Symantec:全球网络安全威胁报告.pdf
《Symantec:全球网络安全威胁报告.pdf》由会员分享,可在线阅读,更多相关《Symantec:全球网络安全威胁报告.pdf(98页珍藏版)》请在三一文库上搜索。
1、2013 Trends, Volume 19, Published April 2014 INTERNET SECURITY THREAT REPORT 2014 p. 2 Symantec Corporation Internet Security Threat Report 2014 : Volume 19 CONTENTS 4 Introduction 5 Executive Summary 8 2013 SECURITY TIMELINE 9 2013 Security Timeline 11 2013 IN NUMBERS 12 Breaches 14 Spam 15 Bots, E
2、mail 16 Mobile 17 Web 18 Targeted Attacks Spear Phishing 22 Targeted Attacks Web-Based 24 TARGETED ATTACKS + DATA BREACHES 25 Targeted Attacks 26 Average Number of Spear-Phishing Attacks Per Day, 2011 2013 27 Email Campaigns, 2011 2013 28 Targeted Attack Key Stages 29 Top-Ten Industries Targeted in
3、Spear-Phishing Attacks 30 Spear-Phishing Attacks by Size of Targeted Organization, 2011 2013 31 Risk of Job Role Impact by Targeted Attack Sent by Spear-Phishing Email 32 Ratio of Organizations in an Industry Impacted by Targeted Attack Sent by Spear-Phishing Email 33 Ratio of Organizations Targeted
4、 by Industry Size Sent by Spear-Phishing Email 33 Analysis of Spear-Phishing Emails Used in Targeted Attacks 34 Zero-day Vulnerabilities, Annual Total, 2006 2013 35 Top-Five Zero-day Vulnerabilities 38 Point of Sale Breach Stages 39 Data Breaches 39 Top Causes of Data Breach 40 Timeline of Data Brea
5、ches 44 E-CRIME + MALWARE DELIVERY TACTICS 45 E-crime and Cyber Security 46 Malicious Activity by Source: Bots, 20122013 47 Top-Ten Botnets 48 Ransomware Over Time 51 Top-Ten Malware 53 Threat Delivery Tactics 54 Timeline of Web Attack Toolkit Use, Top-Five 54 Top Web Attack Toolkits by Percent 55 W
6、eb Attacks Blocked Per Day 56 Most Frequently Exploited Websites 58 Zero-Day Vulnerabilities 58 Total Number of Vulnerabilities, 2006 2013 60 Plug-in Vulnerabilities Over Time 60 Browser Vulnerabilities, 2011 2013 p. 3 Symantec Corporation Internet Security Threat Report 2014 : Volume 19 61 Proporti
7、on of Email Traffic Containing URL Malware, 2013 vs 2012 61 Proportion of Email Traffic in Which Virus Was Detected, 2013 vs 2012 62 Top-Ten Mac OSX Malware Blocked on OSX Endpoints 63 SOCIAL MEDIA + MOBILE THREATS 64 Social Media 65 Social Media 69 Mobile 70 Number of Android Variants Per Family, 2
8、013 vs 2012 70 Mobile Malware Families by Month, Android, 2013 vs 2012 72 Mobile Threat Classifications 74 Mobile Vulnerabilities by Percent 75 Top-Five Types of Madware Functionality Percentage of Ad Libraries 77 PHISHING + SPAM 78 Spam and Phishing 78 Phishing Rate, 2013 vs 2012 79 Number of Phish
9、ing URLs on Social Media 81 Global Spam Volume Per Day 81 Global Spam Rate, 2013 vs 2012 83 LOOKING AHEAD 84 Looking Ahead 86 RECOMMENDATIONS + BEST PRACTICE GUIDELINES 87 Best Practice Guidelines for Businesses 89 Best Practice Guidelines for Consumers 90 SANS Critical Security Controls 94 Footnote
10、s 96 Contributors 97 About Symantec 97 More Information p. 4 Symantec Corporation Internet Security Threat Report 2014 : Volume 19 Introduction Symantec has established the most comprehensive source of Internet threat data in the world through the Symantec Global Intelligence Network, which is made
11、up of more than 41.5 million attack sensors and records thousands of events per second. This network monitors threat activity in over 157 countries and territories through a combination of Symantec products and services such as Symantec DeepSight Threat Management System, Symantec Managed Security S
12、ervices, Norton consumer products, and other third-party data sources. In addition, Symantec maintains one of the worlds most comprehensive vulnerability databases, currently consisting of more than 60,000 recorded vulnerabilities (spanning more than two decades) from over 19,000 vendors representin
13、g over 54,000 products. Spam, phishing, and malware data is captured through a variety of sources including the Symantec Probe Network, a system of more than 5 million decoy accounts, Symantec.cloud, and a number of other Symantec security technologies. Skeptic, the Symantec.cloud proprietary heuris
14、tic technology, is able to detect new and sophisticated targeted threats before they reach customers networks. Over 8.4 billion email messages are processed each month and more than 1.7 billion web requests filtered each day across 14 data centers. Symantec also gathers phishing information through
15、an extensive anti-fraud community of enterprises, security vendors, and more than 50 million consumers. Symantec Trust Services provides 100 percent availability and processes over 6 billion Online Certificate Status Protocol (OCSP) look-ups per day, which are used for obtaining the revocation statu
16、s of X.509 digital certificates around the world. These resources give Symantec analysts unparalleled sources of data with which to identify, analyze, and provide informed commen- tary on emerging trends in attacks, malicious code activity, phishing, and spam. The result is the annual Symantec Inter
17、net Security Threat Report, which gives enterprises, small business- es, and consumers essential information to secure their systems effectively now and into the future. p. 5 Symantec Corporation Internet Security Threat Report 2014 : Volume 19 Executive Summary In 2013 much attention was focused on
18、 cyber-espionage, threats to privacy and the acts of malicious insiders. However the end of 2013 provided a painful reminder that cybercrime remains prevalent and that damaging threats from cybercriminals continue to loom over businesses and consumers. Eight breaches in 2013 each exposed greater tha
19、n 10 million identities, targeted attacks increased and end-user attitudes towards social media and mobile devices resulted in wild scams and laid a foundation for major problems for end- users and businesses as these devices come to dominate our lives. This years ISTR once again covers the wide-ran
20、ging threat landscape, with data collected and analyzed by Symantecs security experts. In this summary, we call out seven areas that deserve special attention. The most important trends in 2013 were: 2013 Was The Year of Mega Breach Our Internet Security Threat Report 17 reported 2011 as the Year of
21、 the Data Breach. The year was extraordinary because in addition to increased cybercrime-driven breaches, Anonymous in acts of hactivism breached dozens of companies. With Anonymous less active, breach numbers returned to more predictable growth in 2012. And then came 2013. If 2011 was the year of t
22、he breach, then 2013 can best be described as the Year of the Mega Breach. The total number of breaches in 2013 was 62 percent greater than in 2012 with 253 total breaches. It was also larger than the 208 breaches in 2011. But even a 62 percent increase does not truly reflect the scale of the breach
23、es in 2013. Eight of the breaches in 2013 exposed more than 10 million identities each. In 2012 only one breach exposed over 10 million identities. In 2011, only five were of that size. 2011 saw 232 million identities exposed, half of the number exposed in 2013. In total over 552 million identities
24、were breached in 2013, putting consumers credit card information, birth dates, government ID numbers, home addresses, medical records, phone numbers, financial information, email addresses, login, passwords, and other personal information into the criminal underground. Targeted Attacks Grow and Evol
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- Symantec 全球 网络安全 威胁 报告
![提示](https://www.31doc.com/images/bang_tan.gif)
链接地址:https://www.31doc.com/p-3331106.html