May 2, 2012 – Malicious attacks by cyber criminals increased by 81% in 2011, according to a report released by Symantec Corp. These targeted attacks are spreading to companies of all kinds and sizes, including financial firms, increasing the number of data breaches.
According to the report, Symantec blocked more than 5.5 billion malicious attacks in 2011, an increase of 81% over the previous year. Moreover, the number of unique malware variants increased to 403 million and the number of Web attacks blocked per day increased by 36%.
At the same time, spam levels fell considerably and new vulnerabilities discovered decreased by 20%. Attackers have embraced easy to use attack toolkits to efficiently leverage existing vulnerabilities.
Moving beyond spam, cyber criminals are then turning to social networks to launch their attacks. The very nature of these networks makes users incorrectly assume they are not at risk and attackers are using these sites to target new victims. Due to social engineering techniques and the viral nature of social networks, it's much easier for threats to spread from one person to the next.
Targeted attacks are growing, with the number of daily targeted attacks increasing from 77 per day to 82 per day by the end of 2011. Targeted attacks use social engineering and customized malware to gain unauthorized access to sensitive information. These advanced attacks have traditionally focused on public sector and government; however, in 2011, targeted attacks diversified.
Approximately 1.1 million identities were stolen per data breach on average in 2011, a dramatic increase over the amount seen in any other year. Hacking incidents posed the greatest threat, exposing 187 million identities in 2011 – the greatest number for any type of breach last year. However, the most frequent cause of data breaches that could facilitate identity theft was theft or loss of a computer or other medium on which data is stored or transmitted, such as a smartphone, USB key or a backup device. These theft-or loss-related breaches exposed 18.5 million identities.
Financial firms were among the top sectors to be impacted by cybercrime. It accounted for nearly 8% of the data breaches in 2011 and 0.4% of the identities stolen.
These firms, and their clients, are increasingly the victims of phishing activity. According to a Symantec spokesperson, 85.2% of phishing attacks in 2011 related to spoofed financial organizations, compared with 56% in 2010.
This story originally appeared at Securities Technology Monitor.