Symantec Website Security Threat Report12 June 2013

Alistair Johnson, Mike Smart, Andrew Horbury

1

Welcome

The WSTR is a subset of the annual Symantec ISTR – To complement this

webinar we have put together:• Video• Infographics• Podcasts• And much more…

www.symantec.com/threatreport

2

Agenda

Introduction to report1

Targeted attacks2

Vulnerabilities3

Watering hole attacks4

Malware and the emergence of Ransomware5

3

• 69 million sensors• 157 countries• 51,644 recorded vulnerabilities

(spanning two decades)• 3 billion emails processed each

day• 1.5 Million websites scanned

Information sources

4

Targeted Attacks

5

Targeted attacks up 42% in 2012

6

Targeted attacks by company size

7

Top 10 Industries attacked in 2012• Manufacturing

moved to top position in 2012

• But all industries are targeted

8

Targeted attack by job function

0%

5%

10%

15%

20%

25%

30% R&D27%

Senior12%

C-Level17%

Sales24%

Shared Mailbox

13%

Recruitment4% Media

3% PA1%

• Attacks may start with the ultimate target but often look for any entry into a company

9

Spear phishing Watering hole attack

Send target a relevantemail message

Infect the website and then lie in wait for the target

• Targeted attacks predominately start with as spear phishing attacks• In 2012 we saw the emergence of Watering hole attacks

http://bit.ly/Elderwood

10

How effective is a watering hole attack?

1 Watering Hole Attack in 2012

infected500 companies

All within 24 hours

• Watering Hole attacks target specific groups and sites• They can capture a large number of victims in a short space of

time

11

Watering Hole attacked targeting iOS Developers

• An example of a Watering Hole• The attackers were looking for iOS developers

12

Recent Examples of Water Hole Attack

• In 2013 we predict this type of attack will become more widely used

• In February this year several high profile companies fell victim to this type of attack

13

Malware and Vulnerabilities

14

Zero-Day Vulnerabilities

2006 2007 2008 2009 2010 2011 20120

2

4

6

8

10

12

14

16

13

15

9

12

14

8

14

Total Volume

15

Zero-Day Vulnerabilities

2006 2007 2008 2009 2010 2011 20120

5

10

15

20

25

13 15

912

14

8

14

42

3 4

Total VolumeElderwoodStuxnet

• One group can significantly affect yearly numbers• The Elderwood gang drove the rise in zero day vulnerabilities

16

All vulnerabilities

2006 2007 2008 2009 2010 2011 20120

1000

2000

3000

4000

5000

6000

7000

4842 4644

5562

4814

6253

49895291

• No significant rise or fall in discovery of new vulnerabilities in last six years

17

2010 2011 20120

10,000

20,000

30,000

40,000

50,000

60,000

70,000

80,000

74,000

55,000

43,000

New unique malicious web domains

DecreaseIn new malicious domains

18

Our websites are being used against us

• 53% of legitimate websites have unpatched vulnerabilities

•24% have critical vulnerabilities unpatched

•61% of malicious websites are legitimate

19

Our own websites are being used against us• In 2012 one threat (LizaMoon) infected more than 1 million

websites• Operating on legitimate webpages it sends users to a fake

antivirus alert site, warning them that their computer may be infected.

20

21

• 16 Number of criminal gangs involved in this cybercrime

• 5M USD estimated amount extorted from victims in 2012

• 500,000 average number of attacks seen from one threat in 18 day period

22

How Symantec can help (Print Screen) Symantec technology What it does How it can help

Symantec Extended Validation SSL Certificates

Encrypts confidential information, such as credit card data, between the browser and your servers. Also confirms the identity of the website in the browser address bar.

• Powerful encryption• Visible security• Authenticates the website• Greater customer trust• Increased conversions.

Web Site Malware Scanning Scans websites for malware infections. Reduces the risk of warnings and blocking by search engines and the risk of reputation damage when a site infects its visitors.

Symantec Managed PKI for SSL Lets website managers keep track of all their SSL certificates from a web-hosted management console.

Reduce the risk of accidental certificate expiry and credibility-damaging certificate warnings.

Always-on SSL with Symantec Secure Site Pro SSL Certificates

Always-on SSL is used by sites such as Google, Facebook and LinkedIn to protect all the user’s interactions with the site.

Build trust and encourage user interaction by making sure that it is all encrypted and secure.

The Norton™ Secured Seal Shows customers that you value their trust and that your site is secure because it has been scanned weekly for malware and vulnerabilities.

The Norton™ Secured Seal is the most recognised trust mark on the Internet

Symantec Seal-in-Search™ Displays the widely-recognised Norton Secured Seal trust mark in web search results.

Increase search trafficIncrease customer trust and confidence.

AdVantage Real-time detection, notification, and analysis of malvertisement incidents through the cloud from Symantec.

Comprehensive static & dynamic malvertisement detection technologiesInstant notification of malvertisement activity

23

Stay informed

• Follow us on twitter @nortonsecured @threatintel• www.symantec.com/threatreport • go.symantec.com/ssl• Blogs

www.symantec.com/connect/blogs/website-security-solutions

24

Email: andy_horbury@symantec.com

25

Thank you!

Copyright © 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.

Andrew Horbury Email: andy_horbury@symantec.comMike SmartAlistair Johnson

26