Symantec, a global leader in system security held its annual security threat report at One World Hotel today.
Symantec officials report that hackers have attempted to use very different ways to attack users in 2013, claiming that they are slow but more precise this time in selecting victims to attack.
The 5 things in the picture above are the main threats being detected in 2013, with more advanced and malicious programs being created by hackers, then exploited in our computers, smartphones and even wearable devices!
Last year, the top three industries being breached are mainly Healthcare, Education and Government sector while retail, computer software and financial sectors are accounted for 77% of identities exposed, Symantec explains that this occurs as the number of users in the latter segment is more compared to the three main industries, hackers tend to attack smaller segment companies to breach large corporations.
If we can recall in year 2013, there are a few cases which companies have their user’s information leaked to hackers. The above pictures showed what details are being leaked and required most by hackers.
Although the figure has dropped from 35 to 33 this year, Symantec believes it isn’t satisfying enough as hackers are more careful to choose users to attack, and suggests that most organisations have not taken the initiative to update their security policies when hackers have already changed ways of breaching systems.
The number of phishing hosts and web attacking countries activity has increased last year, if we recall back, there were a few DNS poisoning and even page defaces in governmental sites last year.
The chart is pretty interesting as Symantec pointed out that transport and healthcare sites are on the top list of being used as performing breaches. The reason behind this is because these two categories are much safer in general and hackers used them to trick users into thinking that things sent from those industries are trustworthy. Therefore, don’t simply trust any recipients from an unknown company.
One of the three most targeted users by hackers are personal assistants, public relations and senior management users, the first two being the most targeted as they hold the most information about the organisation and can be easily linked to other people and external parties of the organisation.
Interestingly, Mining organisations seem to be the most breached companies in terms of ratio, which Symantec officials mentioned that most mining companies have smaller user base and lesser security policies on their computers.
Attachment formats that mostly are being used by hackers to phish users are unmistakably EXE, SCR and DOC formats, especially EXE and SCR has increased significantly in 2013.
Keywords that are used by hackers in tricking users into opening attachments.
Ransomware has increased almost 500% last year, which are software that tricks users into installing them by offering to increase PC performance or making users think as if their computer has been affected by virus.
Even if you are aware of Ransomware, hackers are smart enough to use Cryptolocker to stop you from removing them and they even require you to pay them at a price of $100-$400 to get your missing data back.
In terms of mobile threat, Android remains the most targeted platform for malware authors due to the huge user base and multiple app stores available for Android. iOS remains the lowest of all as all apps go through strict Apple approvals before it goes live on the App Store. The above data is based on apps in their respective official app stores, sideloaded apps are not included.
The Internet of Things, which includes almost every devices that we have today that connects to the Internet are vulnerable to threats from hackers. Devices such as smartwatches, fitness bands and etc. are able to leak information to the cloud if hackers attempt to do so by simply affecting the software level.
Symantec recommends businesses to be more aware of data being stored in the organisation, educate employees on reading information being received from external sources and even understanding company security policies on sending information. Most importantly, security policies must be updated timely apply the latest patches on their security software when possible.
Consumers should also be aware of such threats and try avoiding by following the tips from Symantec.
Symantec believes if organisations continue to invest more into security applications, the chances of being breached are much more minimal, they also suggest that users should be aware of the apps that are being installed in smartphones, as some may require special permissions which is not the purpose of the app. And the advise from us, do always stay protected with antivirus software and do not simply access unknown files.
