The fact that spam levels fell and new vulnerabilities decreased should be a point of celebration, though this only forms the tip of the iceberg when it comes to the whole security landscape, according to Symantec.
The observation comes the way of volume 17 of Symantec’s Internet Security Threat Report, where the good news is that spam is hitting the lowest levels in years.
However, due to the growth in toolkits, Symantec Pacific region vice president and managing director, Craig Scroggie, has instead seen cyber criminals use existing vulnerabilities and still be successful with malicious attacks.
“We saw 5.5 billion attacks in the last 12 months, and that’s an increase of 81 per cent,” he said.
“That’s pretty interesting when you think that spam and vulnerabilities are down, but overall the number of malicious threats is up.”
As for why this trend is taking place, Scroggie points to the growth of toolkits and how it is becoming increasingly easy for anyone who wants to be a cyber criminal to get into that community.
“Not only is it easier to become a cyber criminal, but with the growth of social networks, and millions of users online and in most cases incorrectly assuming that they’re not at risk inside those social networks,” he said.
As such, Scroggie feels that it is now easier for a criminal to pretend to be somebody that they are not, and to share links to malware through social networks.
“Social engineering techniques and the very viral nature of how quickly social networks grow and spread, and how quickly information is disseminated means that the threat spreads from one person to the other very quickly,” he said.
That is why overall, even though Symantec has seen valid decreases in spam and new vulnerabilities, the number of unique malware variants have instead increased and security vendors are now blocking more threats than they have ever before.
Once again pointing to the growth of 81 per cent in threats, Scroggie sees this coming down to a “growing and thriving” criminal network.
In addition to the opportunities and dangers associated with bring-your-own-devices (BYOD) in the workplace, Scroggie’s forecast for the next 12 months is a cautious one, as he expects that targeted attacks and advanced persistent threats are “obviously going to continue.”
“We’re going to see an increase in frequency and sophistication, techniques and exploits developed for targeted attacks will go down to the broader underground economy, to make regular malware more dangerous,” he said.
With the large volume of those toolkits out there, the attacks are also expected to get better and more effective over time.
“Spammers will increase their use of social networking, so that trusted network will continue to be a focus,” Scroggie said.
Symantec expects that certificate authorities and the browser forum will release additional security standards for companies issuing digital certificates, as Scroggie says that there have been issues with certificates over the last 12 months.
“This move is to protect against future attacks,” he said.
Another area that Scroggie suggests keeping an eye on is the rise of malicious code targeting Macs, especially in the last few weeks.
“Given that the Mac platform will continue to grow in popularity, it is likely that Mac users that are already exposed to Trojans will remain targets in the coming months, and the trend is expected to only increase,” he said.