Attackers TargetBoth Large andSmall BusinessesLike thrown paint on a blank canvas, attacks against businesses–both large and small–are indiscriminate.If there is profit to be made, attackers strike at will.

Spear-Phishing Attacksby Size of Targeted Organization

The last five years have shown asteady increase in attacks targetingbusinesses with less than 250 employees.

Medium-Size Businesses 251 to 2,500Large Enterprises 2,500+

Small Businesses (SMBs) 1 to 250

Number of Employees

0

100%

2011 2012 2013

2015

2014 2015

20142013

50%

32%

18%

50%

19%

31%

39%

31%

30%

41%

25%

34%

35%

22%

43%

Risk Ratioas %

2.2 2.1

Risk Ratio of Spear-Phishing Attacksby Organization Size

1 in 2.7 1 in 6.8 1 in 40.5Risk Ratio

Attacksper Org

15% 3%

20153.6

38%

1,305+55%

841

Cyber attackers are playing the long game against large companies, but all businesses of all sizes are vulnerable to targeted attacks. In fact, spear-phishing campaigns targeting employees increased 55% in 2015.

779+91% +8%

50%

32%

18%

50%

19%

31%

39%

31%

30%

41%

25%

34%

35%

22%

43%

555-283-4972

...@gmail.com

...@gmail.comJohn Doe

Get a verification code on my phone: ****555

Receive via:

Account Help

a text message (SMS)

an automated phone call

Continue

1An attacker obtains a victim’s email address and phone number—both of which are usually publicly available.

2The attacker poses as the victim and requests a password reset from Google.

Google sends the code to the victim.

3The attacker then texts the victim with a message similar to:

4

The attacker resets the password–and once he has what he wants or has set up forwarding— informs the victim (posing as Google) of the new temporary password, leaving the victim none the wiser.

6

“Google has detected unusual activity on your account. Please respond with the code sent to your mobile device to stop unauthorized activity.”

5

The victim therefore expects the password-reset verification code that Google sends out and passes it on to the attacker.

483829

new password

483829

How the Gmail Scam Works

Peek into the Future:The Risk of ThingsInternet-connected things

Numbers in billions(p red i c ted )

2014 2015 2016 2020

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

1 20.8 billion

The insecurity of things

1 6.4 billion

1 3.9 billion

1 4.9 billion

1 Source: gartner.com/newsroom/id/3165317

1 Today in the USA, there are

25 connecteddevices per

100 inhabitants

Cars. Fiat Chrysler recalled 1.4 million vehicles after researchers demonstrated a proof-of-concept attack where they managed to take control of the vehicle remotely. In the UK, thieves hacked keyless entry systems to steal cars.

Smart TVs. Hundreds of millions of Internet-connected TVs are potentially vulnerable to click fraud, botnets, data theft and even ransomware, according to Symantec research.

Medical devices. Researchers have found potentially deadly vulnerabilities in dozens of devices such as insulin pumps and implantable defibrillators.

These numbers are likely higher, as many companies are choosing not to reveal the full extent of their data breaches.

Total ReportedIdentities Exposed

+85%

2014

2015

61113

Million*500

*estimated

2013

2014

2015 429 +23%

-37%348552

numbers in millions

REPORTED IDENTITIES EXPOSED

78 millionpatient recordswere exposed

at Anthem

22 millionpersonal records were exposed at

Office of PersonnelManagement

UNREPORTED IDENTITIES EXPOSED

Despite companies’ choicenot to report the truenumber of records exposed,hundreds of millions more peoplemay have been compromised.

?

IdentitiesExposed4

120 Incidents

of informationexposed were

medical records

36% 39%

The largest number of breaches took place within the Health Services sub-sector, which actually comprised 39 percentof all breaches in the year.This comes as no surprise, given the strict rules within the healthcare industry regarding reporting of databreaches. Million

Most of an iceberg is submerged underwater, hiding a great ice mass. The number of reported identities exposed in data breaches are justthe tip of the iceberg. What remains hidden?

Over Half a Billion Personal Information Records Stolen or Lost in 2015 and more companies than ever not reporting

the full extent of their data breaches

Given the facts, it is possible that

identities wereexposed

2015 Stats

Incidentsthat did notreport identitiesexposed in 2015

Hacker discoversvulnerability

Exploit createdto leverage

vulnerability

Attack islaunched

Public and vendorbecome aware

Vendor builds patch

Window of Opportunity

Patch isdistributed

Zero-Day Timeline

from discovery to patch

1

2

4

5

6

3

2symantec.com/connect/blogs/third-adobe-flash-zero-day-exploit-cve-2015-5123-leaked-hacking-team-cache

1 on average, based on 54 vulnerabilities

2015 Zero-Day Not-So-Fun Facts

023 24

2013 2014

542015

*(+4%)*(+125%)

17%attackedAdobeFlash

zero-days found in 2015

of exploited zero-days 4 out of 5

10

Web Browsers,Mozilla Firefox and Google Chrome

No Longer Supports

The End Is Nigh for Adobe Flash

DAYIT admininstalls patch7

new vulnerabilitiesused to exploit

open sourcesoftware

11

known vulnerabilitiestargeting a varietyof manufacturers

and devices

72400GB

of sensitiveinformation stolen bythe “Hacking Team”

Total Zero-DayVulnerabilities

7 Days Total Time of Exposure

1 Day Average Time to Patch

in 2015

*% change as comparedto previous year

A New Zero-DayVulnerability Discovered1Every Week in 2015

Advanced attack groups continue to profit from previously undiscovered flaws in browsers and website plugins.In 2015, 54 zero-day vulnerabilities were discovered.

The breach is believed to be the work of a well-resourced cyberespionage group, which Symantec calls Black Vine. They appear to have access to a wide variety of resources to let it conduct multiple, simultaneous attacks over a sustained period of time. They used:

attacker-owned infrastructurezero-day exploitscustom-developed malware

Three variants are named:

detected as Trojan.Sakurel Backdoor.Mivast

1) Hurix, 2) Sakurel, and 3) Mivast

Open a pipe back door

All variants have the following capabilities:

Execute files& commands

Delete, modify, andcreate registry keys

Gather and transmitinformation about theinfected computer

Facts about theAttack on Anthem On January 26, 2015

78 Millionpatient records were exposed.

Top 10 Sub-Sectors Breached by Number of Incidents

Healthcare

Business

Education

Insurance

Hotels

120

20

20

17

14

10

99

86

Wholesale Trade

Eating and Drinking Places

Executive, Legislative, & General

Depository Institutions

Social Services