The 2013 Internet Security Threat Report: Year of the Mega Data Breach


Once again, it’s time to reveal the latest findings from our Internet Security Threat Report (ISTR), which looks at the current state of the threat landscape, based on our research and analysis from the past year. Key trends from this year’s report include the large increase in data breaches and targeted attacks, the evolution of mobile malware and ransomware, and the potential threat posed by the Internet of Things. We’ll explore each of these topics in greater detail below.

The year of the mega data breach
While 2011 was hailed by many as the “Year of the Data Breach,” breaches in 2013 far surpassed previous years in size and scale. For 2013, we found the number of data breaches grew 62 percent from 2012, translating to more than 552 million identities exposed last year – an increase of 368 percent. This was also the first year that the top eight data breaches each resulted in the loss of tens of millions of identities – making it truly the year of the “mega” data breach. By comparison, only one data breach in 2012 reached that distinction.

Attackers set their sights on medium-sized businesses
If you’ve been following our reports, you know that small and medium-sized businesses (SMBs) are a key target for attackers, and this year proved no exception to the trend. In 2013, SMBs collectively made up more than half of all targeted attacks at 61 percent – up from 50 percent in 2012 – with medium-sized (2,500+ employees) businesses seeing the largest increase.

Attacks against businesses of all sizes grew, with an overall increase of 91 percent from 2012. Similar to last year, cybercriminals deployed watering hole attacks and spear-phishing to increase the efficiency of their campaigns. However, spear-phishing campaigns were down 23 percent, with cybercriminals relying less on emails to carry out their attack campaigns. Watering hole attacks allowed the bad guys to run more campaigns through drive-by-downloads, targeting victims at the websites they frequently visit. Efforts were also aided by a 61 percent increase in zero-day vulnerabilities, which allowed attackers to set up on poorly patched sites and infect their victims with little or no additional effort required. 

Government remained the most targeted industry (16 percent of all attacks). This year we looked at not only the volume of attacks but also at who are the preferred targets and what are the odds of being singled out. The bad news is that no one faces favorable odds and we all need to be concerned about targeted attacks. However, looking at the odds produced some surprises. If you’re a personal assistant working at a mid-sized mining company, I have bad news for you – you topped the “most wanted” list for attackers. 

Mobile malware and madware invades consumers’ privacy
While many people download new apps to their mobile devices without a second thought, many malicious apps contain highly annoying or unwanted capabilities. Of the new malware threats written in 2013, 33 percent tracked users and 20 percent collected data from infected devices. 2013 also saw the first remote access toolkits (or RATs) begin to appear for Android devices. When running on a device, these RATs can monitor and make phone calls, read and send SMS messages, get the device’s GPS coordinates, activate and use the camera and microphone and access files stored on the device – all without the knowledge or consent of the victim.

Ransomware growth explodes and turns even more vicious 
As we had previously predicted, ransomware, the malicious software that locks computers and files, grew rapidly in 2013. Ransomware saw an explosive 500 percent growth over last year and remained a highly profitable enterprise for the bad guys, netting $100 to $500 USD for each successful ransom payment. We also saw attackers become more vicious by holding data hostage through high-end encryption and threatening to delete the information forever if the fee was not paid within the given time limit.

The future of identity theft: The Internet of Things
Which of these things have been hacked in the past year: a refrigerator or a baby monitor? When I ask customers this question, they often reply, “Both.” The correct answer is the baby monitor. Despite what you may have heard on the news, Internet connected refrigerators have yet to be attacked. But never say never. Security researchers in 2013 demonstrated that attacks against cars, security cameras, televisions and medical equipment are all possible. The refrigerator’s time will come. The Internet of Things (IoT) is on its way and related threats are sure to follow. In this year’s report, we talk about what we’ve seen so far, and the consensus is that the Internet connected device at most risk of attack today is the home router.

What comes next? With personal details and financial information being stored on IoT devices, it’s only a matter of time before we find a true case of a refrigerator being hacked. Right now, security is an afterthought for most manufacturers and users of these devices, and it will likely take a major security incident before it is seriously considered. However, by starting the conversation now about the potential security risks, we will be that much more prepared when that day comes. This year’s ISTR starts the conversation. 

For more details, check out the complete Internet Security Threat Report, Vol. 19.

Internet Security Threat Report Readership Survey

Symantec’s Internet Security Threat Report (ISTR) is an annual report which provides an overview and in-depth analysis of the online security landscape over the previous year. The report is based on data from Symantec’s Global Intelligence Network, which Symantec analysts use to identify, analyze, and provide commentary on emerging trends in cyberattacks, malicious code activity, phishing, and spam as well as the wider threat landscape trends in general.

The latest release, ISTR volume 18, may be considered the most comprehensive and detailed to date. Among other findings, the report incorporated up-to-date data and analysis on targeted attacks, data breaches, malware, spam, vulnerabilities, and mobile malware.

Everyone in Symantec is extremely proud of the ISTR; however, this is no time to rest on our laurels. We are constantly looking to improve the quality of our products and services. This includes the ISTR. To that end, we would like to elicit the help of our readers with the first ever ISTR readership survey. Through engaging with the ISTR readership, we hope that we can better tailor future reports to suit your needs and wants.

For example, would you like to see more in the report on data breaches? Perhaps you want to see an even wider focus on targeted attacks? Now is your chance to tell us your preferences, which parts you enjoy, and which parts you may want to skip over. While we will always endeavor to provide you with the best information about the most pertinent threats, we want to know what this means to our individual readers and the businesses they may represent in order to better understand how the report is being used.

We also want to find out whether you would prefer to receive more frequent ISTR-style reports in addition to the annual publication. Now is your chance to share your thoughts on all things ISTR—as the saying goes, help us to help you.

You can be heard by completing our ISTR user survey. It is quick and easy to complete, and your contributions are invaluable to us as we strive to improve the quality of our output. We would also encourage you, if you can, to share the survey with as many of your ISTR reading friends or colleagues as possible.

Thanks for reading and for helping out. We look forward to collecting your responses and making the ISTR a more responsive, tailored, and user friendly report, and we hope that you will continue to enjoy reading the report well into the future.

Take the survey

Save the Date: ISTR 17 Twitter Chat

Join Symantec security experts on Twitter (using the #ISTR hashtag) on Tuesday, May 15, at 10 a.m. PT / 1 p.m. ET to chat about the key trends highlighted in Symantec’s recently released Internet Security Threat Report, Volume 17.

This year’s report, which covers the major threat trends observed by Symantec in 2011, highlights several troubling developments. For example:

  • Symantec blocked more than 5.5 billion malicious attacks in 2011, an increase of 81 percent over the previous year.
  • The number of unique malware variants increased to 403 million and the number of Web attacks blocked per day increased by 36 percent.
  • Targeted attacks are growing, with the number of daily targeted attacks increasing from 77 per day to 82 per day by the end of 2011. The targets of these attacks are also becoming more diverse, with SMBs being targeted in addition to large enterprises.

The news isn’t all bad, however, with several positive trends also being called out; though these trends do demonstrate there are two sides to every coin. For instance:

  • Spam levels have fallen by 13 percent, though this is likely a result of attackers turning more of their attention to social networks as attack vectors.
  • Overall, new vulnerabilities discovered in 2011 decreased by 20 percent. However, new mobile device-related vulnerabilities discovered during the year increased by 93 percent.

The report is based on data from the Global Intelligence Network, which Symantec's analysts use to identify, analyze, and provide commentary on emerging trends in attacks, malicious code activity, phishing, and spam.

So, mark your calendars now:

Symantec ISTR Twitter Chat

Date: Tuesday, May 15, 2012
Time: Starts at 10 a.m. PT / 1 p.m. ET
Length: 1 hour
Where: On; follow the hashtag #ISTR

Expert participants:

  • Paul Wood, Senior Intelligence Analyst, Symantec (@paulowoody)
  • Kevin Haley, Director of Product Management, Security Technology and Response, Symantec (@KPHaley)