The number and variety of targeted cyber attacks increased in 2011 although the number of new vulnerabilities declined, the computer security firm Symantec [SYMC] says this week in its annual Internet Security Threat Report.
The report says that the number of malicious attacks increased by 81 percent in 2011 over 2010 while the number of vulnerabilities decreased by 20 percent. Symantec says that advanced attacks are spreading to organizations of all sizes, not just large ones, that data breaches are increasing and mobile devices are being increasingly targeted.
“In 2011 cyber criminals greatly expanded their reach, with nearly 20 percent of targeted attacks now directed at companies with fewer than 250 employees,” Stephen Trilling, chief technology officer at Symantec, said in a statement. “We’ve also seen a large increase in attacks on mobile devices, making these devices a viable platform for attackers to leverage in targeting sensitive enterprise data. Organizations of all sizes need to be vigilant about protecting their information.”
While attacks have been increasing, the report says that spam levels “fell considerably,” and when compared to the growth in malware creates “an interesting picture” where attackers are taking advantage of existing vulnerabilities. It says that attackers are moving beyond spam to social networks to target new victims.
“Due to social engineering techniques and the viral nature of social networks, it’s much easier for threats to spread from one person to the next,” the report says.
Symantec also says it blocked substantially more attacks last year, 5.5 billion total malicious attacks representing an 81 percent increase over 2010.
As for the growth in advanced targeted attacks, Symantec says that more than 50 percent were against companies with fewer than 2,500 employees. The reasons for going after smaller companies could be because of partnerships they have with larger companies or because they are in the supply chain, the report says.
Most of the attacks are aimed at non-executive employees, such as human resources, public relations and sales, the report says. These employees may not have direct access to key information but “can serve as a direct link into the company,” it says.