The federal government bore the brunt of identity breaches and email attacks in 2012, according to Symantec’s Internet Security Threat Report released today.
The April 16 report found the government received more email traffic attacks than any other single group, with one in 72.2 emails blocked as malicious. Last year, healthcare, education and government together accounted for nearly two-thirds of all identities compromised.
The report also found an expansion of the cyber threat into new territories such as social networking sites and mobile devices. Targeted attacks increased by 42 percent, with 5,291 new vulnerabilities in 2012 as compared to 4,989 in 2011.
Tumblr, Pinterest, LinkedIn and Skype IM were infiltrated by hackers who used primarily bogus offerings — an invitation to join a fake event or group that requires the user to share credentials or send a text to a premium number — to attain personal information.
Similarly, there was a 58 percent spike in mobile malware families and a 32 percent increase in mobile operating system vulnerabilities. There is, however, little or no correlation between mobile vulnerabilities and mobile malware. Android OS had the leading amount of malware written for it — however, Apple iOS reported the largest number of vulnerabilities.
About half of the mobile malware created in 2012 attempted to steal personal information or track the movement of the compromised device. These types of targeted attacks allow the hacker to gain access to years’ worth of personal emails, as well as log keystrokes, view a user’s computer screen and infiltrate computer microphones and cameras. Those who create intellectual property are the most-frequent targets for such attacks.
The report found 40 percent of all data breaches are the result of hacking. The most-targeted industry was manufacturing, followed by finance, insurance and real estate. These data breaches primarily target personal information; in 2012, the average number of identities exposed per breach was 604,826.
Symantec also found small businesses seem to represent “the path of least resistance” for attackers: 50 percent of all targeted attacks were aimed at businesses with fewer than 2,500 employees. Of this group of small businesses, hackers are primarily targeting businesses with fewer than 250 employees. Hackers take aim at small businesses because they tend to have less security protection despite maintaining sensitive client information and intellectual property.
Web-based attacks increased by one-third as well, many stemming from a compromised small-business website.
Finally, groups such as the Cutting Sword of Justice, who created a piece of malware named Shamoon to wipe the hard drives of energy companies in the Middle East, and the Izz ad-Din al-Qassam Cyber Fighters, exemplify a trend toward hacktivism.
However, the FBI warned their attacks may be red herrings to distract financial institutions from other cyber crimes such as unauthorized transactions or to hinder authorities from discovering fraud.