SlideShare a Scribd company logo
1 of 20
Symantec Intelligence Report

    October 2011


Symantec Intelligence              1
The Symantec Intelligence Report
The new Symantec Intelligence Report combines the best
research and analysis from Symantec:
• Symantec.cloud MessageLabs Intelligence Report
• Symantec State of Spam & Phishing Report


The Symantec Intelligence Report integrated report provides the
latest analysis of cyber security threats, trends and insights from
the Symantec Intelligence team




Symantec Intelligence                                                 2
October 2011 Highlights
• Spam – 74.2 percent in October (a decrease of 0.6 percentage points since September
  2011)
• Phishing – One in 343.1 emails identified as phishing (an increase of 0.07 percentage
  points since September 2011)
• Malware – One in 235.8 emails in October contained malware (a decrease of 0.11
  percentage points since September 2011)
• Malicious Web sites – 3,325 Web sites blocked per day (a decrease of 4.3 percent since
  September 2011)
• 43.9 percent of all malicious domains blocked were new in October (a decrease of 0.7
  percentage points since September 2011)
• 15.2 percent of all Web-based malware blocked was new in October (an increase of 0.7
  percentage points since September 2011)
• Spammers setting up more URL shortening services
• Social engineering example from the East
• New Symantec Research: W32.Duqu - Precursor to the Next Stuxnet
• New Symantec Research: The Motivations of Recent Android Malware
• Best Practices for Enterprises and Users


Symantec Intelligence                                                                      3
Spammers setting up more URL shortening services




                        87x domains




                                      YOUR LINK:
                                      http://blah.[...].info
Symantec Intelligence                                          4
Social engineering example from the East




Symantec Intelligence                      5
W32.Duqu - The Precursor to the next Stuxnet
• Read the blog
• Download the whitepaper
    – www.symantec.com/outbreak


• Check with PR for
  spokesperson availability...




Symantec Intelligence                          6
Spam Rate & Sources
                      7
Additional Spam Metrics
Spam Attack Vectors


25%

20%                                       Attachment        NDR       Malware

15%

10%

  5%

  0%
       10-Sep           15-Sep   20-Sep    25-Sep      30-Sep     5-Oct         10-Oct




• Low NDR rate is indicative that dictionary attacks not in high use
• Attachment spam trends closely correlate with malware rate

Symantec Intelligence                                                                    8
Additional Spam Metrics
Spam URL TLD Distribution

                                                     Change
TLD                          October   September
                                                   (% points)
.com                          57.3%        59.5%         -2.2
.info                          8.2%        10.5%         -2.3
.ru                            8.4%         8.1%        +0.3
.net                           5.3%         5.8%         -0.5
 Average Spam Message Size

                                                     Change
Message Size                 October   September
                                                   (% points)
0Kb – 5Kb                      59.0%       48.1%       +10.9
5Kb – 10Kb                     26.3%       25.6%        +0.7
>10Kb                          14.7%       26.2%        -11.5



Symantec Intelligence                                           9
Spam Subject Line Analysis

        October 2011                            No. of   September 2011                             No. of
Rank    Total Spam: Top Subject Lines            Days    Total Spam: Top Subject Lines               Days
1       NACHA security nitification                 2    UPS notification                               6
2       ACH Payroll Cancelled                       2    Uniform traffic ticket                         4
3       ACH Transfer Review                         6    You have notifications pending                22
4       Re: Back to School Software Sale            6    SALE OFF: Pharmacy store!                      2
5       0                                           6    (blank subject line)                          31
        Facebook Administration has sent you
6                                                   9    Re: Windows 7, Office 2010, Adobe CS5 …       12
        a notification
        Fw: Fw: Fw: Fw: Windows 7, Office
7                                                  18    Sarah Sent You A Message                      11
        2010, Adobe CS5 …
        Re: Windows 7, Office 2010, Adobe                Ed-Meds-Antidepressants-And-Pain Relief-
8                                                  18                                                  25
        CS5 …                                            Meds-8O%-OFF
        Fw: Fw: Fw: Windows 7, Office 2010,              Fw: Fw: Fw: Fw: Windows 7, Office 2010,
9                                                  18                                                   9
        Adobe CS5 …                                      Adobe CS5 …
        Re: Re: Re: Re: Re: Windows 7, Office
10                                                 18    Fw: Windows 7, Office 2010, Adobe CS5 …        9
        2010, Adobe CS5 …




Symantec Intelligence                                                                                        10
Additional Spam Metrics
Global Spam Categories

Category Name             October 2011   September 2011
Pharmaceutical                  37.5%            52.5%
Casino/Gambling                 23.5%            16.0%
Watches/Jewelry                 15.0%              7.5%
Unsolicited Newsletters           6.5%           14.5%
Scams/Fraud/419                   6.0%           <0.5%
Weight Loss                       4.5%             1.5%
Adult/Sex/Dating                  2.5%             3.5%
Unknown/Other                     1.5%             4.0%
Software                          1.5%             0.5%
Jobs/Recruitments                 0.5%             1.0%
Degrees/Diplomas                  0.5%           <0.5%
Malware                           0.5%             0.5%
Phishing                          0.5%             0.5%
Symantec Intelligence                                     11
Phishing Rate & Sources




                          12
Phishing Rate & Sources




                          13
Tactics of Phishing Distribution
      Automated Toolkits                                   21.8%

   Other Unique Domains                                            58.7%

      IP Address Domains            4.1%

  Free Web Hosting Sites                           13.3%

           Typosquatting        2.0%




 Organizations Spoofed in Phishing Attacks, by Industry
 Sector
                 Financial                                         85.7%


      Information Services                 11.6%


                   Others      2.6%


             Government      0.2%



Symantec Intelligence                                                      14
Email Virus Rate




                   15
Most Frequently Blocked Email Malware
   Malware Name                                  % Malware
   Gen:Trojan.Heur.FU.bqW@a8hiAJoi                   6.51%
   W32/Generic-0922-13ca-13ca                        5.95%
   Exploit/Link-generic-ee68                         5.86%
   Gen:Variant.Ursnif.16                             3.91%
   Trojan.Bredolab!eml-866c                          3.28%
   Gen:Trojan.Heur.FU.bqW@aS39a0fi                   2.02%
   Trojan.Bredolab!eml-4e1b                          1.96%
   Gen:Trojan.Heur.FU.bqW@a0CDPdfi                   1.74%
   W32/Generic-703e-4489                             1.55%
   Exploit/FakeAttach                                1.43%

 • 45% of email-borne malware was associated with variants
 of generic polymorphic malware, including Bredolab,
 Sasfis, SpyEye and Zeus variants; (vs 72% in September)
Symantec Intelligence                                        16
New Web Malware and Spyware Sites Per Day




 • 43.9% of malicious domains blocked were new in October
 (-0.7 percentage points)

 • 15.2% of Web-based malware blocked was new in October
 (+0.7 percentage points)



Symantec Intelligence                                       17
Policy, Malware & Potentially Unwanted Programs




Symantec Intelligence                             18
Most Frequently Blocked Malware at the Endpoint
  Malware Name                                                                                                                      % Malware
  W32.Sality.AE                                                                                                                               7.19%
  W32.Ramnit!html                                                                                                                             7.18%
  Trojan.Bamital                                                                                                                              6.03%
  W32.Ramnit.B!inf                                                                                                                            5.72%
  WS.Trojan.H                                                                                                                                 5.70%
  W32.Downadup.B                                                                                                                              3.19%
  W32.SillyFDC.BDP!lnk                                                                                                                        3.05%
  W32.Virut.CF                                                                                                                                2.74%
  Trojan.ADH.2                                                                                                                                2.58%
  Trojan.ADH                                                                                                                                  2.55%

   • Approximately 17.6 percent of the most frequently blocked was identified
   and blocked using generic detection

                         [1] For further information on these threats, please visit: http://www.symantec.com/business/security_response/landing/threats.jsp




Symantec Intelligence                                                                                                                                         19
Where to next?
• Web:
    – www.symanteccloud.com/intelligence
    – www.symantec.com/spam


• Twitter:
    – @symanteccloud
    – @threatintel
    – @paulowoody




Symantec Intelligence                      20

More Related Content

Viewers also liked

RSA 2010 Francis De Souza
RSA 2010 Francis De SouzaRSA 2010 Francis De Souza
RSA 2010 Francis De SouzaSymantec
 
Holidays placesandactivites
Holidays placesandactivitesHolidays placesandactivites
Holidays placesandactivitesSusana Sousa V
 
Top Cyber Threats of 2009
Top Cyber Threats of 2009Top Cyber Threats of 2009
Top Cyber Threats of 2009Symantec
 
SMB Threat Awareness Poll Global Results 2011
SMB Threat Awareness Poll Global Results 2011SMB Threat Awareness Poll Global Results 2011
SMB Threat Awareness Poll Global Results 2011Symantec
 
Symantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global FindingsSymantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global FindingsSymantec
 
Symantec Control Compliance Suite 11, February 2012
Symantec Control Compliance Suite 11, February 2012Symantec Control Compliance Suite 11, February 2012
Symantec Control Compliance Suite 11, February 2012Symantec
 
BackupExec 2012 Feedback
BackupExec 2012 FeedbackBackupExec 2012 Feedback
BackupExec 2012 FeedbackSymantec
 
Symantec 2011 Information Retention and eDiscovery Survey Global Key Findings
Symantec 2011 Information Retention and eDiscovery Survey Global Key FindingsSymantec 2011 Information Retention and eDiscovery Survey Global Key Findings
Symantec 2011 Information Retention and eDiscovery Survey Global Key FindingsSymantec
 

Viewers also liked (8)

RSA 2010 Francis De Souza
RSA 2010 Francis De SouzaRSA 2010 Francis De Souza
RSA 2010 Francis De Souza
 
Holidays placesandactivites
Holidays placesandactivitesHolidays placesandactivites
Holidays placesandactivites
 
Top Cyber Threats of 2009
Top Cyber Threats of 2009Top Cyber Threats of 2009
Top Cyber Threats of 2009
 
SMB Threat Awareness Poll Global Results 2011
SMB Threat Awareness Poll Global Results 2011SMB Threat Awareness Poll Global Results 2011
SMB Threat Awareness Poll Global Results 2011
 
Symantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global FindingsSymantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global Findings
 
Symantec Control Compliance Suite 11, February 2012
Symantec Control Compliance Suite 11, February 2012Symantec Control Compliance Suite 11, February 2012
Symantec Control Compliance Suite 11, February 2012
 
BackupExec 2012 Feedback
BackupExec 2012 FeedbackBackupExec 2012 Feedback
BackupExec 2012 Feedback
 
Symantec 2011 Information Retention and eDiscovery Survey Global Key Findings
Symantec 2011 Information Retention and eDiscovery Survey Global Key FindingsSymantec 2011 Information Retention and eDiscovery Survey Global Key Findings
Symantec 2011 Information Retention and eDiscovery Survey Global Key Findings
 

Similar to 2011 October Symantec Intelligence Report

Symantec Intelligence Report August 2011
Symantec Intelligence Report August 2011Symantec Intelligence Report August 2011
Symantec Intelligence Report August 2011Symantec
 
2012 February Symantec Intelligence Report
2012 February Symantec Intelligence Report2012 February Symantec Intelligence Report
2012 February Symantec Intelligence ReportSymantec
 
Symantec Intelligence Report: February 2015
Symantec Intelligence Report: February 2015Symantec Intelligence Report: February 2015
Symantec Intelligence Report: February 2015Symantec
 
Apt presso good to learn
Apt presso   good to learnApt presso   good to learn
Apt presso good to learnFajar Isnanto
 
Open Source Security
Open Source SecurityOpen Source Security
Open Source SecuritySander Temme
 
Web security – everything we know is wrong cloud version
Web security – everything we know is wrong   cloud versionWeb security – everything we know is wrong   cloud version
Web security – everything we know is wrong cloud versionEoin Keary
 
Symantec Intelligence Report July 2011
Symantec Intelligence Report July 2011Symantec Intelligence Report July 2011
Symantec Intelligence Report July 2011Symantec
 
India Threat Lanscape as per Symantec Research
India Threat Lanscape as per Symantec ResearchIndia Threat Lanscape as per Symantec Research
India Threat Lanscape as per Symantec ResearchMehul Doshi
 
Vulnerability Assessments:Burp Suite
Vulnerability Assessments:Burp SuiteVulnerability Assessments:Burp Suite
Vulnerability Assessments:Burp Suitesportblonde1589
 
Patch Management Best Practices 2019
Patch Management Best Practices 2019Patch Management Best Practices 2019
Patch Management Best Practices 2019Ivanti
 
Internet threats and issues in korea 120325 eng_slideshare
Internet threats and issues in korea 120325 eng_slideshareInternet threats and issues in korea 120325 eng_slideshare
Internet threats and issues in korea 120325 eng_slideshareYoungjun Chang
 
Protect Yourself Against Today's Cybercriminals and Hackers
Protect Yourself Against Today's Cybercriminals and HackersProtect Yourself Against Today's Cybercriminals and Hackers
Protect Yourself Against Today's Cybercriminals and HackersKaseya
 
Chaos Engineering Without Observability ... Is Just Chaos
Chaos Engineering Without Observability ... Is Just ChaosChaos Engineering Without Observability ... Is Just Chaos
Chaos Engineering Without Observability ... Is Just ChaosCharity Majors
 
Keynote fx try harder 2 be yourself
Keynote fx   try harder 2 be yourselfKeynote fx   try harder 2 be yourself
Keynote fx try harder 2 be yourselfDefconRussia
 
Maximize Computer Security With Limited Ressources
Maximize Computer Security With Limited RessourcesMaximize Computer Security With Limited Ressources
Maximize Computer Security With Limited RessourcesSecunia
 
Cloud Security Primer - F5 Networks
Cloud Security Primer - F5 NetworksCloud Security Primer - F5 Networks
Cloud Security Primer - F5 NetworksHarry Gunns
 
Cloudexpokeynote5 090518103820 Phpapp02
Cloudexpokeynote5 090518103820 Phpapp02Cloudexpokeynote5 090518103820 Phpapp02
Cloudexpokeynote5 090518103820 Phpapp02Scott Winter
 
Building Great Companies on the Cloud
Building Great Companies on the CloudBuilding Great Companies on the Cloud
Building Great Companies on the CloudRoman Stanek
 
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...Denis Gorchakov
 

Similar to 2011 October Symantec Intelligence Report (20)

Symantec Intelligence Report August 2011
Symantec Intelligence Report August 2011Symantec Intelligence Report August 2011
Symantec Intelligence Report August 2011
 
2012 February Symantec Intelligence Report
2012 February Symantec Intelligence Report2012 February Symantec Intelligence Report
2012 February Symantec Intelligence Report
 
The Dangers of Lapto
The Dangers of LaptoThe Dangers of Lapto
The Dangers of Lapto
 
Symantec Intelligence Report: February 2015
Symantec Intelligence Report: February 2015Symantec Intelligence Report: February 2015
Symantec Intelligence Report: February 2015
 
Apt presso good to learn
Apt presso   good to learnApt presso   good to learn
Apt presso good to learn
 
Open Source Security
Open Source SecurityOpen Source Security
Open Source Security
 
Web security – everything we know is wrong cloud version
Web security – everything we know is wrong   cloud versionWeb security – everything we know is wrong   cloud version
Web security – everything we know is wrong cloud version
 
Symantec Intelligence Report July 2011
Symantec Intelligence Report July 2011Symantec Intelligence Report July 2011
Symantec Intelligence Report July 2011
 
India Threat Lanscape as per Symantec Research
India Threat Lanscape as per Symantec ResearchIndia Threat Lanscape as per Symantec Research
India Threat Lanscape as per Symantec Research
 
Vulnerability Assessments:Burp Suite
Vulnerability Assessments:Burp SuiteVulnerability Assessments:Burp Suite
Vulnerability Assessments:Burp Suite
 
Patch Management Best Practices 2019
Patch Management Best Practices 2019Patch Management Best Practices 2019
Patch Management Best Practices 2019
 
Internet threats and issues in korea 120325 eng_slideshare
Internet threats and issues in korea 120325 eng_slideshareInternet threats and issues in korea 120325 eng_slideshare
Internet threats and issues in korea 120325 eng_slideshare
 
Protect Yourself Against Today's Cybercriminals and Hackers
Protect Yourself Against Today's Cybercriminals and HackersProtect Yourself Against Today's Cybercriminals and Hackers
Protect Yourself Against Today's Cybercriminals and Hackers
 
Chaos Engineering Without Observability ... Is Just Chaos
Chaos Engineering Without Observability ... Is Just ChaosChaos Engineering Without Observability ... Is Just Chaos
Chaos Engineering Without Observability ... Is Just Chaos
 
Keynote fx try harder 2 be yourself
Keynote fx   try harder 2 be yourselfKeynote fx   try harder 2 be yourself
Keynote fx try harder 2 be yourself
 
Maximize Computer Security With Limited Ressources
Maximize Computer Security With Limited RessourcesMaximize Computer Security With Limited Ressources
Maximize Computer Security With Limited Ressources
 
Cloud Security Primer - F5 Networks
Cloud Security Primer - F5 NetworksCloud Security Primer - F5 Networks
Cloud Security Primer - F5 Networks
 
Cloudexpokeynote5 090518103820 Phpapp02
Cloudexpokeynote5 090518103820 Phpapp02Cloudexpokeynote5 090518103820 Phpapp02
Cloudexpokeynote5 090518103820 Phpapp02
 
Building Great Companies on the Cloud
Building Great Companies on the CloudBuilding Great Companies on the Cloud
Building Great Companies on the Cloud
 
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...
 

More from Symantec

Symantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec
 
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec
 
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec
 
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec
 
Symantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec
 
Symantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec
 
Symantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar |  Tips for Successful CASB ProjectsSymantec Webinar |  Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec
 
Symantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec
 
Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec
 
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec
 

More from Symantec (20)

Symantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of Broadcom
 
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
 
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
 
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
 
Symantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own IT
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security Webinar
 
Symantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat Report
 
Symantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec Cloud Security Threat Report
Symantec Cloud Security Threat Report
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar |  Tips for Successful CASB ProjectsSymantec Webinar |  Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB Projects
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
 
Symantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year On
 
Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front Lines
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
 
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
 

Recently uploaded

COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 

Recently uploaded (20)

COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 

2011 October Symantec Intelligence Report

  • 1. Symantec Intelligence Report October 2011 Symantec Intelligence 1
  • 2. The Symantec Intelligence Report The new Symantec Intelligence Report combines the best research and analysis from Symantec: • Symantec.cloud MessageLabs Intelligence Report • Symantec State of Spam & Phishing Report The Symantec Intelligence Report integrated report provides the latest analysis of cyber security threats, trends and insights from the Symantec Intelligence team Symantec Intelligence 2
  • 3. October 2011 Highlights • Spam – 74.2 percent in October (a decrease of 0.6 percentage points since September 2011) • Phishing – One in 343.1 emails identified as phishing (an increase of 0.07 percentage points since September 2011) • Malware – One in 235.8 emails in October contained malware (a decrease of 0.11 percentage points since September 2011) • Malicious Web sites – 3,325 Web sites blocked per day (a decrease of 4.3 percent since September 2011) • 43.9 percent of all malicious domains blocked were new in October (a decrease of 0.7 percentage points since September 2011) • 15.2 percent of all Web-based malware blocked was new in October (an increase of 0.7 percentage points since September 2011) • Spammers setting up more URL shortening services • Social engineering example from the East • New Symantec Research: W32.Duqu - Precursor to the Next Stuxnet • New Symantec Research: The Motivations of Recent Android Malware • Best Practices for Enterprises and Users Symantec Intelligence 3
  • 4. Spammers setting up more URL shortening services 87x domains YOUR LINK: http://blah.[...].info Symantec Intelligence 4
  • 5. Social engineering example from the East Symantec Intelligence 5
  • 6. W32.Duqu - The Precursor to the next Stuxnet • Read the blog • Download the whitepaper – www.symantec.com/outbreak • Check with PR for spokesperson availability... Symantec Intelligence 6
  • 7. Spam Rate & Sources 7
  • 8. Additional Spam Metrics Spam Attack Vectors 25% 20% Attachment NDR Malware 15% 10% 5% 0% 10-Sep 15-Sep 20-Sep 25-Sep 30-Sep 5-Oct 10-Oct • Low NDR rate is indicative that dictionary attacks not in high use • Attachment spam trends closely correlate with malware rate Symantec Intelligence 8
  • 9. Additional Spam Metrics Spam URL TLD Distribution Change TLD October September (% points) .com 57.3% 59.5% -2.2 .info 8.2% 10.5% -2.3 .ru 8.4% 8.1% +0.3 .net 5.3% 5.8% -0.5 Average Spam Message Size Change Message Size October September (% points) 0Kb – 5Kb 59.0% 48.1% +10.9 5Kb – 10Kb 26.3% 25.6% +0.7 >10Kb 14.7% 26.2% -11.5 Symantec Intelligence 9
  • 10. Spam Subject Line Analysis October 2011 No. of September 2011 No. of Rank Total Spam: Top Subject Lines Days Total Spam: Top Subject Lines Days 1 NACHA security nitification 2 UPS notification 6 2 ACH Payroll Cancelled 2 Uniform traffic ticket 4 3 ACH Transfer Review 6 You have notifications pending 22 4 Re: Back to School Software Sale 6 SALE OFF: Pharmacy store! 2 5 0 6 (blank subject line) 31 Facebook Administration has sent you 6 9 Re: Windows 7, Office 2010, Adobe CS5 … 12 a notification Fw: Fw: Fw: Fw: Windows 7, Office 7 18 Sarah Sent You A Message 11 2010, Adobe CS5 … Re: Windows 7, Office 2010, Adobe Ed-Meds-Antidepressants-And-Pain Relief- 8 18 25 CS5 … Meds-8O%-OFF Fw: Fw: Fw: Windows 7, Office 2010, Fw: Fw: Fw: Fw: Windows 7, Office 2010, 9 18 9 Adobe CS5 … Adobe CS5 … Re: Re: Re: Re: Re: Windows 7, Office 10 18 Fw: Windows 7, Office 2010, Adobe CS5 … 9 2010, Adobe CS5 … Symantec Intelligence 10
  • 11. Additional Spam Metrics Global Spam Categories Category Name October 2011 September 2011 Pharmaceutical 37.5% 52.5% Casino/Gambling 23.5% 16.0% Watches/Jewelry 15.0% 7.5% Unsolicited Newsletters 6.5% 14.5% Scams/Fraud/419 6.0% <0.5% Weight Loss 4.5% 1.5% Adult/Sex/Dating 2.5% 3.5% Unknown/Other 1.5% 4.0% Software 1.5% 0.5% Jobs/Recruitments 0.5% 1.0% Degrees/Diplomas 0.5% <0.5% Malware 0.5% 0.5% Phishing 0.5% 0.5% Symantec Intelligence 11
  • 12. Phishing Rate & Sources 12
  • 13. Phishing Rate & Sources 13
  • 14. Tactics of Phishing Distribution Automated Toolkits 21.8% Other Unique Domains 58.7% IP Address Domains 4.1% Free Web Hosting Sites 13.3% Typosquatting 2.0% Organizations Spoofed in Phishing Attacks, by Industry Sector Financial 85.7% Information Services 11.6% Others 2.6% Government 0.2% Symantec Intelligence 14
  • 16. Most Frequently Blocked Email Malware Malware Name % Malware Gen:Trojan.Heur.FU.bqW@a8hiAJoi 6.51% W32/Generic-0922-13ca-13ca 5.95% Exploit/Link-generic-ee68 5.86% Gen:Variant.Ursnif.16 3.91% Trojan.Bredolab!eml-866c 3.28% Gen:Trojan.Heur.FU.bqW@aS39a0fi 2.02% Trojan.Bredolab!eml-4e1b 1.96% Gen:Trojan.Heur.FU.bqW@a0CDPdfi 1.74% W32/Generic-703e-4489 1.55% Exploit/FakeAttach 1.43% • 45% of email-borne malware was associated with variants of generic polymorphic malware, including Bredolab, Sasfis, SpyEye and Zeus variants; (vs 72% in September) Symantec Intelligence 16
  • 17. New Web Malware and Spyware Sites Per Day • 43.9% of malicious domains blocked were new in October (-0.7 percentage points) • 15.2% of Web-based malware blocked was new in October (+0.7 percentage points) Symantec Intelligence 17
  • 18. Policy, Malware & Potentially Unwanted Programs Symantec Intelligence 18
  • 19. Most Frequently Blocked Malware at the Endpoint Malware Name % Malware W32.Sality.AE 7.19% W32.Ramnit!html 7.18% Trojan.Bamital 6.03% W32.Ramnit.B!inf 5.72% WS.Trojan.H 5.70% W32.Downadup.B 3.19% W32.SillyFDC.BDP!lnk 3.05% W32.Virut.CF 2.74% Trojan.ADH.2 2.58% Trojan.ADH 2.55% • Approximately 17.6 percent of the most frequently blocked was identified and blocked using generic detection [1] For further information on these threats, please visit: http://www.symantec.com/business/security_response/landing/threats.jsp Symantec Intelligence 19
  • 20. Where to next? • Web: – www.symanteccloud.com/intelligence – www.symantec.com/spam • Twitter: – @symanteccloud – @threatintel – @paulowoody Symantec Intelligence 20