Cyber criminals are turning to social networks to launch their malware while organisations are becoming victims of targeted attacks, according to security vendor Symantec.
Findings from its Internet Security Threat Report, Volume 17 indicate that Symantec systems blocked more than 5.5 billion malicious attacks in 2011, an increase of 81 percent over the previous year.
The report suggests that cyber criminals are turning to social networks to launch their attacks. The very nature of these networks makes users incorrectly assume they are not at risk and attackers are using these sites to target new victims.
Targeted attacks on organisations are growing, with the number of daily targeted attacks increasing from 77 per day to 82 per day by the end of 2011.
And these attacks are no longer limited to large organisations. More than 50 percent of such attacks target organisations with fewer than 2,500 employees, and almost 18 percent target companies with fewer than 250 employees.
These organisations may be targeted because they are in the supply chain or partner ecosystem of a larger company and because they are less well-defended. Furthermore, 58 percent of attacks target non-execs, employees in roles such as human resources, public relations and sales. Individuals in these jobs may not have direct access to information, but they can serve as a direct link into the company.
"In 2011, cyber criminals greatly expanded their reach, with nearly 20 percent of targeted attacks now directed at companies with fewer than 250 employees," said Stephen Trilling, chief technology officer, Symantec.
Meanwhile, about 1.1 million identities were stolen per data breach on average in 2011, a dramatic increase over the amount seen in any other year, said Symantec.
The most frequent cause of data breaches that could facilitate identity theft was theft or loss of a computer or other medium on which data is stored or transmitted, such as a smartphone, USB key or a backup device. These theft-or loss-related breaches exposed 18.5 million identities.
Symantec also warned that with more mobile devices brought into the workplace, there may be an increase in data breaches as lost mobile devices present risks to information if not properly protected.
With the number of vulnerabilities in the mobile space rising and malware authors not only reinventing existing malware for mobile devices, but creating mobile-specific malware geared to the unique mobile opportunities, 2011 was the first year that mobile malware presented a tangible threat to businesses and consumers. These threats are designed for activities including data collection, the sending of content, and user tracking.
"We've also seen a large increase in attacks on mobile devices, making these devices a viable platform for attackers to leverage in targeting sensitive data," said Trilling.
Sign up for Computerworld eNewsletters.