'

Symantec Intelligence Report July 2015

Понравилась презентация – покажи это...





Слайд 0

SYMANTEC INTELLIGENCE REPORT JULY 2015


Слайд 1

2 | July 2015 Symantec Intelligence Report 3 Summary 4 July in Numbers 5 Targeted Attacks & Phishing 5 5 6 6 7 Top 10 Industries Targeted in Spear-Phishing Attacks Spear-Phishing Attacks by Size of Targeted Organization Phishing Rate Proportion of Email Traffic Identified as Phishing by Industry Sector Proportion of Email Traffic Identified as Phishing by Organization Size 8 Vulnerabilities 8 8 9 Total Number of Vulnerabilities Zero-Day Vulnerabilities Vulnerabilities Disclosed in Industrial Control Systems 10 Malware 10 10 11 11 12 12 13 13 New Malware Variants Top 10 Mac OSX Malware Blocked on OSX Endpoints Ransomware Over Time Crypto-Ransomware Over Time Proportion of Email Traffic in Which Malware Was Detected Percent of Email Malware as URL vs. Attachment by Month Proportion of Email Traffic Identified as Malicious by Industry Sector Proportion of Email Traffic Identified as Malicious by Organization Size 14 Mobile & Social Media 14 14 15 Android Mobile Malware Families by Month New Android Variants per Family by Month Social Media 16 Spam 16 16 17 Overall Email Spam Rate Proportion of Email Traffic Identified as Spam by Industry Sector Proportion of Email Traffic Identified as Spam by Organization Size 18 About Symantec 18 More Information Welcome to the July edition of the Symantec Intelligence report. Symantec Intelligence aims to provide the latest analysis of cyber security threats, trends, and insights concerning malware, spam, and other potentially harmful business risks. Symantec has established the most comprehensive source of Internet threat data in the world through the Symantec™ Global Intelligence Network, which is made up of more than 57.6 million attack sensors and records thousands of events per second. This network monitors threat activity in over 157 countries and territories through a combination of Symantec products and services such as Symantec DeepSight™ Intelligence, Symantec™ Managed Security Services, Norton™ consumer products, and other third-party data sources.


Слайд 2

3 | July 2015 Symantec Intelligence Report Summary Last month we reported how the spam rate had dropped below 50 percent of email traffic. Almost as if in response to this seemingly watershed moment, the spam rate went up slightly in July, just crossing the midpoint mark again with a percentage of 50.1. While this is the first time the spam rate have increased in more than a year, we still anticipate that the rate will continue its slow, downward trajectory in the months to come. The Manufacturing and Wholesale industries both saw significant increases in targeted attack activity in July, where both industries were up eight percentage points from June. Enterprises with more than 2500 employees were the most commonly targeted organization size during the month. The number of vulnerabilities disclosed was up as well in July. There were 579 vulnerabilities reported, in comparison to 526 in June. Of particular note were six zero-day vulnerabilities discovered during the month—the highest number seen in more than a year. Four of these zero-day vulnerabilities—three for Adobe Flash Player and one for Microsoft Windows— were discovered in the data cache of the Italian covert surveillance and espionage software company, Hacking Team, which suffered a data breach in early July. There were 53.7 million new pieces of malware discovered in July. While down slightly from June, this is still well above the 40.3 million average seen over the last twelve months. Ransomware has also declined slightly this month, though there have been modest increases in the amount of crypto-ransomware seen in July. There was also a slight decrease in malware detected in email traffic during the month, though the Agriculture, Forestry, & Fishing industry remained on top of the list of sectors most likely to receive malicious emails. In contrast, four mobile malware families were released onto the mobile malware landscape in July, the highest number seen in one month during 2015. The number of mobile malware variants also continues to trend upwards, where 42 Android malware variants were seen per family during July. We hope that you enjoy this month’s report and feel free to contact us with any comments or feedback. Ben Nahorney, Cyber Security Threat Analyst symantec_intelligence@symantec.com


Слайд 3

4 | July 2015 Symantec Intelligence Report JULY IN NUMBERS


Слайд 4

5 | July 2015 Symantec Intelligence Report Targeted Attacks & Phishing The Manufacturing and July June 30% Manufacturing 22 Wholesale 17 9 13 Services - Professional 12 Finance, Insurance, & Real Estate Services - Non Traditional 8 6 Transportation, Communications, Electric, Gas, & Sanitary Services Retail Public Administration 3 Nonclassifiable Establishments 0 17 17 11 12 5 2 Construction Wholesale sectors where the first and second most targeted industries in July. These industries each saw an eight percentage point increase in spear-phishing attacks. 7 2 2 2 Top 10 Industries Targeted in Spear-Phishing Attacks Source: Symantec Top 10 Industries Targeted in Spear-Phishing Attacks Large enterprises were the target Company Size July June 1-250 33.2% 38.1% 251-500 12.6% 15.2% 501-1000 7.7% 9.0% 1001-1500 3.0% 9.9% 1501-2500 9.3% 2.7% 2501+ 34.1% 25.1% Spear-Phishing Attacks by Size of Targeted Organization Source: Symantec Spear-Phishing Attacks by Size of Targeted Organization of 34.1 percent of spear-phishing attacks in July, up from 25.1 percent in June. In contrast, 33.2 percent of attacks were directed at organizations with less than 250 employees.


Слайд 5

6 | July 2015 Symantec Intelligence Report The overall phishing rate has A S O 400 N D J 2015 A M J J increased this month, where one in 1,628 emails was a phishing attempt. 1004 1200 1 IN M 647 800 1600 F 1465 1587 2000 1610 1628 1517 1865 2057 2041 2400 2448 2666 2800 Phishing Rate Inverse Graph: Smaller Number = Greater Risk Source: Symantec Phishing Rate The Agriculture, Forestry, & Industry July June Agriculture, Forestry, & Fishing 1 in 837.1 1 in 1,469.9 Services - Non Traditional 1 in 1,320.5 1 in 3,977.5 Finance, Insurance, & Real Estate 1 in 1,357.6 1 in 2,901.7 Public Administration 1 in 1,359.2 1 in 2,367.3 Nonclassifiable Establishments 1 in 1,564.4 1 in 2,753.1 Services - Professional 1 in 1,566.8 1 in 2,750.3 Mining 1 in 2,017.1 1 in 3,120.1 Construction 1 in 2,241.5 1 in 3,003.1 Wholesale 1 in 2,343.8 1 in 4,142.5 Transportation, Communications, Electric, Gas, & Sanitary Services 1 in 3,114.3 1 in 4,495.4 Proportion of Email Traffic Identified as Phishing by Industry Sector Proportion of Email Traffic Identified as Phishing by Industry Sector Source: Symantec.cloud Fishing sector was again the most targeted Industry overall for phishing attempts in July, where phishing comprised one in every 837.1 emails. This rate has been higher than any other industry since April.


Слайд 6

7 | July 2015 Symantec Intelligence Report Small companies with less than Company Size July June 1–250 1 in 1,288.9 1 in 1,552.5 251–500 1 in 1,613.7 1 in 2,553.7 501–1000 1 in 1,899.6 1 in 3,051.4 1001–1500 1 in 2,209.9 1 in 3,443.2 1501–2500 1 in 2,045.5 1 in 3,552.6 2501+ 1 in 1,872.3 1 in 3,624.5 Proportion of Email Traffic Identified as Phishing by Organization Size Source: Symantec.cloud Proportion of Email Traffic Identified as Phishing by Organization Size 250 employees were again the most targeted organization size in July.


Слайд 7

8 | July 2015 Symantec Intelligence Report Vulnerabilities The number of vulnerabilities 600 600 596 500 400 579 562 457 399 540 471 M 526 disclosed increased in July, up from 526 in June to 579 reported during the month. 469 F 579 428 300 200 100 A S O N D J 2015 A M J J Total Number of Vulnerabilities Source: Symantec Total Number of Vulnerabilities There were six zero-day 7 6 6 5 4 3 3 2 2 2 1 1 0 A 0 S 1 0 O N Zero-Day Vulnerabilities Source: Symantec Zero-Day Vulnerabilities 1 1 M J 0 D J 2015 F M A J vulnerabilities disclosed in July, three of which exploit the Adobe Flash Player.


Слайд 8

9 | July 2015 Symantec Intelligence Report Three vulnerabilities in industrial 4 4 Vulnerabilities Unique Vendors 3 3 2 2 2 1 1 A S 2 1 1 1 O N 1 1 D J 2015 F 3 1 M A 1 M J J Vulnerabilities Disclosed in Industrial Control Systems Source: Symantec Vulnerabilities Disclosed in Industrial Control Systems Methodology In some cases the details of a vulnerability are not publicly disclosed during the same month that it was initially discovered. In these cases, our vulnerability metrics are updated to reflect the time that the vulnerability was discovered, as opposed to the month it was disclosed. This can cause fluctuations in the numbers reported for previous months when a new report is released. control systems were reported by one vendor in July.


Слайд 9

10 | July 2015 Symantec Intelligence Report Malware There were more than 53.7 million new pieces of malware created in July. While down from June, this is still well above the 40.3 million average seen over the last twelve months. 80 70 63.6 57.6 MILLIONS 60 50 44.7 40 30 31.7 35.9 53.7 44.5 35.8 33.7 26.6 29.2 26.5 20 10 A S O N D J 2015 F M A M J J New Malware Variants Source: Symantec New Malware Variants OSX.RSPlug.A continues to be Malware Name July Percentage Malware Name June Percentage 1 OSX.RSPlug.A 61.9% OSX.RSPlug.A 29.5% 2 OSX.Wirelurker 10.0% OSX.Keylogger 11.6% 3 OSX.Crisis 8.4% OSX.Klog.A 8.9% 4 OSX.Keylogger 4.8% OSX.Luaddit 7.8% 5 OSX.Klog.A 3.5% OSX.Wirelurker 7.1% 6 OSX.Luaddit 1.8% OSX.Flashback.K 5.4% 7 OSX.Stealbit.B 1.3% OSX.Stealbit.B 4.3% 8 OSX.Flashback.K 1.3% OSX.Freezer 3.2% 9 OSX.Freezer 1.1% OSX.Netweird 2.9% 10 OSX.Netweird 0.8% OSX.Okaz 2.5% Rank Top 10 Mac OS X Malware Blocked on OS X Endpoints Source: Symantec Top 10 Mac OSX Malware Blocked on OSX Endpoints the most commonly seen OS X threat seen on OS X endpoints in July.


Слайд 10

11 | July 2015 Symantec Intelligence Report Ransomware attacks were down 800 700 734 669 693 738 slightly in July, where over 413 thousand attacks were detected. 756 THOUSANDS 600 544 477 500 413 399 400 354 300 248 297 200 100 A S O N D J 2015 F M A M J J Ransomware Over Time Source: Symantec Ransomware Over Time Crypto-ransomware was up during July, setting another high for 2015. 80 72 70 62 THOUSANDS 60 50 48 46 40 36 31 28 30 21 20 20 23 M A 34 16 10 A S O N D Crypto-Ransomware Over Time Source: Symantec Crypto-Ransomware Over Time J 2015 F M J J


Слайд 11

12 | July 2015 Symantec Intelligence Report The proportion of email traffic A S O N D J 2015 100 F M A M J containing malware decreased again this month, down to the lowest levels seen since October of last year. J 150 195 1 IN 200 250 207 207 237 246 270 246 274 300 319 337 329 350 351 400 Inverse Graph: Smaller Number = Greater Risk Proportion of Email Traffic in Which Malware Was Detected Source: Symantec Proportion of Email Traffic in Which Malware Was Detected The percentage of email malware that contains a URL remained low this month, hovering around three percent. 50 41 40 30 20 10 6 14 7 5 3 A S O 8 N D J 2015 3 F 3 M 3 3 3 A M J J Percent of Email Malware as URL vs. Attachment by Month Source: Symantec Percent of Email Malware as URL vs. Attachment by Month


Слайд 12

13 | July 2015 Symantec Intelligence Report Agriculture, Forestry, & Fishing Industry July June Agriculture, Forestry, & Fishing 1 in 252.7 1 in 231.6 Services - Non Traditional 1 in 280.1 1 in 365.3 Public Administration 1 in 288.9 1 in 245.9 Wholesale 1 in 333.3 1 in 301.6 Services - Professional 1 in 338.0 1 in 305.8 Construction 1 in 376.3 1 in 305.8 Transportation, Communications, Electric, Gas, & Sanitary Services 1 in 392.4 1 in 230.2 Finance, Insurance, & Real Estate 1 in 416.4 1 in 481.5 Mining 1 in 438.3 1 in 371.5 Nonclassifiable Establishments 1 in 519.5 was the most targeted sector in July, where one in every 252.7 emails contained malware. 1 in 497.7 Proportion of Email Traffic Identified as Malicious by Industry Sector Source: Symantec.cloud Proportion of Email Traffic Identified as Malicious by Industry Sector Organizations with 251-500 Company Size July June 1-250 1 in 275.8 1 in 255.6 251-500 1 in 259.5 1 in 232.9 501-1000 1 in 351.1 1 in 318.1 1001-1500 1 in 389.5 1 in 292.2 1501-2500 1 in 373.2 1 in 164.0 2501+ 1 in 401.7 1 in 472.4 Proportion of Email Traffic Identified as Malicious by Organization Size Source: Symantec.cloud Proportion of Email Traffic Identified as Malicious by Organization Size employees were most likely to be targeted by malicious email in the month of July, where one in 259.5 emails was malicious.


Слайд 13

14 | July 2015 Symantec Intelligence Report Mobile & Social Media In July there were four new mobile malware families discovered. 9 8 8 7 6 6 5 5 4 4 3 3 2 3 3 2 2 1 1 1 0 A S O N D J 2015 F M A M J J Android Mobile Malware Families by Month Source: Symantec Android Mobile Malware Families by Month There was an average of 42 Android malware variants per family in the month of in July. 50 40 37 34 A S 36 36 O N D 33 38 38 38 39 39 40 J 2015 F M A M J 42 30 20 10 New Android Variants per Family by Month Source: Symantec New Android Variants per Family by Month J


Слайд 14

15 | July 2015 Symantec Intelligence Report In the last twelve months, 82 Last 12 Months 100 Fake offerings comprised 12 82 percent of social media threats. 80 60 40 20 12 4 Manual Sharing Fake Offering Likejacking 1.6 0.1 Fake Apps Comment Jacking Manual Sharing – These rely on victims to actually do the work of sharing the scam by presenting them with intriguing videos, fake offers or messages that they share with their friends. Fake Offering – These scams invite social network users to join a fake event or group with incentives such as free gift cards. Joining often requires the user to share credentials with the attacker or send a text to a premium rate number. Likejacking – Using fake “Like” buttons, attackers trick users into clicking website buttons that install malware and may post updates on a user’s newsfeed, spreading the attack. Fake Apps – Users are invited to subscribe to an application that appears to be integrated for use with a social network, but is not as described and may be used to steal credentials or harvest other personal data. Comment Jacking – This attack is similar to the "Like" jacking where the attacker tricks the user into submitting a comment about a link or site, which will then be posted to his/her wall. Social Media Source: Symantec Social Media percent of social media threats required end users to propagate them.


Слайд 15

16 | July 2015 Symantec Intelligence Report Spam 50 50 51 50.1% 49.7% -1.8% pts -0.6% pts July June July was 50.1 percent, up 0.4 percentage points from June. 51.5% +.4% pts The overall email spam rate in May Overall Email Spam Rate Source: Symantec Overall Email Spam Rate At 55.7 percent, the Mining Industry July June Mining 55.7% 56.1% Manufacturing 53.8% 53.7% Retail 53.0% 53.1% Construction 53.0% 53.3% Services - Professional 52.5% 52.6% Agriculture, Forestry, & Fishing 52.2% 52.3% Wholesale 52.1% 52.2% Nonclassifiable Establishments 52.0% 52.5% Finance, Insurance, & Real Estate 51.9% 51.9% Services - Non Traditional 51.9% 53.0% Proportion of Email Traffic Identified as Spam by Industry Sector Source: Symantec.cloud Proportion of Email Traffic Identified as Spam by Industry Sector sector again had the highest spam rate during July. The Manufacturing sector came in second with 53.8 percent.


Слайд 16

17 | July 2015 Symantec Intelligence Report While all organization sizes had Company Size July June 1–250 52.3% 52.8% 251–500 52.6% 53.2% 501–1000 52.3% 52.4% 1001–1500 51.9% 51.9% 1501–2500 52.2% 52.1% 2501+ 52.4% 52.3% Proportion of Email Traffic Identified as Spam by Organization Size Source: Symantec.cloud Proportion of Email Traffic Identified as Spam by Organization Size around a 52 percent spam rate, organizations with 251-500 employees had the highest rate at 52.6 percent.


Слайд 17

18 | July 2015 Symantec Intelligence Report About Symantec Symantec Corporation (NASDAQ: SYMC) is an information protection expert that helps people, businesses and governments seeking the freedom to unlock the opportunities technology brings – anytime, anywhere. Founded in April 1982, Symantec, a Fortune 500 company, operating one of the largest global data-intelligence networks, has provided leading security, backup and availability solutions for where vital information is stored, accessed and shared. The company’s more than 20,000 employees reside in more than 50 countries. Ninety-nine percent of Fortune 500 companies are Symantec customers. In fiscal 2014, it recorded revenues of $6.7 billion. To learn more go to www.symantec.com or connect with Symantec at: go.symantec.com/socialmedia. More Information  Symantec Worldwide: http://www.symantec.com/  ISTR and Symantec Intelligence Resources: http://www.symantec.com/threatreport/  Symantec Security Response: http://www.symantec.com/security_response/  Norton Threat Explorer: http://us.norton.com/security_response/threatexplorer/


Слайд 18

Symantec Corporation World Headquarters 350 Ellis Street Mountain View, CA 94043 USA +1 (650) 527 8000 1 (800) 721 3934 www.symantec.com For specific country offices and contact numbers, please visit our website. For product information in the U.S., call toll-free 1 (800) 745 6054. Copyright © 2015 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners 04/15 21,500-21347932


Слайд 19


×

HTML:





Ссылка: