More information

Next Generation IPS and Reputation Services

Next Generation IPS and Reputation Services Next Generation IPS and Reputation Services Richard Stiennon Chief Research Analyst IT-Harvest 2011 IT-Harvest 1 IPS and Reputation Services REPUTATION IS REQUIRED FOR EFFECTIVE IPS Reputation has become

More information

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................

More information

Best Practices for a BYOD World

Best Practices for a BYOD World Face Today s Threats Head-On: Best Practices for a BYOD World Chris Vernon CISSP, VTSP Security Specialist Agenda Mobile Threats Overview 2013 State of Mobility Survey Canada BYOD Best Practices 2 Mobile

More information

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats Achieving Truly Secure Cloud Communications How to navigate evolving security threats Security is quickly becoming the primary concern of many businesses, and protecting VoIP vulnerabilities is critical.

More information

Statistical Analysis of Internet Security Threats. Daniel G. James

Statistical Analysis of Internet Security Threats. Daniel G. James Statistical Analysis of Internet Security Threats Daniel G. James ABSTRACT The purpose of this paper is to analyze the statistics surrounding the most common security threats faced by Internet users. There

More information

When Reputation is Not Enough: Barracuda Spam Firewall Predictive Sender Profiling. White Paper

When Reputation is Not Enough: Barracuda Spam Firewall Predictive Sender Profiling. White Paper When Reputation is Not Enough: Barracuda Spam Firewall Predictive Sender Profiling White Paper As spam continues to evolve, Barracuda Networks remains committed to providing the highest level of protection

More information

CSG & Cyberoam Endpoint Data Protection. Ubiquitous USBs - Leaving Millions on the Table

CSG & Cyberoam Endpoint Data Protection. Ubiquitous USBs - Leaving Millions on the Table CSG & Cyberoam Endpoint Data Protection Ubiquitous USBs - Leaving Millions on the Table Contents USBs Making Data Movement Easy Yet Leaky 3 Exposing Endpoints to the Wild. 3 Data Breach a Very Expensive

More information

Defending Against Cyber Attacks with SessionLevel Network Security

Defending Against Cyber Attacks with SessionLevel Network Security Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive

More information

2012 Endpoint Security Best Practices Survey GLOBAL RESULTS

2012 Endpoint Security Best Practices Survey GLOBAL RESULTS 2012 Endpoint Security Best Practices Survey GLOBAL RESULTS CONTENTS Executive Summary... 4 Methodology... 6 Finding 1: Top tier organizations fare better against attacks... 8 Finding 2: Top tier organizations

More information

DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS

DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS : DDOS ATTACKS DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS 1 DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS NTT is one of the largest Internet providers in the world, with a significant share of the world s

More information

TECHNICAL NOTE 01/2006 ENGRESS AND INGRESS FILTERING

TECHNICAL NOTE 01/2006 ENGRESS AND INGRESS FILTERING TECHNICAL NOTE 01/2006 ENGRESS AND INGRESS FILTERING 20 APRIL 2006 This paper was previously published by the National Infrastructure Security Co-ordination Centre (NISCC) a predecessor organisation to

More information

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation By Marc Ostryniec, vice president, CSID The increase in volume, severity, publicity and fallout of recent data breaches

More information

Internet Security Topics

Internet Security Topics Internet Security Topics JPCERT/CC Japan Computer Emergency Response Team Coordination Center Yurie Ito, Director Technical Operation 1 Today s Agenda 1. Incident Trends Purpose/motivation, methods 2.

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

The Advanced Cyber Attack Landscape

The Advanced Cyber Attack Landscape The Advanced Cyber Attack Landscape FireEye, Inc. The Advanced Cyber Attack Landscape 1 Contents Executive Summary 3 Introduction 4 The Data Source for this Report 5 Finding 1 5 Malware has become a multinational

More information

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE

More information

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current

More information

INSIDE. Mitigating Online Fraud: Customer Confidence, Brand Protection, and Loss Minimization. Symantec Online Fraud Management

INSIDE. Mitigating Online Fraud: Customer Confidence, Brand Protection, and Loss Minimization. Symantec Online Fraud Management Symantec Online Fraud Management WHITE PAPER Mitigating Online Fraud: Customer Confidence, Brand Protection, and Loss Minimization INSIDE New online threats Impacts on customer trust and brand confidence

More information

Kaspersky DDoS Prevention

Kaspersky DDoS Prevention Kaspersky DDoS Prevention The rapid development of the online services industry and remote customer service systems forces entrepreneurs to consider how they can protect and ensure access to their resources.

More information

I N T E L L I G E N C E A S S E S S M E N T

I N T E L L I G E N C E A S S E S S M E N T I N T E L L I G E N C E A S S E S S M E N T (U//FOUO) Malicious Cyber Actors Target US Universities and Colleges 16 January 2015 Office of Intelligence and Analysis IA-0090-15 (U) Warning: This document

More information

Protecting Your Organisation from Targeted Cyber Intrusion

Protecting Your Organisation from Targeted Cyber Intrusion Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology

More information

Managed Security Services

Managed Security Services Managed Security Services 1 Table of Contents Possible Security Threats 3 ZSL s Security Services Model 4 Managed Security 4 Monitored Security 5 Self- Service Security 5 Professional Services 5 ZSL s

More information

Cyber Security and Critical Information Infrastructure

Cyber Security and Critical Information Infrastructure Cyber Security and Critical Information Infrastructure Dr. Gulshan Rai Director General Indian Computer Emergency Response Team (CERT- In) grai [at] cert-in.org.in The Complexity of Today s Network Changes

More information

A TASTE OF HTTP BOTNETS

A TASTE OF HTTP BOTNETS Botnets come in many flavors. As one might expect, these flavors all taste different. A lot of Internet users have had their taste of IRC, P2P and HTTP based botnets as their computers were infected with

More information

Cisco Security Intelligence Operations

Cisco Security Intelligence Operations Operations Operations of 1 Operations Operations of Today s organizations require security solutions that accurately detect threats, provide holistic protection, and continually adapt to a rapidly evolving,

More information

Advantages of Managed Security Services

Advantages of Managed Security Services Advantages of Managed Security Services Cloud services via MPLS networks for high security at low cost Get Started Now: 877.611.6342 to learn more. www.megapath.com Executive Summary Protecting Your Network

More information

Choose Your Weapon: Fighting the Battle against Zero-Day Virus Threats

Choose Your Weapon: Fighting the Battle against Zero-Day Virus Threats Choose Your Weapon: Fighting the Battle against Zero-Day Virus Threats 1 of 2 November, 2004 Choose Your Weapon: Fighting the Battle against Zero-Day Virus Threats Choose Your Weapon: Fighting the Battle

More information

Protecting the Infrastructure: Symantec Web Gateway

Protecting the Infrastructure: Symantec Web Gateway Protecting the Infrastructure: Symantec Web Gateway 1 Why Symantec for Web Security? Flexibility and Choice Best in class hosted service, appliance, and virtual appliance (upcoming) deployment options

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Security Scanning Procedures Version 1.1 Release: September 2006 Table of Contents Purpose...1 Introduction...1 Scope of PCI Security Scanning...1 Scanning

More information

isheriff CLOUD SECURITY

isheriff CLOUD SECURITY isheriff CLOUD SECURITY isheriff is the industry s first cloud-based security platform: providing fully integrated endpoint, Web and email security, delivered through a single Web-based management console

More information

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS PREPARING FOR ADVANCED CYBER THREATS Cyber attacks are evolving faster than organizations

More information

Advanced Persistent Threats

Advanced Persistent Threats White Paper INTRODUCTION Although most business leaders and IT managers believe their security technologies adequately defend against low-level threats, instances of (APTs) have increased. APTs, which

More information

INSIDE. Securing Network-Attached Storage Protecting NAS from viruses, intrusions, and blended threats

INSIDE. Securing Network-Attached Storage Protecting NAS from viruses, intrusions, and blended threats Symantec Enterprise Security WHITE PAPER Securing Network-Attached Storage Protecting NAS from viruses, intrusions, and blended threats INSIDE Executive Summary Challenges to securing NAS An effective

More information

NATIONAL CYBER SECURITY AWARENESS MONTH

NATIONAL CYBER SECURITY AWARENESS MONTH NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the

More information

January 2011 Report #49. The following trends are highlighted in the January 2011 report:

January 2011 Report #49. The following trends are highlighted in the January 2011 report: January 2011 Report #49 Spam made up 81.69% of all messages in December, compared with 84.31% in November. The consistent drop in spam made us wonder, did spammers take a holiday break? Global spam volume

More information

Executive Summary 3. Snowden and Retail Breaches Influencing Security Strategies 3. Attackers are on the Inside Protect Your Privileges 3

Executive Summary 3. Snowden and Retail Breaches Influencing Security Strategies 3. Attackers are on the Inside Protect Your Privileges 3 GLOBAL ADVANCED THREAT LANDSCAPE SURVEY 2014 TABLE OF CONTENTS Executive Summary 3 Snowden and Retail Breaches Influencing Security Strategies 3 Attackers are on the Inside Protect Your Privileges 3 Third-Party

More information