Part one of the Symantec Website Security Threat Report white paper is available here: http://bit.ly/17XOM54 These slides give insights from the Symantec Website Security's annual global threat report.We look at website malware, malvertising, targeted attacks, watering hole attacks, ransomware and website vulnerabilities.

1. Symantec Website Security Threat Report
12 June 2013
Alistair Johnson, Mike Smart, Andrew Horbury
1

2. Welcome
The WSTR is a subset of
the annual Symantec ISTR
– To complement this
webinar we have put
together:
• Video
• Infographics
• Podcasts
• And much more…
www.symantec.com/threatreport
2

3. Agenda
Introduction to report1
Targeted attacks2
Vulnerabilities3
Watering hole attacks4
Malware and the emergence of Ransomware5
3

4. • 69 million sensors
• 157 countries
• 51,644 recorded vulnerabilities
(spanning two decades)
• 3 billion emails processed each
day
• 1.5 Million websites scanned
Information sources
4

5. Targeted Attacks
5

6. Targeted attacks up 42% in 2012
6

7. Targeted attacks by company size
7

8. Top 10 Industries attacked in 2012
• Manufacturing
moved to top
position in 2012
• But all industries
are targeted
8

9. Targeted attack by job function
R&D
27%
Senior
12%
C-Level
17%
Sales
24%
Shared
Mailbox
13%
Recruitment
4%
Media
3% PA
1%
0%
5%
10%
15%
20%
25%
30%
• Attacks may start with the ultimate target but often look for any entry into a
company
9

10. Spear phishing Watering hole attack
Send target a relevant
email message
Infect the website and then
lie in wait for the target
• Targeted attacks predominately start with as spear phishing attacks
• In 2012 we saw the emergence of Watering hole attacks
http://bit.ly/Elderwood
10

11. How effective is a watering hole attack?
1 Watering Hole
Attack in 2012
infected
500 companies
All within
24 hours
• Watering Hole attacks target specific groups and sites
• They can capture a large number of victims in a short space of
time
11

12. Watering Hole attacked targeting iOS Developers
• An example of a Watering Hole
• The attackers were looking for iOS developers
12

13. Recent Examples of Water Hole Attack
• In 2013 we
predict this type
of attack will
become more
widely used
• In February this
year several
high profile
companies fell
victim to this
type of attack
13

14. Malware and Vulnerabilities
14

15. Zero-Day Vulnerabilities
13
15
9
12
14
8
14
0
2
4
6
8
10
12
14
16
2006 2007 2008 2009 2010 2011 2012
Total Volume
15

16. Zero-Day Vulnerabilities
4
2
3 4
13
15
9
12
14
8
14
0
5
10
15
20
25
2006 2007 2008 2009 2010 2011 2012
Total Volume
Elderwood
Stuxnet
• One group can significantly affect yearly numbers
• The Elderwood gang drove the rise in zero day vulnerabilities
16

17. All vulnerabilities
4842 4644
5562
4814
6253
4989
5291
0
1000
2000
3000
4000
5000
6000
7000
2006 2007 2008 2009 2010 2011 2012
• No significant rise or fall in discovery of new vulnerabilities in last six years
17

18. 74,000
55,000
43,000
0
10,000
20,000
30,000
40,000
50,000
60,000
70,000
80,000
2010 2011 2012
New unique malicious web domains
Decrease
In new malicious domains
18

19. Our websites are being used against us
•53% of legitimate websites have unpatched vulnerabilities
•24% have critical vulnerabilities unpatched
•61% of malicious websites are legitimate
19

20. Our own websites are being used against us
• In 2012 one threat (LizaMoon) infected more than 1 million
websites
• Operating on legitimate webpages it sends users to a fake
antivirus alert site, warning them that their computer may be
infected.
20

21. 21

22. • 16 Number of criminal gangs involved in this cybercrime
• 5M USD estimated amount extorted from victims in 2012
• 500,000 average number of attacks seen from one threat in 18
day period
22

23. How Symantec can help (Print Screen)
Symantec technology What it does How it can help
Symantec Extended Validation
SSL Certificates
Encrypts confidential information, such as credit card data,
between the browser and your servers. Also confirms the
identity of the website in the browser address bar.
• Powerful encryption
• Visible security
• Authenticates the website
• Greater customer trust
• Increased conversions.
Web Site Malware Scanning Scans websites for malware infections. Reduces the risk of warnings and blocking by
search engines and the risk of reputation
damage when a site infects its visitors.
Symantec Managed PKI for SSL Lets website managers keep track of all their SSL
certificates from a web-hosted management console.
Reduce the risk of accidental certificate
expiry and credibility-damaging certificate
warnings.
Always-on SSL with Symantec
Secure Site Pro SSL Certificates
Always-on SSL is used by sites such as Google, Facebook
and LinkedIn to protect all the user’s interactions with the
site.
Build trust and encourage user interaction by
making sure that it is all encrypted and
secure.
The Norton™ Secured Seal Shows customers that you value their trust and that your
site is secure because it has been scanned weekly for
malware and vulnerabilities.
The Norton™ Secured Seal is the most
recognised trust mark on the Internet
Symantec Seal-in-Search™ Displays the widely-recognised Norton Secured Seal trust
mark in web search results.
Increase search traffic
Increase customer trust and confidence.
AdVantage Real-time detection, notification, and analysis of
malvertisement incidents through the cloud from
Symantec.
Comprehensive static & dynamic
malvertisement detection technologies
Instant notification of malvertisement activity
23

24. Stay informed
• Follow us on twitter @nortonsecured @threatintel
• www.symantec.com/threatreport
• go.symantec.com/ssl
• Blogs www.symantec.com/connect/blogs/website-
security-solutions
24

25. Email: andy_horbury@symantec.com
25

26. Thank you!
Copyright © 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in
the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or
implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Andrew Horbury Email: andy_horbury@symantec.com
Mike Smart
Alistair Johnson
26