There was a massive surge in targeted malware attacks during 2012, growing 42% over the previous year. 
Designed to steal intellectual property, these targeted cyber-espionage attacks are increasingly hitting the manufacturing sector as well as small businesses, which are the target of 31% of the attacks.
Small businesses are attractive targets themselves and a way in to ultimately reach larger companies via “watering hole” techniques. In addition, consumers remain vulnerable to ransomware and mobile threats, particularly on the Android platform.
These are some of the findings from Symantec’s Internet Security Threat Report, Volume 18 (ISTR).
“This year’s ISTR shows that cybercriminals aren’t slowing down, and they continue to devise new ways to steal information from organisations of all sizes,” says Gordon Love, Symantec’s regional director for Africa.
“The sophistication of attacks coupled with today’s IT complexities, such as virtualisation, mobility and cloud, require organisations to remain proactive and use ‘defence-in-depth’ security measures to stay ahead of attacks.”
South Africa was ranked at number 45 in the overall threat profile, slightly better than 2011’s number 43. It was ranked 47 in spam (37 in 2011), 30 in malicious code (21) in 2011) and 34 in phishing attacks (37 in 2011).
From an African perspective (excluding Egypt), as South Africa is ranked third for spam, but first for both malicious code and phishing attacks.
Targeted attacks are growing the most among businesses with fewer than 250 employees. Small businesses are now the target of 31% of all attacks, a threefold increase from 2011.
While small businesses may feel they are immune to targeted attacks, cybercriminals are enticed by these organisations’ bank account information, customer data and intellectual property. Attackers hone in on small businesses that may often lack adequate security practices and infrastructure.
Web-based attacks increased by 30% in 2012, many of which originated from the compromised Web sites of small businesses. These Web sites were then used in massive cyber-attacks as well as “watering hole” attacks.
In a watering hole attack, the attacker compromises a Web site, such as a blog or small business Web site, which is known to be frequently visited by the victim of interest.
When the victim later visits the compromised Web site, a targeted attack payload is silently installed on their computer. The Elderwood Gang pioneered this class of attack, and, in 2012, successfully infected 500 organisations in a single day.
In these scenarios, the attacker leverages the weak security of one business to circumvent the potentially stronger security of another business.
Shifting from governments, manufacturing has moved to the top of the list of industries targeted for attacks in 2012. Symantec believes this is attributed to an increase in attacks targeting the supply chain – cybercriminals find these contractors and subcontractors susceptible to attacks and they are often in possession of valuable intellectual property.
Often by going after manufacturing companies in the supply chain, attackers gain access to sensitive information of a larger company.
In addition, executives are no longer the leading targets of choice. In 2012, the most commonly targeted victims of these types of attacks across all industries were knowledge workers (27%) with access to intellectual property as well as those in sales (24%).
Last year, mobile malware increased by 58%, and 32% of all mobile threats attempted to steal information, such as e-mail addresses and phone numbers. Surprisingly, these increases cannot necessarily be attributed to the 30% increase in mobile vulnerabilities.
While Apple’s iOS had the most documented vulnerabilities, it only had one threat discovered during the same period. Android, by contrast, had fewer vulnerabilities but more threats than any other mobile operating system. Android’s market share, its open platform and the multiple distribution methods available to distribute malicious applications, make it the go-to platform for attackers.
In addition, 61% of malicious Web sites are actually legitimate Web sites that have been compromised and infected with malicious code. Business, technology and shopping Web sites were among the top five types of Web sites hosting infections.
Symantec attributes this to unpatched vulnerabilities on legitimate Web sites. In years passed, these Web sites were often targeted to sell fake antivirus to unsuspecting consumers.
However, ransomware, a particularly vicious attack method, is now emerging as the malware of choice because of its high profitability for attackers. In this scenario, attackers use poisoned Web sites to infect unsuspecting users and lock their machines, demanding a ransom in order to regain access.
Another growing source of infections on Web sites is malvertisements – this is when criminals buy advertising space on legitimate Web sites and use it to hide their attack code.