Symantec Report Says Huge Data Breaches, Targeted Attacks Defined 2013

Identities lost to breaches reached an all time high in 2013, while targeted attacks focused on a greater number of smaller groups, according to Symantec's annual Internet Security Threat Report.

Attackers made off with more than 550 million identities in 2013, the largest loss to date, according to security firm Symantec's Internet Security Threat Report released on April 8.

The return of "mega breaches" that resulted in the loss of 10 million or more records was a major trend identified by the company in its annual report. In 2013, there were eight mega breaches—such as the compromise of retail giant Target and that of software maker Adobe—outpacing the five large breaches in 2011.

"The number of breaches this year far surpasses any other year," Kevin Haley, director of Symantec's security response group, said in a statement. "The numbers confirm what the news accounts of these breaches told us, that this is the worst year ever."

The larger number of breaches was not the only trend in 2013. In addition, targeted attacks became more focused, with a greater number of attacks occurring, but averaging fewer emails per incident, the company said. Ransomware also exploded in 2013, growing by 500 percent in most part due to the popularity of the CryptoLocker attack among cyber-criminals.

While the number of small and medium businesses targeted by attackers climbed in 2013—reaching 61 percent of reported attacks, up from 50 percent in 2012—larger companies still had a higher chance of being attacked than smaller firms, the report stated. SMBs have a 1 in 5.2 chance of being attacked while larger companies have a 1 in 2.3 chance, according to the report.

"While there are more attacks against small businesses than large businesses, there are more (SMBs),” Haley said. "When you look at the risk factors and odds, the mining industry has the greatest chance to be attacked."

Web attacks continued to climb, reaching nearly 570,000 attacks blocked per day in 2013, up from 464,000 in 2012 and 190,000 in 2011.

Spammers focused more heavily on lures involving dating and adult content, topics that accounted for 70 percent of all spam, a 15 point increase of 2012. Meanwhile, pharmaceutical spam dropped 3 points to account for 18 percent of all junk mail intercepted by Symantec in 2013.

On the mobile side, the number of families of Android malware dropped to 57 from 103 in 2012 while the number of variants per family climbed. The trend shows that mobile-malware developers are focusing on a smaller number of attacks, perfecting their software, according to the report.

"It might be said that mobile malware has not yet exploded because the bad guys have not needed it to get what they want," the report stated.

Moreover, the total number of mobile vulnerabilities shrank to 127 in 2013, down from 416 in 2012. Attackers have mainly focused on using trojanized applications, posted online or in third-party app stores, to get malicious code on victims' devices, the company said.

Add to smartphones the increasing population of network-connected devices, the so-called Internet of Things, and security will become a larger problem in the future, the report concluded.

"The risks get even higher with the proliferation of data being generated from these devices," the report stated. "Big data is big money and unless the right security steps are taken, it's all available for an enterprising cyber-criminal."

Robert Lemos

Robert Lemos

Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's...