Cyberespionage attacks on small businesses increase – Symantec report

17 Apr 2013

Targeted cyberespionage attacks designed to steal intellectual property rose 42pc in 2012 compared to the previous year, with small businesses seeing a threefold increase in such attacks from 2011, security firm Symantec’s 2013 Internet Security Threat Report (ISTR) reveals.

Small businesses (those with fewer than 250 employees) have been the target of 31pc of these targeted cyberespionage attacks attacks in 2012, the report said.  

Symantec’s 2013 Internet Security Threat Report highlights:

  • One waterhole attack infected 500 organisations in a single day
  • 14 zero-day vulnerabilities
  • 32pc of all mobile threats steal information
  • A single threat infected 600,000 Macs in 2012
  • Spam volume continued to decrease, with 69pc of all email being spam
  • The number of phishing sites spoofing social networking sites increased 125pc
  • 5,291 new vulnerabilities discovered in 2012, 415 of them on mobile operating systems

Small businesses are attractive targets because cyber-criminals may believe they lack adequate cybersecurity measures. So they will seek to get their hands on these organisations’ bank account information, customer data and intellectual property.

Web-based attacks increased by 30pc in 2012, many of which originated from the compromised websites of small businesses.

These websites were then used in massive cyber-attacks, as well as ‘watering hole’ attacks, Symantec said.

A watering hole attack involves an attacker compromising a website that their victim of interest frequents, such as a blog. When the victim later visits the compromised website, a targeted attack payload is silently installed on his or her computer.

“This year’s ISTR shows that cyber-criminals aren’t slowing down, and they continue to devise new ways to steal information from organisations of all sizes,” said Stephen Trilling, chief technology officer, Symantec.

“The sophistication of attacks coupled with today’s IT complexities, such as virtualisation, mobility and cloud, require organisations to remain proactive and use ‘defence in depth’ security measures to stay ahead of attacks.”

Tina Costanza was a journalist and sub-editor at Silicon Republic