This is the time of year when multiple security vendors publish their respective full-year 2011 security research reports. Today, Symantec released Volume 17 of its Internet Security Threat Report, which shows trends that mirror similar reports released in recent weeks by HP and Microsoft -- but with several new insights as well.
As other security vendors have reported, attack volume increased in 2011 even though the number of reported new vulnerabilities declined. According to Symantec's data, the number of attacks rose by 81 percent. (In contrast, HP reported an attack volume increase of just 11 percent.) Like HP, Symantec reported a 20 percent decline in the number of new vulnerabilities discovered in 2011.
Exploit kits have a lot to do with the rise in attacks, according to Symantec. Liam O Murchu, manager of operations at Symantec's North American security response center, told eSecurityPlanet that hackers have increasingly been making use of easy-to-use exploit kits in their attacks.
Murchu also noted that attackers are to a greater extent leveraging social media to help launch and execute attacks. Specifically, Murchu pointed to an increase in clickjacking-type attacks related to social networking sites. "If you click on a link in Facebook for example, [the action] can actually propogate [itself] and send messages to all of your friends without you realizing it," Murchu said.
Now the good news: The volume of spam declined in 2011 -- dropping to an average of 75.1 percent of all email in 2011, compared with 88.5 percent in 2010. According to Symantec, that's the lowest lowest level of spam seen in the past three years. The decline in spam is due in large part to the waning influence of spam-sending botnets, Murchu said. He pointed to the takedown of the Rustock botnet in 2011 as being a key contributor to the decline of spam.
News 1 year ago
