Symantec issued its 2014 Internet Threat Security Report (“ITSR” or the “Report”). The Report highlighted some interesting trends including:
- “60 percent of all targeted attacks struck small- and medium-sized organizations.” In part, this is due to the fact that these “organizations often have fewer resources to invest in security, and many are still not adopting basic best practices like blocking executable files and screensaver email attachments. This puts not only the businesses, but also their business partners, at higher risk.”
- “Non-targeted attacks still make up the majority of malware, which increased by 26 percent in 2014. In fact, there were more than 317 million new pieces of malware created last year, meaning nearly one million new threats were released into the wild each day. Some of this malware may not be a direct risk to organizations and is instead designed to extort end-users. Beyond the annoyance factor to IT, however, it impacts employee productivity and diverts IT resources that could be better spent on high-level security issues.”
- “Ransomware attacks grew 113 percent in 2014, driven by more than a 4,000 percent increase in crypto-ransomware attacks. Instead of pretending to be law enforcement seeking a fine for stolen content, as we’ve seen with traditional ransomware, crypto-ransomware holds a victim’s files, photos and other digital media hostage without masking the attacker’s intention. The victim will be offered a key to decrypt their files, but only after paying a ransom. . .” and there is “no guarantee their files will be freed.”
- “Email remains a significant attack vector for cybercriminals, but there is a clear movement toward social media platforms. In 2014, Symantec observed that 70 percent of social media scams were manually shared. These scams spread rapidly and are lucrative for cybercriminals because people are more likely to click something posted by a friend.”
This report provides numerous other details highlighting the current threat environment. This report will be useful to individuals, companies, and other entities as they continue to prepare and fight these threats.