Spammers working through the holidays: Symantec

• The most commonly stolen information is more personal than you might first expect
• 80% of data breaches come from organizations whose Internet presence is secondary to their main business

DATA breaches – security incidents where user information becomes publically exposed or stolen – are a serious issue for an organization. The exposure of customer data can lead to a loss of confidence in the organization by its users, said Symantec.
 
Even worse, the organization could find themselves in violation of data privacy laws or on the receiving end of a lawsuit created by its users, the security specialist said in a statement.
 
Following on from Symantec’s analysis on 2012 global data breach trends in the August Symantec Intelligence Report, the November Symantec Intelligence Report examines the types of data that is often stolen during a data breach.
 
It turns out the most commonly stolen information is more personal than you might first expect, the company said.
 
At first glance, what may seem surprising is that a person’s real name is by far the most common item to be stolen in a data breach, where it is obtained 55% of the time (click Figure 1 below to enlrage).

 
This surpasses even usernames and passwords, most commonly used for online identities, which appears within 40% of all data breaches.
 
This points to a trend where hackers are targeting locations people go to complete tasks, in contrast to years past where breaches may have occurred with more frequency through message boards or online games.
 
These former hot-spots would have been less likely to include a user’s real name, often only requiring an alias for a user name, Symantec said.
 
In contrast, more than 80% of data breaches that are occurring this year are with organizations whose Internet presence is secondary to their main business, such as the healthcare and education sectors, where online access to services is often set up as a means of convenience instead of a business front.
 
Viewing a website as an auxiliary service may mean laxer security, making them easier targets for data breaches.
 
Holiday spam
 
Spammers are using the holidays as a means to entice users to check out the wares they’re peddling, in much the same way they have in years past, and holiday spam is becoming a norm.
 
Looking at this year’s trends, we see increases in Subject lines surrounding the themes during the lead-up to significant days in the holiday period. Take a look at these subject snapshots from the month of November (click to enlarge):
 
 
However, the spam messages appear to appeal more to the holiday season in keywords than they do in the body of the message.
 
Some of the websites that these spam messages lead to appear to pay a little more attention to the details of the season however, with banners that fit the holiday spirit, sometimes getting a full year’s jump on early shopping (click to enlarge). Note the ‘2013.’
 
 
Malaysia statistics:
 
When it comes to the virus rate, Malaysia has a similar declining trend as the global ratio of email-borne viruses in email traffic in November, with a decrease to 1 in 535.7 emails compared to 1 in 444.5 in October. The global rate was down to 1 in 255.8 compared to 1 in 229.4 in October.
 
In November, the ratio of spam in email traffic for Malaysia rose by 3.6 percentage points since October, to 68.6%. This is similar to the rise in global ratio of spam in email traffic to 68.8% from 64.8% in October.
 
Other highlights:
 
Phishing: In November, the global phishing rate decreased by 0.124 percentage points, taking the global average rate to one in 445.1 emails (0.225%) that comprised some form of phishing attack.
 
Web-based malware threats: In November, Symantec Intelligence identified a global average of 933 websites each day harboring malware and other potentially unwanted programs including spyware and adware; an increase of 19.7% since October.
 
This reflects the rate at which websites are being compromised or created for the purpose of spreading malicious content. Often this number is higher when Web-based malware is in circulation for a longer period of time to widen its potential spread and increase its longevity.
 
Endpoint threats: Variants of W32.Ramnit accounted for approximately 15% of all malware blocked at the endpoint in November, compared with 7.2% for all variants of W32.Sality.
 
Small business trends: The global ratio of spam in email traffic for small businesses globally was 69.4% in November, an increase of 4.2 percentage point from October. The global ratio of email-borne viruses in email traffic for small businesses was one in 279.1, a decrease from one in 225.2 in October.
 
 
For more technology news and the latest updates, follow @dnewsasia on Twitter or Like us on Facebook.