In Review: Symantec’s Annual Government Internet Security Threat Report (GISTR)

Cyberespionage and targeted attacks are on the rise-by 42%, according to Symantec’s annual Government Internet Security Threat Report (GISTR) report. This latest finding and others were published in Symantec’s annual Government Internet Security Threat Report (GISTR) report, which takes a year of security intelligence and knowledge collected from Symantec’s Global Intelligence Network. The report provides a comprehensive look at the threat environment for organizations, helping agencies learn how to best mitigate risks and reduce cyber attacks. Some of the key findings from Symantec’s GISTR were:

• New vulnerabilities increased from 4,989 in 2011 to 5,291 in 2012
• Mobile vulnerabilities increased in 2012 to 415 (315 in 2011)
• 14 zero-day vulnerabilities in 2012, opposed to 8 in 2011
• Globally, public sector institutions were subjected to the highest level of malicious attacks in email traffic, with 1 in 72.2 emails blocked as malicious in 2012, compared with 1 in 41.1 for 2011.

“Many of the results [from the GISTR] would certainly be interesting from a government and pubic sector perspective,” stated Paul Wood, Cyber Security Intelligence Manager, Symantec, in an interview to discuss the latest GISTR. This post highlights some of the important findings, and the impact on the government community.

Targeted attacks continue to be a concern for all government agencies. As Wood identified, a 42% increase in targeted attacks was a significant finding from the GISTR. The goal of targeted attacks is to manipulate an individual or organization to reveal secure information or data. Often, the hope is that with a successful initial attack, the attacker can perform further exploits to steal even more highly sensitive data or cause disruptions to systems. “Often these attacks are very low volume, so they are crafted in particular for that attack, using zero day exploits, which make it much harder from a technological perspective to see if there is something suspicious in a message,” states Wood.

For targeted attacks, the social engineering of the attack must be highly sophisticated in order to be successful. Social engineering is used to broadly describe how an attacker convinces a victim to reveal pertinent information. A targeted attack could use social engineering techniques that involve phishing, spoofing, or an attacker sends an email that appears to be from a legitimate organization or individual, all of which are a masked attempt to obtain confidential information.

Wood identified that targeted attacks are typically very difficult to defend against, stating, “Social engineering means no matter how much education you give your users about not opening emails that looks suspicious or unsolicited, these attacks may still come through email or come from someone you know or may already have a relationship with.” As these kinds of attacks are on the rise, organizations and individuals must continue to be vigilant and have the proper security patches and updates to mitigate risks.

Along with an increasing number of targeted attacks, another insight from the GISTR was that “new vulnerabilities” were up in 2012, but still below 2010 levels. Wood provides some insights to what the data is telling us, “It’s important to note that not all vulnerabilities necessarily lead to new attack vectors. Some products may appear to have more vulnerabilities than others, but sometimes vendors may delay publishing the information about vulnerabilities – the important factor is to know which vulnerabilities are being exploited and how quickly.”

Another intriguing section of the report identified the use of toolkits, as a means to deploy attacks. These toolkits are created by criminal entrepreneurs so that less sophisticated attackers can purchase and exploit attacks. With the development of toolkits, the barrier to entry for conducting an attack has been lowered. Now, anyone wishing to conduct an attack, can purchase a toolkit from a provider, and quickly exploit their attack. “It [Toolkits] is almost like a software as a service model, you pay a subscription, and it’s maintained,” states Wood.

With the development of toolkits, and the battle to exploit vulnerabilities in software before vendors, an arms race is occurring in the cyber community. Often, criminals are working to quickly identify vulnerabilities prior to vendors releasing software patches. The report states, “Some software companies only patch once a quarter; others are slow to acknowledge vulnerabilities. Even if they do a good job with updates, companies are often slow to deploy them. While zero-day vulnerabilities present a serious security threat, known (and even patched) vulnerabilities are dangerous if ignored.”

Wood mentioned that being in an arms race can be a dangerous game for organizations, “The only time you ever want to be involved in an arms race is if you think you have a pretty good chance at winning. Otherwise, it’s game over before you ever begin,” states Wood. Yet, with the development of toolkits and criminals trying to expose vulnerabilities to deploy attacks, organizations must take every precaution to secure safety, keep software upgraded, and have stringent rules and policies in place for employees.

The final section of the report looks ahead to some of the challenges to cyber security. One challenge that Symantec identifies is that “sophisticated attack techniques trickle down.” This occurs when highly sophisticated attacks are exploited more broadly, because they have been well documented and analyzed by cybercriminals. To combat this, Wood advises agencies to “be aware of what applications and systems your organization relies upon, by collating information about potential attacks and vulnerabilities and patching them quickly and securely.”

Cyber security will continue to be one of the most important elements of our national defense strategy and protecting economic interests. Symantec’s report shows the cyber world is fast moving, and subject to rapid technological changes, which challenges agencies and organizations to remain secure.

To learn more about cyber security, please be sure to visit GovLoop’s cyber security page, Symantec resources on GovLoop and check out GovLoop’s infographic, Cyber Security in Focus.

Want More GovLoop Content? Sign Up For Email Updates

Symantec protects the world’s information, and is the global leader in security, backup and availability solutions. Their innovative products and services protect people and information in any environment – from the smallest mobile device, to the enterprise data center, to cloud-based systems. Their industry-leading expertise in protecting data, identities and interactions gives their government customers confidence in a connected world. More information is available on Symantec’s GovLoop Page.