The average number of spear-phishing attacks rose to 42 per day in January, up from 33 in December. Finance, Insurance, & Real Estate overtook Manufacturing in the Top-Ten Industries targeted for the month of January. The overall phishing rate also rose slightly in January, to one in 1,004 emails.
There were ten data breaches reported in January that took place during the same month. This number is likely to rise as more data breaches that occurred during the month are reported. In comparison, there were 14 new data breaches reported during January that took place between February and December of 2014.
Vulnerabilities are up during the month of January, with 494 disclosed and two zero-days discovered. Google Chrome reported the most browser vulnerabilities during the month of January, after Microsoft Internet Explorer lead for a number of months. Oracle, reporting on the Java program, disclosed the most plug-in vulnerabilities over the same time period. In previous month’s Adobe has held the top spot, with its Acrobat and Flash plug-ins.
We hope that you enjoy this month’s report and feel free to contact us with any comments or feedback.
2. p. 2
Symantec Corporation
Symantec Intelligence Report :: JANUARY 2015
CONTENTS
3 Summary
4 TARGETED ATTACKS + DATA BREACHES
5 Targeted Attacks
5 Attachments Used in Spear-Phishing
Emails
5 Spear-Phishing Attacks by Size of
Targeted Organization
5 Average Number of Spear-Phishing
Attacks Per Day
6 Top-Ten Industries Targeted
in Spear-Phishing Attacks
7 Data Breaches
7 Timeline of Data Breaches
8 Top-Ten Types of Information Breached
9 MALWARE TACTICS
10 Malware Tactics
10 Top-Ten Malware
10 Top-Ten Mac OSX Malware Blocked on OSX Endpoints
11 Ransomware Over Time
12 Vulnerabilities
12 Number of Vulnerabilities
12 Zero-Day Vulnerabilities
13 Browser Vulnerabilities
13 Plug-in Vulnerabilities
14 MOBILE THREATS
15 Mobile
15 Mobile Malware Families by Month,
Android
16 PHISHING, SPAM + EMAIL THREATS
17 Phishing and Spam
17 Phishing Rate
17 Global Spam Rate
18 Email Threats
18 Proportion of Email Traffic
Containing URL Malware
18 Proportion of Email Traffic
in Which Virus Was Detected
19 About Symantec
19 More Information
3. p. 3
Symantec Corporation
Symantec Intelligence Report :: JANUARY 2015
Summary
Welcome to the January edition of the
Symantec Intelligence report. Symantec
Intelligence aims to provide the latest
analysis of cyber security threats, trends,
and insights concerning malware, spam, and
other potentially harmful business risks.
Symantec has established the most
comprehensive source of Internet threat
data in the world through the Symantec™
Global Intelligence Network, which is made
up of more than 41.5 million attack sensors
and records thousands of events per second.
This network monitors threat activity in
over 157 countries and territories through
a combination of Symantec products and
services such as Symantec DeepSight™
Threat Management System, Symantec™
Managed Security Services, Norton™
consumer products, and other third-party
data sources.
The average number of spear-phishing attacks rose to 42 per
day in January, up from 33 in December. Finance, Insurance, &
Real Estate overtook Manufacturing in the Top-Ten Industries
targeted for the month of January. The overall phishing rate also
rose slightly in January, to one in 1,004 emails.
There were ten data breaches reported in January that took place
during the same month. This number is likely to rise as more
data breaches that occurred during the month are reported. In
comparison, there were 14 new data breaches reported during
January that took place between February and December of
2014.
Vulnerabilities are up during the month of January, with 494
disclosed and two zero-days discovered. Google Chrome reported
the most browser vulnerabilities during the month of January,
after Microsoft Internet Explorer lead for a number of months.
Oracle, reporting on the Java program, disclosed the most
plug-in vulnerabilities over the same time period. In previous
month’s Adobe has held the top spot, with its Acrobat and Flash
plug-ins.
We hope that you enjoy this month’s report and feel free to
contact us with any comments or feedback.
Ben Nahorney, Cyber Security Threat Analyst
symantec_intelligence@symantec.com
5. p. 5
Symantec Corporation
Symantec Intelligence Report :: JANUARY 2015
At a Glance
• The average number of
spear-phishing attacks rose
to 42 per day in January, up
from 33 in December.
• The .doc file type was the
most common attachment
type used in spear-phishing
attacks. The .class file type
came in second.
• Organizations with 1-250
employees were the most
likely to be targeted in
January.
• Finance, Insurance,
Real Estate lead the Top-
Ten Industries targeted,
followed by Manufacturing.
Targeted Attacks
Average Number of Spear-Phishing
Attacks Per Day
Source: Symantec :: FEBRUARY 2014 — JANUARY 2015
25
50
75
100
125
150
175
200
225
250
J
2015
DNOSAJJMAMF
54 53
45 43
20
33
141
84 84
54
88
42
Attachments Used in Spear-Phishing
Emails
Source: Symantec :: JANUARY 2015
Executable type January December
.doc 46.1% 26.7%
.class 9.9% 2.2%
.txt 8.3% 1.3%
.bin 8.0% 1.6%
.xls 7.8% –
.ace 5.0% –
.vbs 2.4% –
.exe 2.0% 15.7%
.pdf 1.9% 1.6%
.rtf 1.3% –
Spear-Phishing Attacks by Size
of Targeted Organization
Source: Symantec :: JANUARY 2015
Organization Size January December
1-250 35.2% 31.5%
251-500 7.8% 11.5%
501-1000 14.7% 6.6%
1001-1500 4.3% 3.5%
1501-2500 5.3% 9.3%
2500+ 32.7% 37.6%
6. p. 6
Symantec Corporation
Symantec Intelligence Report :: JANUARY 2015
Top-Ten Industries Targeted in
Spear-Phishing Attacks
Source: Symantec :: JANUARY 2015
Construction
Energy/Utilities
Public Administration
Retail
Transportation,
communications, electric,
Services - Non Traditional
Services - Professional
Wholesale
Manufacturing
Finance, insurance
Real Estate 29%
21
12
9
9
5
5
2
1
1
7. p. 7
Symantec Corporation
Symantec Intelligence Report :: JANUARY 2015
Data Breaches
At a Glance
• There were ten data breaches reported in January that took
place during the same month. This number is likely to rise
as more data breaches that occurred during the month are
reported.
• In comparison, there were 14 new data breaches reported
during January that took place between February and Decem-
ber of 2014.
• Real names, home addresses, and government ID numbers,
such as Social Security numbers, are currently the top three
types of data exposed in data breaches.
20
40
60
80
100
120
140
160
J
2015
DNOSAJJMAMF
NUMBEROFINCIDENTS
IDENTITIESEXPOSED(MILLIONS)INCIDENTS IDENTITIES EXPOSED (Millions)
Timeline of Data Breaches
Source: Symantec :: FEBRUARY 2014 — JANUARY 2015
147
59
1
78
31.5
10
1
6.5
.451.72.6 3
5
10
15
20
25
30
35
40
27
25
24
28
22
21
19
20
23 22
12
10
8. p. 8
Symantec Corporation
Symantec Intelligence Report :: JANUARY 2015
Top-Ten Types of Information Breached
Source: Symantec :: FEBRUARY 2014 — JANUARY 2015
Real Names
Home Address
Gov ID numbers (Soc Sec)
Financial Information
Birth Dates
Email Addresses
Medical Records
Phone Numbers
Usernames Passwords
Insurance
01
02
03
04
05
06
07
08
09
10
67%
43%
43%
36%
33%
23%
23%
21%
17%
9%
Methodology
This data is procured from the Norton Cybercrime Index (CCI). The Norton CCI is a statistical model
that measures the levels of threats, including malicious software, fraud, identity theft, spam,
phishing, and social engineering daily. The data breach section of the Norton CCI is derived from
data breaches that have been reported by legitimate media sources and have exposed personal
information.
In some cases a data breach is not publicly reported during the same month the incident occurred,
or an adjustment is made in the number of identities reportedly exposed. In these cases, the data in
the Norton CCI is updated. This causes fluctuations in the numbers reported for previous months
when a new report is released.
10. p. 10
Symantec Corporation
Symantec Intelligence Report :: JANUARY 2015
Malware Tactics
At a Glance
• W32.Ramnit!html was the
most common malware
blocked in January.
• W32.Ramnit and W32.
Sality variants continue
to dominate the top-ten
malware list.
• The most common
OSX threat seen on OSX
was OSX.RSPlug.A,
making up 19.2 percent
of all OSX malware found
on OSX Endpoints.
• The amount of ransom-
ware seen during January
decreased slightly when
compared to December.
Top-Ten Malware
Source: Symantec :: JANUARY 2015
Rank Name January December
1 W32.Ramnit!html 6.5% 5.1%
2 W32.Almanahe.B!inf 5.8% 5.2%
3 W32.Sality.AE 5.5% 5.0%
4 W32.Ramnit.B 4.4% 3.7%
5 W32.Downadup.B 2.7% 2.4%
6 W32.Ramnit.B!inf 2.7% 2.3%
7 W32.SillyFDC.BDP!lnk 2.1% 1.6%
8 W32.Virut.CF 1.7% 1.7%
9 W97M.Downloader 1.2% –
10 W32.SillyFDC 1.1% 1.1%
Top-Ten Mac OSX Malware Blocked
on OSX Endpoints
Source: Symantec :: JANUARY 2015
Rank Malware Name January December
1 OSX.RSPlug.A 19.2% 10.1%
2 OSX.Keylogger 18.9% 16.3%
3 OSX.Wirelurker 10.5% 13.6%
4 OSX.Klog.A 9.3% 7.6%
5 OSX.Okaz 8.8% 11.2%
6 OSX.Luaddit 8.0% 9.3%
7 OSX.Stealbit.B 6.1% 4.1%
8 OSX.Flashback.K 3.2% 6.3%
9 OSX.Freezer 2.6% 2.7%
10 OSX.Weapox 2.4% –
11. p. 11
Symantec Corporation
Symantec Intelligence Report :: JANUARY 2015
Ransomware Over Time
Source: Symantec :: FEBRUARY 2014 — JANUARY 2015
THOUSANDS
J
2015
DNOSAJJMAMF
108
365
518
349
236 230
183
149
95 80 77
116
12. p. 12
Symantec Corporation
Symantec Intelligence Report :: JANUARY 2015
Number of Vulnerabilities
Source: Symantec :: FEBRUARY 2014 — JANUARY 2015
100
200
300
400
500
600
700
800
J
2015
DNOSAJJMAMF
438
575
600 596
457
428
399
542 562 579
473 494
Zero-Day Vulnerabilities
Source: Symantec :: FEBRUARY 2014 — JANUARY 2015
1
2
3
4
5
6
7
8
J
2015
DNOSAJJMAMF
0 0 0 0 0
1
2 2
5
0
1
4
Vulnerabilities
At a Glance
• There were 494 vulner-
abilities disclosed during
the month of January.
• There were two zero-day
vulnerability disclosed
during January.
• Google Chrome reported
the most browser vulner-
abilities during the month
of January.
• Oracle, reporting on the
Java program, disclosed
the most plug-in vulner-
abilities over the same
time period.
13. p. 13
Symantec Corporation
Symantec Intelligence Report :: JANUARY 2015
Browser Vulnerabilities
Source: Symantec :: FEBRUARY 2014 — JANUARY 2015
20
40
60
80
100
J
2015
DNOSAJJMAMF
Opera
Mozilla Firefox
Microsoft Internet Explorer
Google Chrome
Apple Safari
Plug-in Vulnerabilities
Source: Symantec :: FEBRUARY 2014 — JANUARY 2015
10
20
30
40
50
60
70
80
Java
Apple
Adobe
ActiveX
J
2014
DNOSAJJMAMF
15. p. 15
Symantec Corporation
Symantec Intelligence Report :: JANUARY 2015
Mobile
Mobile Malware Families by Month,
Android
Source: Symantec :: FEBRUARY 2014 — JANUARY 2015
8
6
2
4
2 2
3
5
3
4 4
3
1
2
3
4
5
6
7
8
9
10
J
2014
DNOSAJJMAMF
At a Glance
• There were three Android
malware families discov-
ered in January.
17. p. 17
Symantec Corporation
Symantec Intelligence Report :: JANUARY 2015
Phishing and Spam
Phishing Rate
Source: Symantec :: FEBRUARY 2014 — JANUARY 2015
1 in 0
1 in 500
1 in 1000
1 in 1500
1 in 2000
1 in 2500
J
2015
DNOSAJJMAMF
2041
1610
647
1517
1004
478
370
731
395
496
1290
1587
At a Glance
• The phishing rate rose
in January, at one in
1,004 emails, up from
one in 1,517 emails in
December.
• The global spam rate was
54 percent for the month
of January.
• One out of every 207
emails contained a virus.
• Of the email traffic in the
month of December, 5
percent contained a mali-
cious URL.
Global Spam Rate
Source: Symantec :: FEBRUARY 2014 — JANUARY 2015
10
20
30
40
50
60
70
80
90
100%
J
2014
DNOSAJJMAMF
55 55 54
62
66
59
61 60
64 63
58 55
18. p. 18
Symantec Corporation
Symantec Intelligence Report :: JANUARY 2015
Email Threats
Proportion of Email Traffic
Containing URL Malware
Source: Symantec :: FEBRUARY 2014 — JANUARY 2015
10
20
30
40
50
60
70
80
90
100%
J
2015
DNOSAJJMAMF
6 7
41
14
5
14
6 3
14
7 8
3
1 in 50
1 in 100
1 in 150
1 in 200
1 in 250
1 in 300
1 in 350
1 in 400
1 in 450
1 in 500
J
2015
DNOSAJJMAMF
Proportion of Email Traffic
in Which Virus Was Detected
Source: Symantec :: FEBRUARY 2014 — JANUARY 2015
351
329
246
195
207
188
141
234
183
232
351
270
19. p. 19
Symantec Corporation
Symantec Intelligence Report :: JANUARY 2015
About Symantec
More Information
• Symantec Worldwide: http://www.symantec.com/
• ISTR and Symantec Intelligence Resources: http://www.symantec.com/threatreport/
• Symantec Security Response: http://www.symantec.com/security_response/
• Norton Threat Explorer: http://us.norton.com/security_response/threatexplorer/
• Norton Cybercrime Index: http://us.norton.com/cybercrimeindex/
Symantec Corporation (NASDAQ: SYMC) is an information protection expert that helps
people, businesses and governments seeking the freedom to unlock the opportunities
technology brings – anytime, anywhere. Founded in April 1982, Symantec, a Fortune
500 company, operating one of the largest global data-intelligence networks, has
provided leading security, backup and availability solutions for where vital information
is stored, accessed and shared. The company’s more than 20,000 employees reside in
more than 50 countries. Ninety-nine percent of Fortune 500 companies are Symantec
customers. In fiscal 2013, it recorded revenues of $6.9 billion. To learn more go to
www.symantec.com or connect with Symantec at: go.symantec.com/socialmedia.