Attackers Target Both Large and Small Businesses Like thrown paint on a blank canvas, attacks against businesses–both large and small–are indiscriminate. If there is profit to be made, attackers strike at will. The last five years have shown a steady increase in attacks targeting businesses with less than 250 employees.
Number of Employees
Large Enterprises 2,500+ Medium-Size Businesses 251 to 2,500 Small Businesses (SMBs) 1 to 250
Spear-Phishing Attacks by Size of Targeted Organization
2011
2012
2013
2014
2015
50
39%
41%
35%
50
19% 31%
31
25
22%
100%
%
%
32% 18%
0
Cyber attackers are playing the long game against large companies, but all businesses of all sizes are vulnerable to targeted attacks. In fact, spearphishing campaigns targeting employees increased 55% in 2015.
2015
2013
2014
779
841
1,305
+91%
+8%
+55%
%
%
34
30
2015 Attacks per Org
43%
%
%
Risk Ratio of Spear-Phishing Attacks by Organization Size
3.6
2.2
2.1
Risk Ratio as %
38%
15%
3%
Risk Ratio
1 in 2.7
1 in 6.8
1 in 40.5
How the Gmail Scam Works 555-283-4972 ...@gmail.com Account Help
1
John Doe ...@gmail.com Get a verification code on my phone: ****555
An attacker obtains a victim’s email address and phone number—both of which are usually publicly available.
Receive via: a text message (SMS) an automated phone call Continue
The attacker poses as the victim and requests a password reset from Google.
4 The attacker then texts the victim with a message similar to:
3 483829
“Google has detected unusual activity on your account. Please respond with the code sent to your mobile device to stop unauthorized activity.”
6 The attacker resets the password–and once he has what he wants or has set up forwarding— informs the victim (posing as Google) of the new temporary password, leaving the victim none the wiser.
2
Google sends the code to the victim.
5 483829
new password
The victim therefore expects the password-reset verification code that Google sends out and passes it on to the attacker.
Peek into the Future: The Risk of Things 20.8 billion 1
Internet-connected things
20
(predicted)
Numbers in billions
19
The insecurity of things
18
Medical devices. Researchers have found potentially deadly vulnerabilities in dozens of devices such as insulin pumps and implantable defibrillators.
17 16
Smart TVs. Hundreds of millions of Internet-connected TVs are potentially vulnerable to click fraud, botnets, data theft and even ransomware, according to Symantec research.
15 14
Cars. Fiat Chrysler recalled 1.4 million vehicles after researchers demonstrated a proof-of-concept attack where they managed to take control of the vehicle remotely. In the UK, thieves hacked keyless entry systems to steal cars.
13 12 11
1
Today in the USA, there are
25 connected devices per 100 inhabitants
10 9 8
1
7 6 5 4
1
1
6.4 billion
4.9 billion
3.9 billion
3 2 1 1 Source: gartner.com/newsroom/id/3165317
2014
2015
2016
2020
Over Half a Billion Personal Information Records Stolen or Lost in 2015 2015 Stats 120 36 39 4 and more companies than ever not reporting the full extent of their data breaches
%
of information exposed were medical records
The largest number of breaches took place within the Health Services sub-sector, which actually comprised 39 percent of all breaches in the year. This comes as no surprise, given the strict rules within the healthcare industry regarding reporting of data breaches.
Incidents
%
Million
Identities Exposed
Most of an iceberg is submerged underwater, hiding a great ice mass. The number of reported identities exposed in data breaches are just the tip of the iceberg. What remains hidden?
REPORTED IDENTITIES EXPOSED
78 million patient records were exposed at Anthem
22 million
personal records were exposed at Office of Personnel Management
Total Reported Identities Exposed numbers in millions
429 2014 348 2013 552 2015
+23%
-37%
These numbers are likely higher, as many companies are choosing not to reveal the full extent of their data breaches. 2014 2015
61
UNREPORTED IDENTITIES EXPOSED
? Despite companies’ choice not to report the true number of records exposed, hundreds of millions more people may have been compromised.
Incidents that did not report identities exposed in 2015
113 +85%
Given the facts, it is possible that
500
*
Million
identities were exposed *estimated
A New Zero-Day Vulnerability Discovered Every Week in 2015
1
7 Days Total Time of Exposure 1 Day Average Time to Patch
eline Tim tch
pa ay -D overy to o r c Attack is Zeom dis Exploit created 2 to leverage vulnerability
DAY 2014
2013
Total Zero-Day Vulnerabilities
23 24 (+4%)
*
2015 Zero-Day Not-So-Fun Facts
7
known vulnerabilities targeting a variety of manufacturers and devices
1
on average, based on 54 vulnerabilities
symantec.com/connect/blogs/third-adobe-flash -zero-day-exploit-cve-2015-5123-leaked-hacking-team-cache
2
0 2015
400GB
2
of sensitive information stolen by the “Hacking Team�
Patch is 6 distributed
Op po rtu ni ty
IT admin 7 installs patch
54 17 (+125%)
*
*% change as compared to previous year
11
new vulnerabilities used to exploit open source software
5 Vendor builds patch
Window of
Hacker discovers vulnerability 1
in 2015
Public and vendor 4 become aware
launched 3
fr
Advanced attack groups continue to profit from previously undiscovered flaws in browsers and website plugins. In 2015, 54 zero-day vulnerabilities were discovered.
nd Is
The E
%
attacked
Adobe Flash
or Nigh f
Adobe
Flash
10 zero-days found in 2015 4 out of 5
of exploited zero-days
Web Browsers, Mozilla Firefox and Google Chrome
No Longer Supports
Facts about the Attack on Anthem On January 26, 2015
78 Million
patient records were exposed.
The breach is believed to be the work of a well-resourced cyberespionage group, which Symantec calls Black Vine. They appear to have access to a wide variety of resources to let it conduct multiple, simultaneous attacks over a sustained period of time. They used:
All variants have the following capabilities:
Open a pipe back door Execute files & commands
attacker-owned infrastructure zero-day exploits custom-developed malware
Delete, modify, and create registry keys
Three variants are named: 1) Hurix, 2) Sakurel, and 3) Mivast detected as Trojan.Sakurel
Backdoor.Mivast
Top 10 Sub-Sectors Breached Healthcare
120
Gather and transmit information about the infected computer
by Number of Incidents
Wholesale Trade
10
Business
20
Eating and Drinking Places
9
Education
20
Executive, Legislative, & General
9
Insurance
17
Depository Institutions
8
Hotels
14
Social Services
6