-attacks increased 81 percent during 2011 in comparison with the prior year, and criminals devoted less attention to spam and other well-known methods of exploiting security
holes in preference for specifically targeted attacks, according to a new report from Symantec.
The number of targeted attacks using social engineering and customized malware to gain unauthorized access to sensitive information grew from 77 per day to 82 per day by the end of 2011, Symantec said. Furthermore, hackers began targeting companies and government organizations of all sizes.
Cyber-criminals also adopted new strategies for targeting the security vulnerabilities of smartphones, media tablets and other mobile devices. Mobile vulnerabilities increased by a whopping 93 percent last year -- and with the number of threats targeting Google's Android mobile platform rising significantly.
"One of the most popular ways for phone malware authors to make money is by sending premium SMS messages from infected phones," the new report's authors wrote. "This technique was used by 18 percent of the mobile threats identified in 2011."
Unfortunately, there is no single preventive measure that will guarantee safety from all attacks, said Kevin Haley, the director of product management at Symantec Security Response.
"There are so many kinds of attacks that it's difficult for users to know what threats are the most dangerous, and how to stay on top of them, Haley wrote in a blog post Monday."But each can be dealt with individually."
SMB Security Threats
When huge corporations or government organizations get hacked the events generate a flurry of newspaper headlines. However, more than half of last year's targeted attacks were actually directed at enterprises with fewer than 2,500 employees -- and over 18 percent targeted organizations with fewer than 250 employees.
"They're not just targeting executives with deep access to confidential information either," Haley warned. "Fifty-eight percent of people who are being targeted are in positions such as public relations, human resources and sales -- positions that can provide cyber-criminals with corporate information and open the door to more attacks."
Hackers stole 187 million personal identities last year, with the average yield per data breach amounting to 1.1 million identities. According to Symantec, identity theft gleaned from lost or stolen PCs or mobile devices also exposed 18.5 million identities in 2011.
Malicious attacks also increased by 81 percent in comparison with Symantec's 2010 estimates.
"That's a total of 5.5 billion attacks blocked just by Symantec," Haley said. Web attacks were also up by 36 percent, he added.
Mobile Data Breach Threats
Symantec intentionally "lost" 50 smartphones earlier this year to monitor what would happen to the simulated corporate and personal data that the company had installed on these devices. The results of the experiment suggest that virtually all lost handsets are potentially consumer and business data breach threats.
"Only half of the people who found one of the phones made any attempt to return it [and even the people who tried] to return the phones made attempts to view the data on them," Haley noted last month. "In fact, 96 percent of our lost smartphones were accessed by their finders."
Symantec's experiment underscores the importance of having password protection installed on mobile devices as well as the ability to remotely wipe the device's data immediately after it has been reported as lost. The security software maker is also strongly urging businesses to adopt applications offering the ability to remotely wipe the data from employees' handsets.
"In this way, even if the phone fell into the hands of a determined thief, there would be no data for them to find," Haley said. "It is also a good idea to have software on the phone to help locate it if lost."