The Symantec Internet Security Report on 2011 Trends is one of those good news/bad news sort of things. Spam was way down. Far fewer vulnerabilities discovered. There were far fewer bot zombies around to spew spam, launch automated attacks against targets of opportunity or overwhelm targets with DDoS attacks.But as my Dad told me, “Work smarter, not harder.” Cyber criminals are using their weapons more efficiently and focusing their efforts on new vectors, particularly social media, where people haven’t yet learned to distrust their natural inclination to trust.
So the fact that spam is down dramatically, from 62 billion messages per day in 2010 to a paltry 42 billion (the numbers are still astronomical), is not as comforting as it might seem at a glance. After all these years of being told not to believe in cheap watches and Viagra, after warning folks over and over about the dangers of clicking those “Angelina and Brad in Beverly Hills Fracas” links that result in drive-by downloads and opening those “nude Snooki photos from Italy (eeewwwww!) attachments that are really malicious executables, at least some people have developed a healthy sense of caution. But our BS detectors are not so finely honed on Twitter, Facebook and LinkedIn (we’re all professional folks here, right?).
And a phishing rate of 1 in every 299 messages in 2011 is still an awful lot when you think in terms of those 42 billion spam emails a day (yes, I did the math, and it’s about 140 million). The good news is that aggressive action, such as the takedown of the enormous Rustock botnet, was a major factor in reducing spam.
Symantec boasts that 5.5 billion attacks were blocked in 2011 compared with 3 billion in 2010. The glass half full person might say that we’re getting a lot better at blocking attacks, and that may well be true, but the realist concludes that the barrages are getting a lot heavier. And there’s a lot more types of horrible stuff coming at us. The cites 403 million unique variants of malware, vs 286 million the year before, but the point is the numbers have gotten so huge compared to the annual thousands just a few years ago that we get the message: traditional detection approaches, especially signatures, aren’t getting it done, and security researchers have to fight the good fight with behavioral analysis, a host of reputation-based techniques and cloud-based mechanisms to even attempt to keep pace.
Unique malicious domains are on the rise, and the disturbing trend of compromised legitimate sites continues: three of five malicious sites were legit sites that had been compromised. Trust can take you just so far. The Internet is a dangerous place, but we can’t go back.
One of the nicer numbers were the vulnerabilities discovered, but that may not be a trend. Symantec reports just under 5,000 in 2011 vs. 6,200 in 2010, but the latest numbers are consistent with the four years before that. Symantec’s findings are consistent with others, notably the vulnerability figures Secunia reported earlier this year. The number of mobile device vulnerabilities increased sharply, indicating that if 2011 wasn’t THE year of mobile security, it’s drawing nigh.
If the report seems heavy on numbers, it is. Some of the more interesting take-aways, though, are who is being hit. One of the most striking findings is that the healthcare sector led the top 10 in data breaches: 43% of the total. Government was a distant second at 14%. In part this can be attributed to the data breach disclosure requirements of the HITECH Act coming to roost (see my recent post on data breaches in the healthcare sector). But the disparity is to great to dismiss simply as more open reporting. Sometimes, bad is bad.