SlideShare ist ein Scribd-Unternehmen logo

Symantec intelligence report august 2015

Symantec
Symantec

August was a big month for zero-day vulnerabilities, in which a total of 11 were reported. This is by far the largest number disclosed in a given month to-date. Six of these zero-day vulnerabilities impact industrial control systems, devices used in industrial sectors and critical infrastructures, across five vendors. The vulnerabilities cover a wide range of possible attacks, including remote code execution and denial of service attacks. Two further zero-day vulnerabilities were discovered in the Apple OS X operating system. When used in tandem, these two vulnerabilities can cause memory corruption in the OS X kernel and gain the attacker escalated privileges on the compromised computer. These vulnerabilities come on the heels of a new OS X threat called OSX.Sudoprint. This threat exploits a local privilege escalation vulnerability in the OS X operating system, which was patched by Apple at the beginning of August. This threat comprised over 77 percent of the OS X threats we saw on OS X endpoints this month.

Software
1 von 21
Downloaden Sie, um offline zu lesen
SYMANTEC INTELLIGENCE REPORT AUGUST 2015
2 | August 2015 Symantec Intelligence Report 3 Summary 4 From the Security Response Blog 5 August in Numbers 6 Targeted Attacks & Phishing 6 Top 10 Industries Targeted in Spear-Phishing Attacks 6 Spear-Phishing Attacks by Size of Targeted Organization 7 Attachments Used in Spear-Phishing Attacks 7 Phishing Rate 8 Proportion of Email Traffic Identified as Phishing by Industry Sector 8 Proportion of Email Traffic Identified as Phishing by Organization Size 9 Vulnerabilities 9 Total Number of Vulnerabilities 9 Zero-Day Vulnerabilities 10 Vulnerabilities Disclosed in Industrial Control Systems 11 Malware 11 New Malware Variants 11 Top 10 Malware 12 New Malware Variants 12 Top 10 Mac OSX Malware Blocked on OSX Endpoints 13 Ransomware Over Time 13 Crypto-Ransomware Over Time 14 Proportion of Email Traffic in Which Malware Was Detected 14 Percent of Email Malware as URL vs. Attachment by Month 15 Proportion of Email Traffic Identified as Malicious by Industry Sector 15 Proportion of Email Traffic Identified as Malicious by Organization Size 16 Mobile & Social Media 16 Android Mobile Malware Families by Month 16 New Android Variants per Family by Month 17 Social Media 18 Spam 18 Overall Email Spam Rate 18 Proportion of Email Traffic Identified as Spam by Industry Sector 19 Proportion of Email Traffic Identified as Spam by Organization Size 20 About Symantec 20 More Information Welcome to the August edition of the Symantec Intelligence report. Symantec Intelligence aims to provide the latest analysis of cyber security threats, trends, and insights concerning malware, spam, and other potentially harmful business risks. Symantec has established the most comprehensive source of Internet threat data in the world through the Symantec™ Global Intelligence Network, which is made up of more than 57.6 million attack sensors and records thousands of events per second. This network monitors threat activity in over 157 countries and territories through a combination of Symantec products and services such as Symantec DeepSight™ Intelligence, Symantec™ Managed Security Services, Norton™ consumer products, and other third-party data sources.
3 | August 2015 Symantec Intelligence Report Summary August was a big month for zero-day vulnerabilities, in which a total of 11 were reported. This is by far the largest number disclosed in a given month to-date. Six of these zero-day vulnerabilities impact industrial control systems, devices used in indus- trial sectors and critical infrastructures, across five vendors. The vulnerabilities cover a wide range of possible attacks, including remote code execution and denial of service attacks. Two further zero-day vulnerabilities were discovered in the Apple OS X operating system. When used in tandem, these two vulnerabilities can cause memory corruption in the OS X kernel and gain the attacker escalated privileges on the compromised computer. For more information see the Security Response blog republished in this report. These vulnerabilities come on the heels of a new OS X threat called OSX.Sudoprint. This threat exploits a local privilege escalation vulnerability in the OS X operating system, which was patched by Apple at the beginning of August. This threat comprised over 77 percent of the OS X threats we saw on OS X endpoints this month. Ransomware attacks were down in August, where over 155 thousand attacks were detected. While ransomware attacks appear to be down to their lowest levels in the last 12 months, we have reason to believe that attackers have shifted tactics and are currently pushing fake security software, such as FakeAV threats, instead. However, crypto-ransomware continues to grow, setting another monthly high for the year. In other news, the Transportation, Communications, Electric, Gas, & Sanitary Services sector was by far the most targeted sector during August, comprising 52 percent of all targeted attacks. Small businesses with less than 250 employees also made up the majority of organi- zation sizes, where 78.4 percent of spear-phishing attacks were reported. We hope that you enjoy this month’s report and feel free to contact us with any comments or feedback. Ben Nahorney, Cyber Security Threat Analyst symantec_intelligence@symantec.com
4 | August 2015 Symantec Intelligence Report New Mac Os X Vulnerability Could Provide Attackers With Root Access Symantec confirms existence of flaw, which requires victim to voluntarily run an application for exploit. By Symantec Security Response Symantec has confirmed the existence of two new vulner- abilities in the Mac OS X operating system which, if exploited, could allow an attacker to escalate privileges on an affected computer in order to gain root access. While the vulnerabilities require the victim to voluntarily run an application in order for an attack to be successful, they represent a threat until a patch is published by Apple. The vulnerabilities were discovered by Italian researcher Luca Todesco, who posted a proof-of-concept exploit to Github on August 16. Todesco said that he reported the issue to Apple a few hours before making it public. Apple has yet to publicly comment on the vulnerabilities. Analysis by Symantec has confirmed that the proof-of- concept exploit works as described. The vulnerabilities are reported to affect OS X version 10.9.5 to 10.10.5. The beta for OS X 10.11 is understood to be not affected. The exploit uses two different vulnerabilities to create a memory corruption in the OS X kernel. This is then used to bypass security features that block exploit code from running, providing the attacker with root access. News of the new vulnerabilities comes days after another privilege escalation vulnerability was patched by Apple. The Apple Mac OS X Prior to 10.10.5 Multiple Security Vulner- abilities (CVE-2015-3760) enabled a malicious installer to gain root access to an affected computer, allowing it to install other unauthorized software. There have been no reports of these latest vulnerabilities being exploited in the wild; however, the likelihood of attacks will increase as news spreads. Mitigation Until a patch for the vulnerability is issued, affected Mac OS X users are advised to exercise caution and only download and install new software from trusted sources. Mac OS X users are advised to apply any security updates to the OS as soon as they become available. Analysis of this vulnerability is ongoing and further updates may be published if new information is uncovered. From the Security Response Blog About the Security Response blog In the Symantec Intelligence Report we republish a blog that highlights key data or an event that stood out during the month. Our security researchers around the world frequently publish new blogs during the month on topics such as malware, security risks, vulnerabilities, and spam. For the latest security news and information, visit: http://www.symantec.com/connect/symantec-blogs/security-response
5 | August 2015 Symantec Intelligence Report AUGUSTINNUMBERS
6 | August 2015 Symantec Intelligence Report The Transportation, Communications, Electric, Gas, Sanitary Services sector was by far the most targeted sector during August, comprising 52 percent of all targeted attacks. Top 10 Industries Targeted in Spear-Phishing Attacks Source: Symantec Public Administration Construction Retail Nonclassifiable Establishments Wholesale Services - Professional Services - Non Traditional Manufacturing Finance, Insurance, Real Estate Transportation, Communications, Electric, Gas, Sanitary Services 52% 6 12 13 12 7 30 5 11 5 13 2 17 5 1 1 3 2 2 2 August July Top 10 Industries Targeted in Spear-Phishing Attacks Small businesses with less than 250 employees were the target of 78.4 percent of spear-phishing attacks in August, up from 33.2 percent in July. In contrast, 11.7 percent of attacks were directed at large enterprises. Company Size August July 1-250 78.4% 33.2% 251-500 2.8% 12.6% 501-1000 3.3% 7.7% 1001-1500 2.3% 3.0% 1501-2500 1.4% 9.3% 2501+ 11.7% 34.1% Spear-Phishing Attacks by Size of Targeted Organization Source: Symantec Spear-Phishing Attacks by Size of Targeted Organization Targeted Attacks Phishing
7 | August 2015 Symantec Intelligence Report Phishing Rate Inverse Graph: Smaller Number = Greater Risk Source: Symantec 400 800 1200 1600 2000 2400 2800 AJJMAMFJ 2015 DNOS 1IN 1905 2041 1610 1517 1004 1465 2666 2057 1865 2448 1628 647 Phishing Rate The overall phishing rate has decreased slightly this month, where one in 1,905 emails was a phishing attempt. The most commonly seen attachment type used in targeted attacks were .txt files, followed by .doc files, at 32.2 percent and 29.7 percent respectively. Executable files with the .exe extension came in third with 17.3 percent. Rank Attachment Type August Overall Percentage 1 .txt 32.2% 2 .doc 29.7% 3 .exe 17.3% 4 .ace 10.2% 5 .pdf 5.0% 6 .xls 1.9% 7 .pps 1.2% 8 .fas 1.2% 9 .scr 0.6% 10 .class 0.3% Attachments Used in Spear-Phishing Attacks Source: Symantec Attachments Used in Spear-Phishing Attacks
8 | August 2015 Symantec Intelligence Report Company Size August July 1–250 1 in 1,573.9 1 in 1,288.9 251–500 1 in 1,367.0 1 in 1,613.7 501–1000 1 in 1,736.5 1 in 1,899.6 1001–1500 1 in 2,195.5 1 in 2,209.9 1501–2500 1 in 1,862.6 1 in 2,045.5 2501+ 1 in 2,351.2 1 in 1,872.3 Proportion of Email Traffic Identified as Phishing by Organization Size Source: Symantec.cloud Proportion of Email Traffic Identified as Phishing by Organization Size Companies with 251-500 employees were the most targeted organization size in August. Industry August July Agriculture, Forestry, Fishing 1 in 943.7 1 in 837.1 Public Administration 1 in 1,177.7 1 in 1,359.2 Nonclassifiable Establishments 1 in 1,414.3 1 in 1,564.4 Services - Professional 1 in 1,474.3 1 in 1,566.8 Services - Non Traditional 1 in 1,917.3 1 in 1,320.5 Wholesale 1 in 2,241.0 1 in 2,343.8 Finance, Insurance, Real Estate 1 in 2,320.3 1 in 1,357.6 Construction 1 in 2,361.4 1 in 2,241.5 Mining 1 in 2,907.0 1 in 2,017.1 Transportation, Communications, Electric, Gas, Sanitary Services 1 in 3,246.0 1 in 3,114.3 Proportion of Email Traffic Identified as Phishing by Industry Sector Source: Symantec.cloud Proportion of Email Traffic Identified as Phishing by Industry Sector The Agriculture, Forestry, Fishing sector was again the most targeted Industry overall for phishing attempts in August, where phishing comprised one in every 943.7 emails. This rate has been higher in this sector than in any other industry since April.
9 | August 2015 Symantec Intelligence Report The number of vulnerabilities disclosed declined in August, from 579 in July to 348 reported during this month. Total Number of Vulnerabilities Source: Symantec 100 200 300 400 500 600 700 AJJMAMFJ 2015 DNOS 600 596 428 562 471 469 540 579 526 579 348 457 Total Number of Vulnerabilities Vulnerabilities Zero-Day Vulnerabilities There were 11 zero-day vulnerabilities disclosed in August. This includes six targeting industrial control systems and two targeting the OS X operating system. Zero-Day Vulnerabilities Source: Symantec 2 4 6 8 10 12 AJJMAMFJ 2015 DNOS 6 0 2 0 1 2 1 1 1 0 11 3
10 | August 2015 Symantec Intelligence Report Vulnerabilities Disclosed in Industrial Control Systems Source: Symantec 1 2 3 4 5 6 7 AJJMAMFJ 2015 DNOS 1 2 3 4 5 6 7 1 2 1 2 1 3 5 6 1 1 11 Vulnerabilities Unique Vendors Six zero-day vulnerabilities in industrial control systems were reported by in August, impacting five ICS vendors. Vulnerabilities Disclosed in Industrial Control Systems Methodology In some cases the details of a vulnerability are not publicly disclosed during the same month that it was initially discovered. In these cases, our vulnerability metrics are updated to reflect the time that the vulnerability was discovered, as opposed to the month it was disclosed. This can cause fluctuations in the numbers reported for previous months when a new report is released.
11 | August 2015 Symantec Intelligence Report New Malware Variants W32.Ramnit!html and W32. Almanahe.B!inf continue to be the most commonly seen malware detections in August. Rank Malware Name August Percentage Malware Name July Percentage 1 W32.Ramnit!html 6.3% W32.Almanahe.B!inf 6.6% 2 W32.Almanahe.B!inf 5.5% W32.Ramnit!html 5.8% 3 W32.Sality.AE 5.2% W32.Sality.AE 5.7% 4 W32.Downadup.B 3.7% W32.Downadup.B 4.1% 5 W32.Ramnit.B 3.6% W32.Ramnit.B 3.4% 6 W32.Ramnit.B!inf 2.6% Trojan.Swifi 3.2% 7 W97M.Downloader 1.9% W32.Ramnit.B!inf 2.5% 8 Trojan.Swifi 1.8% W97M.Downloader 2.0% 9 W32.Virut.CF 1.6% W32.Virut.CF 1.7% 10 W32.Chir.B@mm(html) 1.3% W32.SillyFDC.BDP!lnk 1.7% Top 10 Malware Source: Symantec Top 10 Malware Malware New Malware Variants Source: Symantec 10 20 30 40 50 60 70 80 AJJMAMFJ 2015 DNOS 57.6 53.7 46.6 26.6 35.9 44.7 33.7 26.5 35.8 29.2 44.5 63.6 MILLIONS There were more than 46.6 million new pieces of malware created in August. While down from July, this is still well above the 41.5 million monthly average seen over the last twelve months.
12 | August 2015 Symantec Intelligence Report New Malware Variants OSX.Sudoprint was the most commonly seen OS X threat on OS X endpoints in August. This threat takes advantage of a vulnerability targeting the OS X operating system that was discovered in July and patched earlier this month. Rank Malware Name August Percentage Malware Name July Percentage 1 OSX.Sudoprint 77.3% OSX.RSPlug.A 61.9% 2 OSX.RSPlug.A 7.5% OSX.Wirelurker 10.0% 3 OSX.Klog.A 4.4% OSX.Crisis 8.4% 4 OSX.Wirelurker 1.9% OSX.Keylogger 4.8% 5 OSX.Crisis 1.5% OSX.Klog.A 3.5% 6 OSX.Flashback.K 1.0% OSX.Luaddit 1.8% 7 OSX.Keylogger 1.0% OSX.Stealbit.B 1.3% 8 OSX.Luaddit 0.8% OSX.Flashback.K 1.3% 9 OSX.Sabpab 0.7% OSX.Freezer 1.1% 10 OSX.Remoteaccess 0.5% OSX.Netweird 0.8% Top 10 Mac OS X Malware Blocked on OS X Endpoints Source: Symantec Top 10 Mac OSX Malware Blocked on OSX Endpoints
13 | August 2015 Symantec Intelligence Report Ransomware Over Time Ransomware attacks were down in August, where over 155 thousand attacks were detected. While ransomware attacks appear to be down to their lowest levels in the last 12 months, we have reason to believe that attackers have shifted tactics and are currently pushing FakeAV threats instead. Ransomware Over Time Source: Symantec 100 200 300 400 500 600 700 800 AJJMAMFJ 2015 DNOS 477 413 155 734 693 756 399 544 354 248 297 738 THOUSANDS Crypto-Ransomware Over Time Crypto-ransomware was up during August, setting another high for 2015. Crypto-Ransomware Over Time Source: Symantec 10 20 30 40 50 60 70 80 AJJMAMFJ 2015 DNOS 31 34 35 62 72 36 20 28 21 23 16 48 THOUSANDS
14 | August 2015 Symantec Intelligence Report Proportion of Email Traffic in Which Malware Was Detected The proportion of email traffic containing malware increased this month, where one in 252 emails contained malware. 100 150 200 250 300 350 400 AJJMAMFJ 2015 DNOS 1IN Proportion of Email Traffic in Which Malware Was Detected Source: Symantec Inverse Graph: Smaller Number = Greater Risk 319 337 252 351 329 195 207 237 274 246 207 246 Percent of Email Malware as URL vs. Attachment by Month The percentage of email malware that contains a URL remained low this month, hovering around three percent. Percent of Email Malware as URL vs. Attachment by Month Source: Symantec 10 20 30 40 50% AJJMAMFJ 2015 DNOS 3 6 7 14 5 3 8 3 3 3 3 41
15 | August 2015 Symantec Intelligence Report Industry August July Public Administration 1 in 154.4 1 in 288.9 Agriculture, Forestry, Fishing 1 in 227.6 1 in 252.7 Services - Professional 1 in 249.1 1 in 338.0 Wholesale 1 in 274.6 1 in 333.3 Construction 1 in 288.0 1 in 376.3 Services - Non Traditional 1 in 311.0 1 in 280.1 Finance, Insurance. Real Estate 1 in 351.4 1 in 416.4 Nonclassifiable Establishments 1 in 385.9 1 in 519.5 Transportation, Communications, Electric, Gas. Sanitary Services 1 in 392.6 1 in 392.4 Mining 1 in 484.9 1 in 438.3 Proportion of Email Traffic Identified as Malicious by Industry Sector Source: Symantec.cloud Proportion of Email Traffic Identified as Malicious by Industry Sector Public Administration was the most targeted sector in August, where one in every 252.7 emails contained malware. Company Size August July 1-250 1 in 162.1 1 in 275.8 251-500 1 in 206.0 1 in 259.5 501-1000 1 in 249.1 1 in 351.1 1001-1500 1 in 291.3 1 in 389.5 1501-2500 1 in 299.8 1 in 373.2 2501+ 1 in 409.7 1 in 401.7 Proportion of Email Traffic Identified as Malicious by Organization Size Source: Symantec.cloud Proportion of Email Traffic Identified as Malicious by Organization Size Organizations with less than 250 employees were most likely to be targeted by malicious email in the month of August, where one in 162.1 emails was malicious.
16 | August 2015 Symantec Intelligence Report Mobile Social Media 1 2 3 4 5 6 7 8 9 AJJMAMFJ 2015 DNOS Android Mobile Malware Families by Month Source: Symantec 4 1 0 3 5 6 3 0 3 1 2 8 In August there were no new mobile malware families discovered. Android Mobile Malware Families by Month There was an average of 44 Android malware variants per family in the month of in August. 10 20 30 40 50 AJJMAMFJ 2015 DNOS New Android Variants per Family by Month Source: Symantec 40 42 44 33 37 36 38 38 38 39 39 36 New Android Variants per Family by Month
17 | August 2015 Symantec Intelligence Report Last 12 Months Social Media Source: Symantec 10 20 30 40 50 60 70 80 90 100% Comment Jacking Fake Apps LikejackingFake Offering Manual Sharing 5 79 14 .12 Manual Sharing – These rely on victims to actually do the work of sharing the scam by presenting them with intriguing videos, fake offers or messages that they share with their friends. Fake Offering – These scams invite social network users to join a fake event or group with incentives such as free gift cards. Joining often requires the user to share credentials with the attacker or send a text to a premium rate number. Likejacking – Using fake “Like” buttons, attackers trick users into clicking website buttons that install malware and may post updates on a user’s newsfeed, spreading the attack. Fake Apps – Users are invited to subscribe to an application that appears to be integrated for use with a social network, but is not as described and may be used to steal credentials or harvest other personal data. Comment Jacking – This attack is similar to the Like jacking where the attacker tricks the user into submitting a comment about a link or site, which will then be posted to his/her wall. Social Media In the last twelve months, 79 percent of social media threats required end users to propagate them. Fake offerings comprised 14 percent of social media threats.
18 | August 2015 Symantec Intelligence Report 53 50 5052.5% +2.4% pts 50.1% +.4% pts 49.7% -1.8% pts August July June Overall Email Spam Rate Source: Symantec Overall Email Spam Rate The overall email spam rate in August was 52.5 percent, up 2.4 percentage points from July. Spam Industry August July Mining 54.8% 55.7% Manufacturing 53.9% 53.8% Construction 53.4% 53.0% Services - Professional 53.1% 52.5% Retail 52.7% 53.0% Services - Non Traditional 52.6% 51.9% Nonclassifiable Establishments 52.6% 52.0% Public Administration 52.5% – Agriculture, forestry fishing 52.4% 52.2% Wholesale 52.4% 52.1% Proportion of Email Traffic Identified as Spam by Industry Sector Source: Symantec.cloudProportion of Email Traffic Identified as Spam by Industry Sector At 54.8 percent, the Mining sector again had the highest spam rate during August. The Manufacturing sector came in second with 53.9 percent.
19 | August 2015 Symantec Intelligence Report Company Size August July 1–250 52.7% 52.3% 251–500 53.0% 52.6% 501–1000 52.9% 52.3% 1001–1500 52.3% 51.9% 1501–2500 52.6% 52.2% 2501+ 52.6% 52.4% Proportion of Email Traffic Identified as Spam by Organization Size Source: Symantec.cloud Proportion of Email Traffic Identified as Spam by Organization Size While most organization sizes had around a 52 percent spam rate, organizations with 251-500 employees had the highest rate at 53 percent.
20 | August 2015 Symantec Intelligence Report About Symantec More Information Symantec Worldwide: http://www.symantec.com/ ISTR and Symantec Intelligence Resources: http://www.symantec.com/threatreport/ Symantec Security Response: http://www.symantec.com/security_response/ Norton Threat Explorer: http://us.norton.com/security_response/threatexplorer/ Symantec Corporation (NASDAQ: SYMC) is an information protection expert that helps people, businesses and governments seeking the freedom to unlock the opportunities technology brings – anytime, anywhere. Founded in April 1982, Symantec, a Fortune 500 company, operating one of the largest global data-intelligence networks, has provided leading security, backup and availability solutions for where vital information is stored, accessed and shared. The company’s more than 20,000 employees reside in more than 50 countries. Ninety-nine percent of Fortune 500 companies are Symantec customers. In fiscal 2014, it recorded revenues of $6.7 billion. To learn more go to www.symantec.com or connect with Symantec at: go.symantec.com/socialmedia.
For specific country offices and contact numbers, please visit our website. For product information in the U.S., call toll-free 1 (800) 745 6054. Symantec Corporation World Headquarters 350 Ellis Street Mountain View, CA 94043 USA +1 (650) 527 8000 1 (800) 721 3934 www.symantec.com Copyright © 2015 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners 04/15 21,500-21347932

Empfohlen

Symantec Intelligence Report - July 2014
Symantec Intelligence Report - July 2014Symantec Intelligence Report - July 2014
Symantec Intelligence Report - July 2014Symantec
 
Symantec Intelligence Report: February 2015
Symantec Intelligence Report: February 2015Symantec Intelligence Report: February 2015
Symantec Intelligence Report: February 2015Symantec
 
Symantec Intelligence Report September 2014
Symantec Intelligence Report September 2014Symantec Intelligence Report September 2014
Symantec Intelligence Report September 2014Symantec
 
Intelligence report-06-2015.en-us[1]
Intelligence report-06-2015.en-us[1]Intelligence report-06-2015.en-us[1]
Intelligence report-06-2015.en-us[1]Sergey Ulankin
 
INTSUM
INTSUMINTSUM
INTSUMworldwidebranding
 
Symantec Intelligence Report December 2014
Symantec Intelligence Report December 2014Symantec Intelligence Report December 2014
Symantec Intelligence Report December 2014Symantec
 
Symantec Cyber Security Intelligence Report
Symantec Cyber Security Intelligence ReportSymantec Cyber Security Intelligence Report
Symantec Cyber Security Intelligence ReportSymantec
 
Ey giss-under-cyber-attack
Ey giss-under-cyber-attackEy giss-under-cyber-attack
Ey giss-under-cyber-attackКомсс Файквэе
 

Empfohlen

Symantec Intelligence Report - July 2014
Symantec Intelligence Report - July 2014Symantec Intelligence Report - July 2014
Symantec Intelligence Report - July 2014Symantec
 
Symantec Intelligence Report: February 2015
Symantec Intelligence Report: February 2015Symantec Intelligence Report: February 2015
Symantec Intelligence Report: February 2015Symantec
 
Symantec Intelligence Report September 2014
Symantec Intelligence Report September 2014Symantec Intelligence Report September 2014
Symantec Intelligence Report September 2014Symantec
 
Intelligence report-06-2015.en-us[1]
Intelligence report-06-2015.en-us[1]Intelligence report-06-2015.en-us[1]
Intelligence report-06-2015.en-us[1]Sergey Ulankin
 
INTSUM
INTSUMINTSUM
INTSUMworldwidebranding
 
Symantec Intelligence Report December 2014
Symantec Intelligence Report December 2014Symantec Intelligence Report December 2014
Symantec Intelligence Report December 2014Symantec
 
Symantec Cyber Security Intelligence Report
Symantec Cyber Security Intelligence ReportSymantec Cyber Security Intelligence Report
Symantec Cyber Security Intelligence ReportSymantec
 
Ey giss-under-cyber-attack
Ey giss-under-cyber-attackEy giss-under-cyber-attack
Ey giss-under-cyber-attackКомсс Файквэе
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec Technology and Consulting
 
2013 Threat Report
2013 Threat Report2013 Threat Report
2013 Threat ReportEnvision Technology Advisors
 
Websense 2013 Threat Report
Websense 2013 Threat ReportWebsense 2013 Threat Report
Websense 2013 Threat ReportKim Jensen
 
CSS Trivia
CSS TriviaCSS Trivia
CSS TriviaAlert Logic
 
Symantec Internet Security Threat Report Volume 2015
Symantec Internet Security Threat Report Volume 2015Symantec Internet Security Threat Report Volume 2015
Symantec Internet Security Threat Report Volume 2015Waqas Amir
 
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...ESET Middle East
 
Rp quarterly-threat-q1-2012
Rp quarterly-threat-q1-2012Rp quarterly-threat-q1-2012
Rp quarterly-threat-q1-2012Комсс Файквэе
 
Trendlabs 1h-2016-security-roundup-en
Trendlabs 1h-2016-security-roundup-enTrendlabs 1h-2016-security-roundup-en
Trendlabs 1h-2016-security-roundup-enAndrey Apuhtin
 
Mobile threat report_q3_2013
Mobile threat report_q3_2013Mobile threat report_q3_2013
Mobile threat report_q3_2013Комсс Файквэе
 
Istr number 23 internet security threat repor 2018 symantec
Istr number 23 internet security threat repor 2018 symantecIstr number 23 internet security threat repor 2018 symantec
Istr number 23 internet security threat repor 2018 symantecSoluciona Facil
 
Symantec Internet Security Threat Report 2014 - Volume 19
Symantec Internet Security Threat Report 2014 - Volume 19Symantec Internet Security Threat Report 2014 - Volume 19
Symantec Internet Security Threat Report 2014 - Volume 19Symantec
 
Symantec Intelligence Report
Symantec Intelligence ReportSymantec Intelligence Report
Symantec Intelligence ReportSymantec
 
Trend micro research covid19 threat brief summary 27 mar
Trend micro research covid19 threat brief summary 27 marTrend micro research covid19 threat brief summary 27 mar
Trend micro research covid19 threat brief summary 27 marPrime Infoserv
 
2016 Trends in Security
2016 Trends in Security 2016 Trends in Security
2016 Trends in Security Ioannis Aligizakis, M.Sc.
 
Microsoft Security Intelligence Report vol. 21
Microsoft Security Intelligence Report vol. 21Microsoft Security Intelligence Report vol. 21
Microsoft Security Intelligence Report vol. 21Ioannis Aligizakis, M.Sc.
 
Next Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA ComplianceNext Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA ComplianceNext Dimension Inc.
 
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...Black Duck by Synopsys
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsAlan Kan
 
Symantec Intelligence Report - June 2014
Symantec Intelligence Report - June 2014Symantec Intelligence Report - June 2014
Symantec Intelligence Report - June 2014Symantec
 
Symantec Intelligence Report - October 2014
Symantec Intelligence Report - October 2014Symantec Intelligence Report - October 2014
Symantec Intelligence Report - October 2014Symantec
 
The unprecedented state of web insecurity
The unprecedented state of web insecurityThe unprecedented state of web insecurity
The unprecedented state of web insecurityVincent Kwon
 
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source LicensesOpen Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source LicensesBlack Duck by Synopsys
 

Weitere ähnliche Inhalte

Was ist angesagt?

Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec Technology and Consulting
 
Websense 2013 Threat Report
Websense 2013 Threat ReportWebsense 2013 Threat Report
Websense 2013 Threat ReportKim Jensen
 
Symantec Internet Security Threat Report Volume 2015
Symantec Internet Security Threat Report Volume 2015Symantec Internet Security Threat Report Volume 2015
Symantec Internet Security Threat Report Volume 2015Waqas Amir
 
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...ESET Middle East
 
Trendlabs 1h-2016-security-roundup-en
Trendlabs 1h-2016-security-roundup-enTrendlabs 1h-2016-security-roundup-en
Trendlabs 1h-2016-security-roundup-enAndrey Apuhtin
 
Istr number 23 internet security threat repor 2018 symantec
Istr number 23 internet security threat repor 2018 symantecIstr number 23 internet security threat repor 2018 symantec
Istr number 23 internet security threat repor 2018 symantecSoluciona Facil
 
Symantec Internet Security Threat Report 2014 - Volume 19
Symantec Internet Security Threat Report 2014 - Volume 19Symantec Internet Security Threat Report 2014 - Volume 19
Symantec Internet Security Threat Report 2014 - Volume 19Symantec
 
Symantec Intelligence Report
Symantec Intelligence ReportSymantec Intelligence Report
Symantec Intelligence ReportSymantec
 
Trend micro research covid19 threat brief summary 27 mar
Trend micro research covid19 threat brief summary 27 marTrend micro research covid19 threat brief summary 27 mar
Trend micro research covid19 threat brief summary 27 marPrime Infoserv
 
Microsoft Security Intelligence Report vol. 21
Microsoft Security Intelligence Report vol. 21Microsoft Security Intelligence Report vol. 21
Microsoft Security Intelligence Report vol. 21Ioannis Aligizakis, M.Sc.
 
Next Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA ComplianceNext Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA ComplianceNext Dimension Inc.
 
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...Black Duck by Synopsys
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsAlan Kan
 

Was ist angesagt? (18)

Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
 
2013 Threat Report
2013 Threat Report2013 Threat Report
2013 Threat Report
 
Websense 2013 Threat Report
Websense 2013 Threat ReportWebsense 2013 Threat Report
Websense 2013 Threat Report
 
CSS Trivia
CSS TriviaCSS Trivia
CSS Trivia
 
Symantec Internet Security Threat Report Volume 2015
Symantec Internet Security Threat Report Volume 2015Symantec Internet Security Threat Report Volume 2015
Symantec Internet Security Threat Report Volume 2015
 
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
 
Rp quarterly-threat-q1-2012
Rp quarterly-threat-q1-2012Rp quarterly-threat-q1-2012
Rp quarterly-threat-q1-2012
 
Trendlabs 1h-2016-security-roundup-en
Trendlabs 1h-2016-security-roundup-enTrendlabs 1h-2016-security-roundup-en
Trendlabs 1h-2016-security-roundup-en
 
Mobile threat report_q3_2013
Mobile threat report_q3_2013Mobile threat report_q3_2013
Mobile threat report_q3_2013
 
Istr number 23 internet security threat repor 2018 symantec
Istr number 23 internet security threat repor 2018 symantecIstr number 23 internet security threat repor 2018 symantec
Istr number 23 internet security threat repor 2018 symantec
 
Symantec Internet Security Threat Report 2014 - Volume 19
Symantec Internet Security Threat Report 2014 - Volume 19Symantec Internet Security Threat Report 2014 - Volume 19
Symantec Internet Security Threat Report 2014 - Volume 19
 
Symantec Intelligence Report
Symantec Intelligence ReportSymantec Intelligence Report
Symantec Intelligence Report
 
Trend micro research covid19 threat brief summary 27 mar
Trend micro research covid19 threat brief summary 27 marTrend micro research covid19 threat brief summary 27 mar
Trend micro research covid19 threat brief summary 27 mar
 
2016 Trends in Security
2016 Trends in Security 2016 Trends in Security
2016 Trends in Security
 
Microsoft Security Intelligence Report vol. 21
Microsoft Security Intelligence Report vol. 21Microsoft Security Intelligence Report vol. 21
Microsoft Security Intelligence Report vol. 21
 
Next Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA ComplianceNext Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA Compliance
 
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging Threats
 

Ähnlich wie Symantec intelligence report august 2015

Symantec Intelligence Report - June 2014
Symantec Intelligence Report - June 2014Symantec Intelligence Report - June 2014
Symantec Intelligence Report - June 2014Symantec
 
Symantec Intelligence Report - October 2014
Symantec Intelligence Report - October 2014Symantec Intelligence Report - October 2014
Symantec Intelligence Report - October 2014Symantec
 
The unprecedented state of web insecurity
The unprecedented state of web insecurityThe unprecedented state of web insecurity
The unprecedented state of web insecurityVincent Kwon
 
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source LicensesOpen Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source LicensesBlack Duck by Synopsys
 
Symantec Intelligence Report: May 2015
Symantec Intelligence Report: May 2015Symantec Intelligence Report: May 2015
Symantec Intelligence Report: May 2015Symantec
 
En msft-scrty-cntnt-e book-cybersecurity
En msft-scrty-cntnt-e book-cybersecurityEn msft-scrty-cntnt-e book-cybersecurity
En msft-scrty-cntnt-e book-cybersecurityOnline Business
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec Technology and Consulting
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexIBM Security
 
IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015Andreanne Clarke
 
Turning the Tables on Cyber Attacks
Turning the Tables on Cyber AttacksTurning the Tables on Cyber Attacks
Turning the Tables on Cyber Attacks- Mark - Fullbright
 
Symantec Intelligence Report November 2014
Symantec Intelligence Report November 2014Symantec Intelligence Report November 2014
Symantec Intelligence Report November 2014Symantec
 
McAFEE LABS THREATS REPORT - Fourth Quarter 2013
McAFEE LABS THREATS REPORT - Fourth Quarter 2013McAFEE LABS THREATS REPORT - Fourth Quarter 2013
McAFEE LABS THREATS REPORT - Fourth Quarter 2013- Mark - Fullbright
 
WatchGuard Internet Security Report
WatchGuard Internet Security ReportWatchGuard Internet Security Report
WatchGuard Internet Security ReportBAKOTECH
 
2009 X Force Treath And Risk Wwiscop
2009 X Force Treath And Risk Wwiscop2009 X Force Treath And Risk Wwiscop
2009 X Force Treath And Risk WwiscopJuan Carlos Carrillo
 
Symantec Intelligence Report - Oct 2015
Symantec Intelligence Report - Oct 2015Symantec Intelligence Report - Oct 2015
Symantec Intelligence Report - Oct 2015CheapSSLUSA
 
Threat Check for Struts Released, Equifax Breach Dominates News
Threat Check for Struts Released, Equifax Breach Dominates NewsThreat Check for Struts Released, Equifax Breach Dominates News
Threat Check for Struts Released, Equifax Breach Dominates NewsBlack Duck by Synopsys
 
State of Application Security Vol. 4
State of Application Security Vol. 4State of Application Security Vol. 4
State of Application Security Vol. 4IBM Security
 

Ähnlich wie Symantec intelligence report august 2015 (20)

Symantec Intelligence Report - June 2014
Symantec Intelligence Report - June 2014Symantec Intelligence Report - June 2014
Symantec Intelligence Report - June 2014
 
Symantec Intelligence Report - October 2014
Symantec Intelligence Report - October 2014Symantec Intelligence Report - October 2014
Symantec Intelligence Report - October 2014
 
The unprecedented state of web insecurity
The unprecedented state of web insecurityThe unprecedented state of web insecurity
The unprecedented state of web insecurity
 
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source LicensesOpen Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses
 
Symantec Intelligence Report: May 2015
Symantec Intelligence Report: May 2015Symantec Intelligence Report: May 2015
Symantec Intelligence Report: May 2015
 
En msft-scrty-cntnt-e book-cybersecurity
En msft-scrty-cntnt-e book-cybersecurityEn msft-scrty-cntnt-e book-cybersecurity
En msft-scrty-cntnt-e book-cybersecurity
 
Rapport X force 2014
Rapport X force 2014Rapport X force 2014
Rapport X force 2014
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
 
Presentation gdl
Presentation gdlPresentation gdl
Presentation gdl
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence Index
 
IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015
 
Turning the Tables on Cyber Attacks
Turning the Tables on Cyber AttacksTurning the Tables on Cyber Attacks
Turning the Tables on Cyber Attacks
 
Symantec Intelligence Report November 2014
Symantec Intelligence Report November 2014Symantec Intelligence Report November 2014
Symantec Intelligence Report November 2014
 
McAFEE LABS THREATS REPORT - Fourth Quarter 2013
McAFEE LABS THREATS REPORT - Fourth Quarter 2013McAFEE LABS THREATS REPORT - Fourth Quarter 2013
McAFEE LABS THREATS REPORT - Fourth Quarter 2013
 
WatchGuard Internet Security Report
WatchGuard Internet Security ReportWatchGuard Internet Security Report
WatchGuard Internet Security Report
 
Rp quarterly-threat-q1-2012
Rp quarterly-threat-q1-2012Rp quarterly-threat-q1-2012
Rp quarterly-threat-q1-2012
 
2009 X Force Treath And Risk Wwiscop
2009 X Force Treath And Risk Wwiscop2009 X Force Treath And Risk Wwiscop
2009 X Force Treath And Risk Wwiscop
 
Symantec Intelligence Report - Oct 2015
Symantec Intelligence Report - Oct 2015Symantec Intelligence Report - Oct 2015
Symantec Intelligence Report - Oct 2015
 
Threat Check for Struts Released, Equifax Breach Dominates News
Threat Check for Struts Released, Equifax Breach Dominates NewsThreat Check for Struts Released, Equifax Breach Dominates News
Threat Check for Struts Released, Equifax Breach Dominates News
 
State of Application Security Vol. 4
State of Application Security Vol. 4State of Application Security Vol. 4
State of Application Security Vol. 4
 

Mehr von Symantec

Symantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec
 
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec
 
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec
 
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec
 
Symantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec
 
Symantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec
 
Symantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec
 
Symantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec
 
Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec
 
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec
 

Mehr von Symantec (20)

Symantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of Broadcom
 
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
 
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
 
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
 
Symantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own IT
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security Webinar
 
Symantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat Report
 
Symantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec Cloud Security Threat Report
Symantec Cloud Security Threat Report
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB Projects
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
 
Symantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year On
 
Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front Lines
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
 
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
 

Kürzlich hochgeladen

Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfCionsystems
 

Kürzlich hochgeladen (20)

Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdf
 

Symantec intelligence report august 2015

  • 2. 2 | August 2015 Symantec Intelligence Report 3 Summary 4 From the Security Response Blog 5 August in Numbers 6 Targeted Attacks & Phishing 6 Top 10 Industries Targeted in Spear-Phishing Attacks 6 Spear-Phishing Attacks by Size of Targeted Organization 7 Attachments Used in Spear-Phishing Attacks 7 Phishing Rate 8 Proportion of Email Traffic Identified as Phishing by Industry Sector 8 Proportion of Email Traffic Identified as Phishing by Organization Size 9 Vulnerabilities 9 Total Number of Vulnerabilities 9 Zero-Day Vulnerabilities 10 Vulnerabilities Disclosed in Industrial Control Systems 11 Malware 11 New Malware Variants 11 Top 10 Malware 12 New Malware Variants 12 Top 10 Mac OSX Malware Blocked on OSX Endpoints 13 Ransomware Over Time 13 Crypto-Ransomware Over Time 14 Proportion of Email Traffic in Which Malware Was Detected 14 Percent of Email Malware as URL vs. Attachment by Month 15 Proportion of Email Traffic Identified as Malicious by Industry Sector 15 Proportion of Email Traffic Identified as Malicious by Organization Size 16 Mobile & Social Media 16 Android Mobile Malware Families by Month 16 New Android Variants per Family by Month 17 Social Media 18 Spam 18 Overall Email Spam Rate 18 Proportion of Email Traffic Identified as Spam by Industry Sector 19 Proportion of Email Traffic Identified as Spam by Organization Size 20 About Symantec 20 More Information Welcome to the August edition of the Symantec Intelligence report. Symantec Intelligence aims to provide the latest analysis of cyber security threats, trends, and insights concerning malware, spam, and other potentially harmful business risks. Symantec has established the most comprehensive source of Internet threat data in the world through the Symantec™ Global Intelligence Network, which is made up of more than 57.6 million attack sensors and records thousands of events per second. This network monitors threat activity in over 157 countries and territories through a combination of Symantec products and services such as Symantec DeepSight™ Intelligence, Symantec™ Managed Security Services, Norton™ consumer products, and other third-party data sources.
  • 3. 3 | August 2015 Symantec Intelligence Report Summary August was a big month for zero-day vulnerabilities, in which a total of 11 were reported. This is by far the largest number disclosed in a given month to-date. Six of these zero-day vulnerabilities impact industrial control systems, devices used in indus- trial sectors and critical infrastructures, across five vendors. The vulnerabilities cover a wide range of possible attacks, including remote code execution and denial of service attacks. Two further zero-day vulnerabilities were discovered in the Apple OS X operating system. When used in tandem, these two vulnerabilities can cause memory corruption in the OS X kernel and gain the attacker escalated privileges on the compromised computer. For more information see the Security Response blog republished in this report. These vulnerabilities come on the heels of a new OS X threat called OSX.Sudoprint. This threat exploits a local privilege escalation vulnerability in the OS X operating system, which was patched by Apple at the beginning of August. This threat comprised over 77 percent of the OS X threats we saw on OS X endpoints this month. Ransomware attacks were down in August, where over 155 thousand attacks were detected. While ransomware attacks appear to be down to their lowest levels in the last 12 months, we have reason to believe that attackers have shifted tactics and are currently pushing fake security software, such as FakeAV threats, instead. However, crypto-ransomware continues to grow, setting another monthly high for the year. In other news, the Transportation, Communications, Electric, Gas, & Sanitary Services sector was by far the most targeted sector during August, comprising 52 percent of all targeted attacks. Small businesses with less than 250 employees also made up the majority of organi- zation sizes, where 78.4 percent of spear-phishing attacks were reported. We hope that you enjoy this month’s report and feel free to contact us with any comments or feedback. Ben Nahorney, Cyber Security Threat Analyst symantec_intelligence@symantec.com
  • 4. 4 | August 2015 Symantec Intelligence Report New Mac Os X Vulnerability Could Provide Attackers With Root Access Symantec confirms existence of flaw, which requires victim to voluntarily run an application for exploit. By Symantec Security Response Symantec has confirmed the existence of two new vulner- abilities in the Mac OS X operating system which, if exploited, could allow an attacker to escalate privileges on an affected computer in order to gain root access. While the vulnerabilities require the victim to voluntarily run an application in order for an attack to be successful, they represent a threat until a patch is published by Apple. The vulnerabilities were discovered by Italian researcher Luca Todesco, who posted a proof-of-concept exploit to Github on August 16. Todesco said that he reported the issue to Apple a few hours before making it public. Apple has yet to publicly comment on the vulnerabilities. Analysis by Symantec has confirmed that the proof-of- concept exploit works as described. The vulnerabilities are reported to affect OS X version 10.9.5 to 10.10.5. The beta for OS X 10.11 is understood to be not affected. The exploit uses two different vulnerabilities to create a memory corruption in the OS X kernel. This is then used to bypass security features that block exploit code from running, providing the attacker with root access. News of the new vulnerabilities comes days after another privilege escalation vulnerability was patched by Apple. The Apple Mac OS X Prior to 10.10.5 Multiple Security Vulner- abilities (CVE-2015-3760) enabled a malicious installer to gain root access to an affected computer, allowing it to install other unauthorized software. There have been no reports of these latest vulnerabilities being exploited in the wild; however, the likelihood of attacks will increase as news spreads. Mitigation Until a patch for the vulnerability is issued, affected Mac OS X users are advised to exercise caution and only download and install new software from trusted sources. Mac OS X users are advised to apply any security updates to the OS as soon as they become available. Analysis of this vulnerability is ongoing and further updates may be published if new information is uncovered. From the Security Response Blog About the Security Response blog In the Symantec Intelligence Report we republish a blog that highlights key data or an event that stood out during the month. Our security researchers around the world frequently publish new blogs during the month on topics such as malware, security risks, vulnerabilities, and spam. For the latest security news and information, visit: http://www.symantec.com/connect/symantec-blogs/security-response
  • 5. 5 | August 2015 Symantec Intelligence Report AUGUSTINNUMBERS
  • 6. 6 | August 2015 Symantec Intelligence Report The Transportation, Communications, Electric, Gas, Sanitary Services sector was by far the most targeted sector during August, comprising 52 percent of all targeted attacks. Top 10 Industries Targeted in Spear-Phishing Attacks Source: Symantec Public Administration Construction Retail Nonclassifiable Establishments Wholesale Services - Professional Services - Non Traditional Manufacturing Finance, Insurance, Real Estate Transportation, Communications, Electric, Gas, Sanitary Services 52% 6 12 13 12 7 30 5 11 5 13 2 17 5 1 1 3 2 2 2 August July Top 10 Industries Targeted in Spear-Phishing Attacks Small businesses with less than 250 employees were the target of 78.4 percent of spear-phishing attacks in August, up from 33.2 percent in July. In contrast, 11.7 percent of attacks were directed at large enterprises. Company Size August July 1-250 78.4% 33.2% 251-500 2.8% 12.6% 501-1000 3.3% 7.7% 1001-1500 2.3% 3.0% 1501-2500 1.4% 9.3% 2501+ 11.7% 34.1% Spear-Phishing Attacks by Size of Targeted Organization Source: Symantec Spear-Phishing Attacks by Size of Targeted Organization Targeted Attacks Phishing
  • 7. 7 | August 2015 Symantec Intelligence Report Phishing Rate Inverse Graph: Smaller Number = Greater Risk Source: Symantec 400 800 1200 1600 2000 2400 2800 AJJMAMFJ 2015 DNOS 1IN 1905 2041 1610 1517 1004 1465 2666 2057 1865 2448 1628 647 Phishing Rate The overall phishing rate has decreased slightly this month, where one in 1,905 emails was a phishing attempt. The most commonly seen attachment type used in targeted attacks were .txt files, followed by .doc files, at 32.2 percent and 29.7 percent respectively. Executable files with the .exe extension came in third with 17.3 percent. Rank Attachment Type August Overall Percentage 1 .txt 32.2% 2 .doc 29.7% 3 .exe 17.3% 4 .ace 10.2% 5 .pdf 5.0% 6 .xls 1.9% 7 .pps 1.2% 8 .fas 1.2% 9 .scr 0.6% 10 .class 0.3% Attachments Used in Spear-Phishing Attacks Source: Symantec Attachments Used in Spear-Phishing Attacks
  • 8. 8 | August 2015 Symantec Intelligence Report Company Size August July 1–250 1 in 1,573.9 1 in 1,288.9 251–500 1 in 1,367.0 1 in 1,613.7 501–1000 1 in 1,736.5 1 in 1,899.6 1001–1500 1 in 2,195.5 1 in 2,209.9 1501–2500 1 in 1,862.6 1 in 2,045.5 2501+ 1 in 2,351.2 1 in 1,872.3 Proportion of Email Traffic Identified as Phishing by Organization Size Source: Symantec.cloud Proportion of Email Traffic Identified as Phishing by Organization Size Companies with 251-500 employees were the most targeted organization size in August. Industry August July Agriculture, Forestry, Fishing 1 in 943.7 1 in 837.1 Public Administration 1 in 1,177.7 1 in 1,359.2 Nonclassifiable Establishments 1 in 1,414.3 1 in 1,564.4 Services - Professional 1 in 1,474.3 1 in 1,566.8 Services - Non Traditional 1 in 1,917.3 1 in 1,320.5 Wholesale 1 in 2,241.0 1 in 2,343.8 Finance, Insurance, Real Estate 1 in 2,320.3 1 in 1,357.6 Construction 1 in 2,361.4 1 in 2,241.5 Mining 1 in 2,907.0 1 in 2,017.1 Transportation, Communications, Electric, Gas, Sanitary Services 1 in 3,246.0 1 in 3,114.3 Proportion of Email Traffic Identified as Phishing by Industry Sector Source: Symantec.cloud Proportion of Email Traffic Identified as Phishing by Industry Sector The Agriculture, Forestry, Fishing sector was again the most targeted Industry overall for phishing attempts in August, where phishing comprised one in every 943.7 emails. This rate has been higher in this sector than in any other industry since April.
  • 9. 9 | August 2015 Symantec Intelligence Report The number of vulnerabilities disclosed declined in August, from 579 in July to 348 reported during this month. Total Number of Vulnerabilities Source: Symantec 100 200 300 400 500 600 700 AJJMAMFJ 2015 DNOS 600 596 428 562 471 469 540 579 526 579 348 457 Total Number of Vulnerabilities Vulnerabilities Zero-Day Vulnerabilities There were 11 zero-day vulnerabilities disclosed in August. This includes six targeting industrial control systems and two targeting the OS X operating system. Zero-Day Vulnerabilities Source: Symantec 2 4 6 8 10 12 AJJMAMFJ 2015 DNOS 6 0 2 0 1 2 1 1 1 0 11 3
  • 10. 10 | August 2015 Symantec Intelligence Report Vulnerabilities Disclosed in Industrial Control Systems Source: Symantec 1 2 3 4 5 6 7 AJJMAMFJ 2015 DNOS 1 2 3 4 5 6 7 1 2 1 2 1 3 5 6 1 1 11 Vulnerabilities Unique Vendors Six zero-day vulnerabilities in industrial control systems were reported by in August, impacting five ICS vendors. Vulnerabilities Disclosed in Industrial Control Systems Methodology In some cases the details of a vulnerability are not publicly disclosed during the same month that it was initially discovered. In these cases, our vulnerability metrics are updated to reflect the time that the vulnerability was discovered, as opposed to the month it was disclosed. This can cause fluctuations in the numbers reported for previous months when a new report is released.
  • 11. 11 | August 2015 Symantec Intelligence Report New Malware Variants W32.Ramnit!html and W32. Almanahe.B!inf continue to be the most commonly seen malware detections in August. Rank Malware Name August Percentage Malware Name July Percentage 1 W32.Ramnit!html 6.3% W32.Almanahe.B!inf 6.6% 2 W32.Almanahe.B!inf 5.5% W32.Ramnit!html 5.8% 3 W32.Sality.AE 5.2% W32.Sality.AE 5.7% 4 W32.Downadup.B 3.7% W32.Downadup.B 4.1% 5 W32.Ramnit.B 3.6% W32.Ramnit.B 3.4% 6 W32.Ramnit.B!inf 2.6% Trojan.Swifi 3.2% 7 W97M.Downloader 1.9% W32.Ramnit.B!inf 2.5% 8 Trojan.Swifi 1.8% W97M.Downloader 2.0% 9 W32.Virut.CF 1.6% W32.Virut.CF 1.7% 10 W32.Chir.B@mm(html) 1.3% W32.SillyFDC.BDP!lnk 1.7% Top 10 Malware Source: Symantec Top 10 Malware Malware New Malware Variants Source: Symantec 10 20 30 40 50 60 70 80 AJJMAMFJ 2015 DNOS 57.6 53.7 46.6 26.6 35.9 44.7 33.7 26.5 35.8 29.2 44.5 63.6 MILLIONS There were more than 46.6 million new pieces of malware created in August. While down from July, this is still well above the 41.5 million monthly average seen over the last twelve months.
  • 12. 12 | August 2015 Symantec Intelligence Report New Malware Variants OSX.Sudoprint was the most commonly seen OS X threat on OS X endpoints in August. This threat takes advantage of a vulnerability targeting the OS X operating system that was discovered in July and patched earlier this month. Rank Malware Name August Percentage Malware Name July Percentage 1 OSX.Sudoprint 77.3% OSX.RSPlug.A 61.9% 2 OSX.RSPlug.A 7.5% OSX.Wirelurker 10.0% 3 OSX.Klog.A 4.4% OSX.Crisis 8.4% 4 OSX.Wirelurker 1.9% OSX.Keylogger 4.8% 5 OSX.Crisis 1.5% OSX.Klog.A 3.5% 6 OSX.Flashback.K 1.0% OSX.Luaddit 1.8% 7 OSX.Keylogger 1.0% OSX.Stealbit.B 1.3% 8 OSX.Luaddit 0.8% OSX.Flashback.K 1.3% 9 OSX.Sabpab 0.7% OSX.Freezer 1.1% 10 OSX.Remoteaccess 0.5% OSX.Netweird 0.8% Top 10 Mac OS X Malware Blocked on OS X Endpoints Source: Symantec Top 10 Mac OSX Malware Blocked on OSX Endpoints
  • 13. 13 | August 2015 Symantec Intelligence Report Ransomware Over Time Ransomware attacks were down in August, where over 155 thousand attacks were detected. While ransomware attacks appear to be down to their lowest levels in the last 12 months, we have reason to believe that attackers have shifted tactics and are currently pushing FakeAV threats instead. Ransomware Over Time Source: Symantec 100 200 300 400 500 600 700 800 AJJMAMFJ 2015 DNOS 477 413 155 734 693 756 399 544 354 248 297 738 THOUSANDS Crypto-Ransomware Over Time Crypto-ransomware was up during August, setting another high for 2015. Crypto-Ransomware Over Time Source: Symantec 10 20 30 40 50 60 70 80 AJJMAMFJ 2015 DNOS 31 34 35 62 72 36 20 28 21 23 16 48 THOUSANDS
  • 14. 14 | August 2015 Symantec Intelligence Report Proportion of Email Traffic in Which Malware Was Detected The proportion of email traffic containing malware increased this month, where one in 252 emails contained malware. 100 150 200 250 300 350 400 AJJMAMFJ 2015 DNOS 1IN Proportion of Email Traffic in Which Malware Was Detected Source: Symantec Inverse Graph: Smaller Number = Greater Risk 319 337 252 351 329 195 207 237 274 246 207 246 Percent of Email Malware as URL vs. Attachment by Month The percentage of email malware that contains a URL remained low this month, hovering around three percent. Percent of Email Malware as URL vs. Attachment by Month Source: Symantec 10 20 30 40 50% AJJMAMFJ 2015 DNOS 3 6 7 14 5 3 8 3 3 3 3 41
  • 15. 15 | August 2015 Symantec Intelligence Report Industry August July Public Administration 1 in 154.4 1 in 288.9 Agriculture, Forestry, Fishing 1 in 227.6 1 in 252.7 Services - Professional 1 in 249.1 1 in 338.0 Wholesale 1 in 274.6 1 in 333.3 Construction 1 in 288.0 1 in 376.3 Services - Non Traditional 1 in 311.0 1 in 280.1 Finance, Insurance. Real Estate 1 in 351.4 1 in 416.4 Nonclassifiable Establishments 1 in 385.9 1 in 519.5 Transportation, Communications, Electric, Gas. Sanitary Services 1 in 392.6 1 in 392.4 Mining 1 in 484.9 1 in 438.3 Proportion of Email Traffic Identified as Malicious by Industry Sector Source: Symantec.cloud Proportion of Email Traffic Identified as Malicious by Industry Sector Public Administration was the most targeted sector in August, where one in every 252.7 emails contained malware. Company Size August July 1-250 1 in 162.1 1 in 275.8 251-500 1 in 206.0 1 in 259.5 501-1000 1 in 249.1 1 in 351.1 1001-1500 1 in 291.3 1 in 389.5 1501-2500 1 in 299.8 1 in 373.2 2501+ 1 in 409.7 1 in 401.7 Proportion of Email Traffic Identified as Malicious by Organization Size Source: Symantec.cloud Proportion of Email Traffic Identified as Malicious by Organization Size Organizations with less than 250 employees were most likely to be targeted by malicious email in the month of August, where one in 162.1 emails was malicious.
  • 16. 16 | August 2015 Symantec Intelligence Report Mobile Social Media 1 2 3 4 5 6 7 8 9 AJJMAMFJ 2015 DNOS Android Mobile Malware Families by Month Source: Symantec 4 1 0 3 5 6 3 0 3 1 2 8 In August there were no new mobile malware families discovered. Android Mobile Malware Families by Month There was an average of 44 Android malware variants per family in the month of in August. 10 20 30 40 50 AJJMAMFJ 2015 DNOS New Android Variants per Family by Month Source: Symantec 40 42 44 33 37 36 38 38 38 39 39 36 New Android Variants per Family by Month
  • 17. 17 | August 2015 Symantec Intelligence Report Last 12 Months Social Media Source: Symantec 10 20 30 40 50 60 70 80 90 100% Comment Jacking Fake Apps LikejackingFake Offering Manual Sharing 5 79 14 .12 Manual Sharing – These rely on victims to actually do the work of sharing the scam by presenting them with intriguing videos, fake offers or messages that they share with their friends. Fake Offering – These scams invite social network users to join a fake event or group with incentives such as free gift cards. Joining often requires the user to share credentials with the attacker or send a text to a premium rate number. Likejacking – Using fake “Like” buttons, attackers trick users into clicking website buttons that install malware and may post updates on a user’s newsfeed, spreading the attack. Fake Apps – Users are invited to subscribe to an application that appears to be integrated for use with a social network, but is not as described and may be used to steal credentials or harvest other personal data. Comment Jacking – This attack is similar to the Like jacking where the attacker tricks the user into submitting a comment about a link or site, which will then be posted to his/her wall. Social Media In the last twelve months, 79 percent of social media threats required end users to propagate them. Fake offerings comprised 14 percent of social media threats.
  • 18. 18 | August 2015 Symantec Intelligence Report 53 50 5052.5% +2.4% pts 50.1% +.4% pts 49.7% -1.8% pts August July June Overall Email Spam Rate Source: Symantec Overall Email Spam Rate The overall email spam rate in August was 52.5 percent, up 2.4 percentage points from July. Spam Industry August July Mining 54.8% 55.7% Manufacturing 53.9% 53.8% Construction 53.4% 53.0% Services - Professional 53.1% 52.5% Retail 52.7% 53.0% Services - Non Traditional 52.6% 51.9% Nonclassifiable Establishments 52.6% 52.0% Public Administration 52.5% – Agriculture, forestry fishing 52.4% 52.2% Wholesale 52.4% 52.1% Proportion of Email Traffic Identified as Spam by Industry Sector Source: Symantec.cloudProportion of Email Traffic Identified as Spam by Industry Sector At 54.8 percent, the Mining sector again had the highest spam rate during August. The Manufacturing sector came in second with 53.9 percent.
  • 19. 19 | August 2015 Symantec Intelligence Report Company Size August July 1–250 52.7% 52.3% 251–500 53.0% 52.6% 501–1000 52.9% 52.3% 1001–1500 52.3% 51.9% 1501–2500 52.6% 52.2% 2501+ 52.6% 52.4% Proportion of Email Traffic Identified as Spam by Organization Size Source: Symantec.cloud Proportion of Email Traffic Identified as Spam by Organization Size While most organization sizes had around a 52 percent spam rate, organizations with 251-500 employees had the highest rate at 53 percent.
  • 20. 20 | August 2015 Symantec Intelligence Report About Symantec More Information Symantec Worldwide: http://www.symantec.com/ ISTR and Symantec Intelligence Resources: http://www.symantec.com/threatreport/ Symantec Security Response: http://www.symantec.com/security_response/ Norton Threat Explorer: http://us.norton.com/security_response/threatexplorer/ Symantec Corporation (NASDAQ: SYMC) is an information protection expert that helps people, businesses and governments seeking the freedom to unlock the opportunities technology brings – anytime, anywhere. Founded in April 1982, Symantec, a Fortune 500 company, operating one of the largest global data-intelligence networks, has provided leading security, backup and availability solutions for where vital information is stored, accessed and shared. The company’s more than 20,000 employees reside in more than 50 countries. Ninety-nine percent of Fortune 500 companies are Symantec customers. In fiscal 2014, it recorded revenues of $6.7 billion. To learn more go to www.symantec.com or connect with Symantec at: go.symantec.com/socialmedia.
  • 21. For specific country offices and contact numbers, please visit our website. For product information in the U.S., call toll-free 1 (800) 745 6054. Symantec Corporation World Headquarters 350 Ellis Street Mountain View, CA 94043 USA +1 (650) 527 8000 1 (800) 721 3934 www.symantec.com Copyright © 2015 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners 04/15 21,500-21347932