2013 was the year of the security mega-breach, says Symantec

9 Apr 2014

The year 2013 was an exceptional year for data breaches, with more data records lost and stolen than ever before. According to Symantec’s Internet Security Threat Report, there was a 91pc increase in targeted attacks and a 62pc increase in the number of breaches.

Symantec reported that the end of 2013 provided a painful reminder about cybercrime, with cyber-criminals pulling off huge data breach heists that impact businesses – from their brand reputation to their bottom line – including a major credit card heist at Target in the US.

In 2013, the number of data breaches grew 62pc from 2012, exposing about 552m identities – more than the entire population of North America.

The top 8 data breaches resulted in tens of millions of data records lost; 2012 only had one breach that size.

Targeted attacks

Targeted attack campaigns for the purposes of cyber espionage and cybercrime exploded – up 91pc.

Personal assistants and PR people were most targeted by cyber-criminals, who used them as stepping stones to higher-profile targets, such as celebrities and business executives.

While targeted attacks continue to rise, Symantec observed an interesting evolution in these attacks. As first reported in last year’s Internet Security Threat Report, attackers added watering-hole attacks to their arsenals. But reports of the death of spear phishing are greatly exaggerated.

While the total number of emails used per campaign has decreased and the number of those targeted has also decreased, the number of spear-phishing campaigns themselves saw a dramatic 91pc rise in 2013.

More zero-day vulnerabilities were discovered in 2013 than any other year Symantec has tracked. The 23 zero-day vulnerabilities discovered represent a 61pc increase over 2012 and are more than the two previous years combined.

Zero-day vulnerabilities are coveted because they give attackers the means to silently infect their victim without depending on social engineering.

Scammers also continued to leverage profitable ransomware scams – where the attacker pretends to be local law enforcement, demanding a fake fine of between US$100 to US$500. First appearing in 2012, these threats escalated in 2013, and grew by 500pc over the course of the year.


Security breach image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years