Symantec Report Says Android And Small Businesses At Greatest Security Risk
April 17, 2013

Symantec Report Says Android And Small Businesses Most Targeted By Hackers In 2012

Michael Harper for — Your Universe Online

Symantec released their 2013 Internet Security Threat Report yesterday, finding that Android is still the most targeted mobile operating system, that malware authors are increasingly watching their victims and stealing their identities, and that small businesses are more likely to be targeted than large companies.

All told, 2012 saw a 42-percent increase in targeted attacks with 31 percent of these attacks aimed at businesses with 250 employees or less. Cyber-thieves often use these smaller targets as a gateway to larger victims using what´s called a waterhole attack. According to their latest report, Symantec found one waterhole attack last year which managed to infect 500 organizations in a single day.

Mobile platforms continue to be a huge target for attackers with Android remaining the prime target. Just as has been seen in other malware attacks, these mobile infections are often used to steal personal information such as bank account or credit card numbers.

According to Symantec´s report, iOS is technically the most vulnerable operating system today. Even so, it´s not the vulnerabilities that get operating systems into trouble but rather the size of that platform which opens it up to malware. Android´s openness also makes it easier on mobile malware writers to get their infected software onto phones.

“In fact, while Apple´s iOS had the most documented vulnerabilities in 2012, there was only one threat created for the platform,” reads Symantec´s report.

“Vulnerabilities likely will become a factor in mobile malware, but today Android´s market share, the openness of the platform, and the multiple distribution methods available to applications embedded with malware make it the go-to platform of malware authors.”

When it comes to malware, Symantec claims the authors of this software more often use it to follow their victims. The end goal of all this cyberstalking is to walk away with some important information and turn a profit. According to the report, 50 percent of all malware created in 2012 was used to steal information and track a user´s movements, either on mobile devices or PCs. While these cyberthieves have the end goal of making money, Symantec says the most “ominous” reason these authors follow their victims is to create more specific and targeted attacks in the future.

“Creating successful targeted attacks requires attackers to learn about us. They will research our email addresses, our job, our professional interests, and even the conferences we attend and the websites we frequent. All of this information is compiled to launch a successful targeted attack,” reads the report.

Cybercriminals were also found to target smaller businesses over large businesses, but not because the payoff was any larger. More than 50 percent of all the targeted attacks that Symantec tracked last year affected companies with fewer than 2,500 employees. The security firm says this is bad news; studies they´ve performed found that smaller businesses feel invulnerable to such attacks, likely because they feel that a cybercriminal wouldn´t find it worth their time to attack them.

On the contrary, hackers often break into the networks of smaller companies to leverage weaknesses in larger companies. If a larger company trusts the smaller company, then the hacker may have a point of entry there. In some cases, hackers even took control over a smaller company´s website, waiting for a larger target to come along. It´s a vulnerability which Symantec says puts every business in danger.