Symantec: Attacks Rose While Vulnerabilities Fell in 2011

Google's Android OS, due to its open nature, became a favored target of cyber-criminals, according to Symantec.

The number of malicious and Web attacks continued to grow rapidly in 2011, with mobile platforms like Google€™s Android operating system increasingly becoming key targets of cyber-criminals, according to security software vendor Symantec.

In their annual "Internet Security Threat Report," released April 30, Symantec officials pointed out that the rise in malicious attacks€”an 81 percent increase from 2010€”comes at the same time that the number of vulnerabilities fell by 20 percent.

In 2011, Symantec blocked more than 5.5 billion malicious attacks, and saw the number of unique malware variants jump to 403 million, company officials said. In addition, the number of Web attacks blocked per day increased 36 percent.

Symantec€™s findings are similar to what Hewlett-Packard reported in its 2011 "Top Cyber-Security Risks Report," announced April 19. In that report, HP officials said that the number of vulnerabilities in 2011 dropped 20 percent from 2010, but that the risks involved in those vulnerabilities is growing. HP also found that the number of cyber-attacks more than doubled in the second half of the year.

In their report, Symantec officials noted that targeted attacks, which had been associated primarily with attacks on larger organizations, are becoming more common among small and midsize businesses (SMBs). More than half of the targeted attacks€”which use social engineering and customized malware to get unauthorized access to sensitive data€”were aimed at businesses with fewer than 2,500 employees, with 18 percent targeting companies with fewer than 250 workers.

€œThey€™re not just targeting executives with deep access to confidential information either,€ Kevin Haley, director of product management for Symantec Security Response, said in an April 30 post on the company blog. Fifty-eight percent €œof people who are being targeted are in positions such as public relations, human resources and sales€”positions that can provide cyber-criminals with corporate information and open the door to more attacks. Advanced persistent threats, stealthy attacks by well-funded and organized groups, are also on the rise.€

The number of daily targeted attacks increased from 77 per day to 82 per day by the end of 2011, Symantec said.