Malicious cyber-attacks increased 81 percent during 2011 in comparison with the prior year, and criminals devoted less attention to spam and other well-known methods of exploiting security holes in preference for specifically targeted attacks, according to a new report from Symantec.
The number of targeted attacks using social engineering and customized malware to gain unauthorized access to sensitive information grew from 77 per day to 82 per day by the end of 2011, Symantec said. Furthermore, hackers began targeting companies and government organizations of all sizes.
Cyber-criminals also adopted new strategies for targeting the security vulnerabilities of smartphones, media tablets and other mobile devices. Mobile vulnerabilities increased by a whopping 93 percent last year -- and with the number of threats targeting Google's Android mobile platform rising significantly.
"One of the most popular ways for phone malware authors to make money is by sending premium SMS messages from infected phones," the new report's authors wrote. "This technique was used by 18 percent of the mobile threats identified in 2011."
Unfortunately, there is no single preventive measure that will guarantee safety from all attacks, said Kevin Haley, the director of product management at Symantec Security Response.
"There are so many kinds of attacks that it's difficult for users to know what threats are the most dangerous, and how to stay on top of them, Haley wrote in a blog post Monday."But each can be dealt with individually."
SMB Security Threats
When huge corporations or government organizations get hacked the events generate a flurry of newspaper headlines. However, more than half of last year's targeted attacks were actually directed at enterprises with fewer than 2,500 employees -- and over 18 percent targeted organizations with fewer than 250 employees.
"They're not just targeting executives with deep access to confidential information either," Haley warned. "Fifty-eight percent of people who are being targeted are in positions such as public relations, human resources and sales -- positions that can provide cyber-criminals with corporate information and open the door to more attacks."
Hackers stole 187 million personal identities last year, with the average yield per data breach amounting to 1.1 million identities. According to Symantec, identity theft gleaned from lost or stolen PCs or mobile devices also exposed 18.5 million identities in 2011. (continued...)