The document is the Symantec Internet Security Threat Report Volume XV which analyzes global cybersecurity threats. It finds that (1) malicious activity is taking root in emerging countries like Brazil, India, and Poland; (2) targeted attacks continue to focus on enterprises using Advanced Persistent Threats; and (3) consumers remain plagued by web-based attacks exploiting vulnerabilities in widely used applications like Internet Explorer.
2. Global Intelligence Network
Identifies more threats, takes action faster & prevents impact
Calgary, Alberta Dublin, Ireland
Tokyo, Japan
San Francisco, CA
Mountain View, CA Austin, TX Chengdu, China
Culver City, CA
Taipei, Taiwan
Chennai, India
Pune, India
Worldwide Coverage Global Scope and Scale 24x7 Event Logging
Rapid Detection
Attack Activity Malware Intelligence Vulnerabilities Spam/Phishing
• 240,000 sensors • 133M client, server, • 35,000+ vulnerabilities • 5M decoy accounts
• 200+ countries gateways monitored • 11,000 vendors • 8B+ email messages/day
• Global coverage • 80,000 technologies • 1B+ web requests/day
Preemptive Security Alerts Information Protection Threat Triggered Actions
Symantec Internet Security Threat Report 2
3. Threat Landscape – Key Findings
• Malicious activity takes root in emerging countries.
• Targeted attacks focus on enterprises.
• Consumers still plagued by Web-based attacks.
• Attack kits make information theft easier for novices.
• Underground economy unaffected by the global economy.
Symantec Internet Security Threat Report 3
4. Threat Landscape
Malicious activity takes root in emerging countries
• First time since 2006 Germany not ranked 3rd.
• Brazil, India, and Poland all experienced growth in malicious
activity.
• All three countries are ranked in the top 5 in at least one
category.
Malicious Activity by Country
Symantec Internet Security Threat Report 4
5. Threat Landscape
Malicious activity takes root in emerging countries
• Brazil and India also prominent in countries where Web-based
attacks originate.
• Web-based attacks may also be partly related to bot activity.
Countries of Origin for Web-based Attacks
Symantec Internet Security Threat Report 5
6. Threat Landscape
Malicious activity takes root in emerging countries
• Many countries with emerging Internet infrastructure
experienced significant increases in spam activity.
• Brazil and India have seen large growth in IT infrastructure and
broadband development.
Top Countries of Spam Origin
Symantec Internet Security Threat Report 6
7. Threat Landscape
Targeted attacks focus on enterprises
• Frequently carried out by Advanced Persistent Threats (APTs).
• These threats remain undetected to penetrate deeply into the
network.
Symantec Internet Security Threat Report 7
8. Threat Landscape
Consumers still plagued by Web-based attacks
• 4 of the top 5 attacks in 2009 targeted client-side
vulnerabilities.
• These attacks target vulnerabilities in widely deployed
applications.
Top Attacked Vulnerabilities, 2009
Top Attacked Vulnerabilities, 2008
Symantec Internet Security Threat Report 8
9. Threat Landscape
Consumers still plagued by Web-based attacks
• Top Web-based attacks targeted Internet Explorer and PDF
readers.
• Browser plug-ins like ActiveX continue to be popular targets.
Symantec Internet Security Threat Report 9
10. Threat Landscape
Attack kits make information theft easier for novices
• Kits allow unskilled attackers to enter the market with
sophisticated tools.
• Increase in kit activity notably marked by Zeus.
Symantec Internet Security Threat Report 10
11. Threat Landscape
Underground Economy unaffected by global economy
• Credit card info and bank accounts still top advertised items on
underground economy.
• Credit card dumps saw a marked increase in advertisements.
Symantec Internet Security Threat Report 11
12. Threat Landscape
Underground Economy unaffected by global economy
• Spam and phishing attacks targeting financial services
unaffected.
• 78% of phishing URLs observed target financial brands.
Symantec Internet Security Threat Report 12
13. Threat Landscape Will Change: Stay Informed
symantec.com/threatreport
…or follow @threatintel on twitter
• Global Report & Executive Summary
• Regional data sheets for EMEA, APJ and LAM
• Blogs
• Podcasts
• Links to other Symantec Security Response research
Symantec Internet Security Threat Report 13