Symantec Intelligence Report November 2011
The November 2011 Symantec Intelligence Report is now available. New Zealand stats are in the attached document and the full report can be found here: November 2011 Symantec Intelligence Report
• Spam – 70.5 percent (a decrease of 3.7 percentage points since October 2011): page 13
• Phishing – One in 302.0 emails identified as phishing (an increase of 0.04 percentage points since October 2011): page 16
• Malware – One in 255.8 emails contained malware (a decrease of 0.03 percentage points since October 2011): page 17
• Malicious Web sites – 4,915 Web sites blocked per day (an increase of 47.8 percent since October 2011): page 19
• A Review of Targeted Attacks in 2011: page 2
• Revolution of Russian Phone Number Spam: page 10
• Best Practices for Enterprises and Users: page 22
Symantec Announces November 2011 Symantec Intelligence Report
Number of daily targeted attacks increase four-fold since January; lowest global spam rate for three years
Symantec Corp. (Nasdaq: SYMC) today announced the results of the November 2011 Symantec Intelligence Report. This month’s analysis reveals that the number of daily targeted attacks has increased four-fold compared to January this year. On average 94 targeted attacks were blocked each day during the month of November.
Further analysis reveals that in the US at least one attack is being blocked each day, and that one in 389 users may be the recipient of such an attack. Contrast this with Japan where at least one attack is blocked nearly every nine days, and may only be sent to one in 520 individuals. The November Symantec Intelligence Report includes additional data on the geographical distribution of these attacks.
The public sector has been identified as the most frequently targeted industry during 2011, with approximately 20.5 targeted attacks blocked each day. The chemical & pharmaceutical industry was second highest ranked, with 18.6 blocked each day. In this latter case, many of these attacks surfaced later in the year, and fit into the profile described in the Nitro http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the_nitro_attacks.pdf attacks. Similarly, this is also the case for the manufacturing sector, which was placed third most-targeted with approximately 13.6 attacks blocked each day.
“The aim of these targeted attacks is to establish persistent access to the targeted organisation’s network, in many cases with the aim of providing remote access to confidential data. They have the potential to cause serious damage to an organisation and in the long term represent a significant threat against the economic prosperity of many countries,” said Paul Wood, senior intelligence analyst, Symantec.cloud.
“Targeted attacks are designed to gather intelligence, steal confidential information or trade secrets, and in the case of attacks like Stuxnet, disrupt operations or even destroy critical infrastructure.”
This month’s analysis indicates that large enterprises consisting of more than 2,500 employees received the greatest number of attacks, with 36.7 being blocked each day. By contrast, the small-to-medium sized business sector with less than 250 employees had 11.6 attacks blocked daily
“It is important to remember that without strong social engineering, or ‘head-hacking’, even the most technically sophisticated attacks are unlikely to succeed. Many attacks include elements of social engineering and are based on information we make available ourselves through social networking and social media sites. Once the attackers are able to understand our interests or hobbies, with whom we socialise and who else may be in our networks; they are often able to construct more believable and convincing attacks against us,” Wood said.
While targeted attacks are on the increase, the global spam rate has now reached its lowest level in three years. The effect of spam volumes three years ago was very dramatic and spam accounted for 68.0 percent of global emails. Recently the decline has been much slower, but spammers have also adapted to using more targeted approaches and exploiting social media as alternatives to email. Pharmaceutical spam is now at the lowest it has been since we started tracking it, accounting for 32.5 percent of spam, compared with 64.2 percent at the end of 2010.
Other report highlights:
Spam: The global ratio of spam in email traffic in November fell by 3.7 percentage points since October to 70.5 percent (1 in 1.42 emails).
Phishing: In November, the global phishing rate increased by 0.04 percentage points, taking the average to one in 302.0 emails (0.33 percent) that comprised some form of phishing attack.
Email-borne Threats: The global ratio of email-borne viruses in email traffic was one in 255.8 emails (0.39 percent) in November, a decrease of 0.03 percentage points since October 2011. Further analysis also shows that 40.2 percent of email-borne malware contained links to malicious websites, an increase of 20.1 percentage points since October 2011.
Web-based Malware Threats: In November, Symantec Intelligence identified an average of 4,915 websites each day harbouring malware and other potentially unwanted programs including spyware and adware; an increase of 47.8 percent since October 2011.
Endpoint Threats: The most frequently blocked malware for the last month was WS.Trojan.H http://www.symantec.com/security_response/writeup.jsp?docid=2011-102713-4647-99. WS.Trojan.H is generic cloud-based heuristic detection for files that possess characteristics of an as yet unclassified threat. Files detected by this heuristic are deemed by Symantec to pose a risk to users and are therefore blocked from accessing the computer.
• In the US, 69.9 percent of email was spam and 69.5 percent in Canada.
• The spam level in the UK was 69.5 percent.
• In The Netherlands, spam accounted for 70.5 percent of email traffic, 70.1 percent in Germany, 70.4 percent in Denmark.
• In Australia 68.6 percent of email was blocked as spam, 69.2 percent in Hong Kong and 68.0 percent in Singapore, compared with 66.6 percent in Japan.
• Spam accounted for 70.1 percent of email traffic in South Africa and 74.3 percent in Brazil.
• South Africa once again became the country most targeted for phishing attacks in November, with one in 96.2 emails identified as phishing.
• The UK was the second most targeted country, with one in 167.0 emails identified as phishing attacks.
• Phishing levels for the US were one in 461.8 and one in 242.4 for Canada.
• In Germany phishing levels were one in 426.2, one in 781.5 in Denmark and one in 250.4 in The Netherlands.
• In Australia, phishing activity accounted for one in 361.0 emails and one in 517.0 in Hong Kong; for Japan it was one in 2,058 and one in 609.7 for Singapore.
• In Brazil one in 775.3 emails was blocked as phishing.
• The UK remained at the top of the table with the highest ratio of malicious emails in November, with one in 149.4 emails identified as malicious.
• Switzerland had the second highest rate, with one in 185.6 emails identified as malicious.
• South Africa returned to the top-5 list this month with one in 222.5 emails blocked as malicious.
• Virus levels for email-borne malware in the US reached one in 360.1 and one in 219.9 in Canada. In Germany virus activity reached one in 275.0, one in 710.5 in Denmark and in The Netherlands one in 238.2.
• In Australia, one in 326.2 emails was malicious and one in 325.8 in Hong Kong. For Japan the rate was one in 1,147, compared with one in 450.0 in Singapore.
• In Brazil, one in 570.6 emails in contained malicious content.
• With a drop in spam this month, the automotive industry became the most spammed industry sector in November, with a spam rate of 73.0 percent.
• The spam rate for the education sector was 71.5 percent and 69.1 percent for the chemical & pharmaceutical sector, compared with 69.3 percent for IT services, 69.0 percent for retail, 68.8 percent for public sector and 69.2 percent for finance.
• The spam rate for small to medium-sized businesses (1-250) was 69.4 percent, compared with 69.7 percent for large enterprises (2500+).
• The public sector remained the most targeted by phishing activity in November, with one in 120.9 emails comprising a phishing attack.
• Phishing levels for the chemical & pharmaceutical sector reached one in 407.5 and one in 377.0 for the IT services sector, one in 397.0 for retail, one in 130.5 for education and one in 331.7 for finance.
• Phishing attacks targeting small to medium-sized businesses (1-250) accounted for one in 211.0 emails, compared with one in 334.0 for large enterprises (2500+).
• With one in 74.3 emails being blocked as malicious, the public sector remained the most targeted industry in November.
• Virus levels for the chemical & pharmaceutical sector reached one in 275.5 and one in 276.6 for the IT services sector; one in 337.1 for retail, one in 105.2 for education and one in 386.6 for finance.
• Malicious email-borne attacks destined for small to medium-sized businesses (1-250) accounted for one in 253.7 emails, compared with one in 249.9 for large enterprises (2500+).
The November Symantec Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends.
• Whitepaper: Advanced Persistent Threats (PDF)
• SlideShare Presentation: November 2011 Symantec Intelligence Report
• Symantec.cloud Global Threats
• Symantec.cloud Intelligence Reports
• Symantec.cloud In the News
• Symantec.cloud Podcasts
• W32.Stuxnet Threat Write-up
About Symantec Intelligence Report
The Symantec Intelligence report combines the best research and analysis from the Symantec.cloud MessageLabs Intelligence Report and the Symantec State of Spam & Phishing Report. The new integrated report, the Symantec Intelligence Report, provides the latest analysis of cyber security threats, trends and insights from the Symantec Intelligence team concerning malware, spam, and other potentially harmful business risks. The data used to compile the analysis for this combined report includes data from September and October 2011.
Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organisations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com.
NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at http://www.symantec.com/news. Any prices noted are in U.S. dollars and are valid only in the United States.
Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
spam, email threats, phishing, malware, phishing, malware, endpoint threats