Symantec Intelligence Report January 2015

SYMANTEC INTELLIGENCE REPORT
JANUARY 2015

p. 2
Symantec Corporation
Symantec Intelligence Report :: JANUARY 2015
CONTENTS
3 Summary
4 TARGETED ATTACKS + DATA BREACHES
5 Targeted Attacks
5 Attachments Used in Spear-Phishing
Emails
5 Spear-Phishing Attacks by Size of
Targeted Organization
5 Average Number of Spear-Phishing
Attacks Per Day
6 Top-Ten Industries Targeted
in Spear-Phishing Attacks
7 Data Breaches
7 Timeline of Data Breaches
8 Top-Ten Types of Information Breached
9 MALWARE TACTICS
10 Malware Tactics
10 Top-Ten Malware
10 Top-Ten Mac OSX Malware Blocked on OSX Endpoints
11 Ransomware Over Time
12 Vulnerabilities
12 Number of Vulnerabilities
12 Zero-Day Vulnerabilities
13 Browser Vulnerabilities
13 Plug-in Vulnerabilities
14 MOBILE THREATS
15 Mobile
15 Mobile Malware Families by Month,
Android
16 PHISHING, SPAM + EMAIL THREATS
17 Phishing and Spam
17 Phishing Rate
17 Global Spam Rate
18 Email Threats
18 Proportion of Email Traffic
Containing URL Malware
18 Proportion of Email Traffic
in Which Virus Was Detected
19 About Symantec
19 More Information

p. 3
Summary
Welcome to the January edition of the
Symantec Intelligence report. Symantec
Intelligence aims to provide the latest
analysis of cyber security threats, trends,
and insights concerning malware, spam, and
other potentially harmful business risks.
Symantec has established the most
comprehensive source of Internet threat
data in the world through the Symantec™
Global Intelligence Network, which is made
up of more than 41.5 million attack sensors
and records thousands of events per second.
This network monitors threat activity in
over 157 countries and territories through
a combination of Symantec products and
services such as Symantec DeepSight™
Threat Management System, Symantec™
Managed Security Services, Norton™
consumer products, and other third-party
data sources.
The average number of spear-phishing attacks rose to 42 per
day in January, up from 33 in December. Finance, Insurance, &
Real Estate overtook Manufacturing in the Top-Ten Industries
targeted for the month of January. The overall phishing rate also
rose slightly in January, to one in 1,004 emails.
There were ten data breaches reported in January that took place
during the same month. This number is likely to rise as more
data breaches that occurred during the month are reported. In
comparison, there were 14 new data breaches reported during
January that took place between February and December of
2014.
Vulnerabilities are up during the month of January, with 494
disclosed and two zero-days discovered. Google Chrome reported
the most browser vulnerabilities during the month of January,
after Microsoft Internet Explorer lead for a number of months.
Oracle, reporting on the Java program, disclosed the most
plug-in vulnerabilities over the same time period. In previous
month’s Adobe has held the top spot, with its Acrobat and Flash
plug-ins.
We hope that you enjoy this month’s report and feel free to
contact us with any comments or feedback.
Ben Nahorney, Cyber Security Threat Analyst
symantec_intelligence@symantec.com

p. 4
Symantec Intelligence Report :: JANUARY 2015TARGETEDATTACKS
+DATABREACHES

p. 5
At a Glance
• The average number of
spear-phishing attacks rose
to 42 per day in January, up
from 33 in December.
• The .doc file type was the
most common attachment
type used in spear-phishing
attacks. The .class file type
came in second.
• Organizations with 1-250
employees were the most
likely to be targeted in
January.
• Finance, Insurance,
Real Estate lead the Top-
Ten Industries targeted,
followed by Manufacturing.
Targeted Attacks
Average Number of Spear-Phishing
Attacks Per Day
Source: Symantec :: FEBRUARY 2014 — JANUARY 2015
25
50
75
100
125
150
175
200
225
250
J
2015
DNOSAJJMAMF
54 53
45 43
20
33
141
84 84
54
88
42
Attachments Used in Spear-Phishing
Emails
Source: Symantec :: JANUARY 2015
Executable type January December
.doc 46.1% 26.7%
.class 9.9% 2.2%
.txt 8.3% 1.3%
.bin 8.0% 1.6%
.xls 7.8% –
.ace 5.0% –
.vbs 2.4% –
.exe 2.0% 15.7%
.pdf 1.9% 1.6%
.rtf 1.3% –
Spear-Phishing Attacks by Size
of Targeted Organization
Organization Size January December
1-250 35.2% 31.5%
251-500 7.8% 11.5%
501-1000 14.7% 6.6%
1001-1500 4.3% 3.5%
1501-2500 5.3% 9.3%
2500+ 32.7% 37.6%

p. 6
Top-Ten Industries Targeted in
Spear-Phishing Attacks
Construction
Energy/Utilities
Public Administration
Retail
Transportation,
communications, electric,
Services - Non Traditional
Services - Professional
Wholesale
Manufacturing
Finance, insurance
Real Estate 29%
21
12
9
9
5
5
2
1
1

p. 7
Data Breaches
At a Glance
• There were ten data breaches reported in January that took
place during the same month. This number is likely to rise
as more data breaches that occurred during the month are
reported.
• In comparison, there were 14 new data breaches reported
during January that took place between February and Decem-
ber of 2014.
• Real names, home addresses, and government ID numbers,
such as Social Security numbers, are currently the top three
types of data exposed in data breaches.
20
40
60
80
100
120
140
160
J
2015
DNOSAJJMAMF
NUMBEROFINCIDENTS
IDENTITIESEXPOSED(MILLIONS)INCIDENTS IDENTITIES EXPOSED (Millions)
Timeline of Data Breaches
147
59
1
78
31.5
10
1
6.5
.451.72.6 3
5
10
15
20
25
30
35
40
27
25
24
28
22
21
19
20
23 22
12
10

p. 8
Top-Ten Types of Information Breached
Real Names
Home Address
Gov ID numbers (Soc Sec)
Financial Information
Birth Dates
Email Addresses
Medical Records
Phone Numbers
Usernames Passwords
Insurance
01
02
03
04
05
06
07
08
09
10
67%
43%
43%
36%
33%
23%
23%
21%
17%
9%
Methodology
This data is procured from the Norton Cybercrime Index (CCI). The Norton CCI is a statistical model
that measures the levels of threats, including malicious software, fraud, identity theft, spam,
phishing, and social engineering daily. The data breach section of the Norton CCI is derived from
data breaches that have been reported by legitimate media sources and have exposed personal
information.
In some cases a data breach is not publicly reported during the same month the incident occurred,
or an adjustment is made in the number of identities reportedly exposed. In these cases, the data in
the Norton CCI is updated. This causes fluctuations in the numbers reported for previous months
when a new report is released.

p. 9
MALWARETACTICS

p. 10
Malware Tactics
At a Glance
• W32.Ramnit!html was the
most common malware
blocked in January.
• W32.Ramnit and W32.
Sality variants continue
to dominate the top-ten
malware list.
• The most common
OSX threat seen on OSX
was OSX.RSPlug.A,
making up 19.2 percent
of all OSX malware found
on OSX Endpoints.
• The amount of ransom-
ware seen during January
decreased slightly when
compared to December.
Top-Ten Malware
Rank Name January December
1 W32.Ramnit!html 6.5% 5.1%
2 W32.Almanahe.B!inf 5.8% 5.2%
3 W32.Sality.AE 5.5% 5.0%
4 W32.Ramnit.B 4.4% 3.7%
5 W32.Downadup.B 2.7% 2.4%
6 W32.Ramnit.B!inf 2.7% 2.3%
7 W32.SillyFDC.BDP!lnk 2.1% 1.6%
8 W32.Virut.CF 1.7% 1.7%
9 W97M.Downloader 1.2% –
10 W32.SillyFDC 1.1% 1.1%
Top-Ten Mac OSX Malware Blocked
on OSX Endpoints
Rank Malware Name January December
1 OSX.RSPlug.A 19.2% 10.1%
2 OSX.Keylogger 18.9% 16.3%
3 OSX.Wirelurker 10.5% 13.6%
4 OSX.Klog.A 9.3% 7.6%
5 OSX.Okaz 8.8% 11.2%
6 OSX.Luaddit 8.0% 9.3%
7 OSX.Stealbit.B 6.1% 4.1%
8 OSX.Flashback.K 3.2% 6.3%
9 OSX.Freezer 2.6% 2.7%
10 OSX.Weapox 2.4% –

p. 11
Ransomware Over Time
THOUSANDS
J
2015
DNOSAJJMAMF
108
365
518
349
236 230
183
149
95 80 77
116

p. 12
Number of Vulnerabilities
100
200
300
400
500
600
700
800
J
2015
DNOSAJJMAMF
438
575
600 596
457
428
399
542 562 579
473 494
Zero-Day Vulnerabilities
1
2
3
4
5
6
7
8
J
2015
DNOSAJJMAMF
0 0 0 0 0
1
2 2
5
0
1
4
Vulnerabilities
At a Glance
• There were 494 vulner-
abilities disclosed during
the month of January.
• There were two zero-day
vulnerability disclosed
during January.
• Google Chrome reported
the most browser vulner-
abilities during the month
of January.
• Oracle, reporting on the
Java program, disclosed
the most plug-in vulner-
abilities over the same
time period.

p. 13
Browser Vulnerabilities
20
40
60
80
100
J
2015
DNOSAJJMAMF
Opera
Mozilla Firefox
Microsoft Internet Explorer
Google Chrome
Apple Safari
Plug-in Vulnerabilities
10
20
30
40
50
60
70
80
Java
Apple
Adobe
ActiveX
J
2014
DNOSAJJMAMF

p. 14
MOBILETHREATS

p. 15
Mobile
Mobile Malware Families by Month,
Android
8
6
2
4
2 2
3
5
3
4 4
3
1
2
3
4
5
6
7
8
9
10
J
2014
DNOSAJJMAMF
At a Glance
• There were three Android
malware families discov-
ered in January.

p. 16
PHISHING,SPAM+EMAILTHREATS

p. 17
Phishing and Spam
Phishing Rate
1 in 0
1 in 500
1 in 1000
1 in 1500
1 in 2000
1 in 2500
J
2015
DNOSAJJMAMF
2041
1610
647
1517
1004
478
370
731
395
496
1290
1587
At a Glance
• The phishing rate rose
in January, at one in
1,004 emails, up from
one in 1,517 emails in
December.
• The global spam rate was
54 percent for the month
of January.
• One out of every 207
emails contained a virus.
• Of the email traffic in the
month of December, 5
percent contained a mali-
cious URL.
Global Spam Rate
10
20
30
40
50
60
70
80
90
100%
J
2014
DNOSAJJMAMF
55 55 54
62
66
59
61 60
64 63
58 55

p. 18
Email Threats
Proportion of Email Traffic
Containing URL Malware
10
20
30
40
50
60
70
80
90
100%
J
2015
DNOSAJJMAMF
6 7
41
14
5
14
6 3
14
7 8
3
1 in 50
1 in 100
1 in 150
1 in 200
1 in 250
1 in 300
1 in 350
1 in 400
1 in 450
1 in 500
J
2015
DNOSAJJMAMF
Proportion of Email Traffic
in Which Virus Was Detected
351
329
246
195
207
188
141
234
183
232
351
270

p. 19
About Symantec
More Information
• Symantec Worldwide: http://www.symantec.com/
• ISTR and Symantec Intelligence Resources: http://www.symantec.com/threatreport/
• Symantec Security Response: http://www.symantec.com/security_response/
• Norton Threat Explorer: http://us.norton.com/security_response/threatexplorer/
• Norton Cybercrime Index: http://us.norton.com/cybercrimeindex/
Symantec Corporation (NASDAQ: SYMC) is an information protection expert that helps
people, businesses and governments seeking the freedom to unlock the opportunities
technology brings – anytime, anywhere. Founded in April 1982, Symantec, a Fortune
500 company, operating one of the largest global data-intelligence networks, has
provided leading security, backup and availability solutions for where vital information
is stored, accessed and shared. The company’s more than 20,000 employees reside in
more than 50 countries. Ninety-nine percent of Fortune 500 companies are Symantec
customers. In fiscal 2013, it recorded revenues of $6.9 billion. To learn more go to
www.symantec.com or connect with Symantec at: go.symantec.com/socialmedia.

For specific country offices and contact numbers,
please visit our website.
For product information in the U.S.,
call toll-free 1 (800) 745 6054.
Symantec Corporation World Headquarters
350 Ellis Street
Mountain View, CA 94043 USA
+1 (650) 527 8000
1 (800) 721 3934
www.symantec.com
Copyright © 2015 Symantec Corporation.
All rights reserved. Symantec, the Symantec Logo,
and the Checkmark Logo are trademarks or registered
trademarks of Symantec Corporation or its affiliates in
the U.S. and other countries. Other names may
be trademarks of their respective owners

Symantec Intelligence Report January 2015

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (11)

More from Symantec

More from Symantec (20)

Recently uploaded

Recently uploaded (20)

Symantec Intelligence Report January 2015