Andrew Horbury Product Marketing Manager

andy_horbury@symantec.com

Andrew ShepherdEMEA Marketing Manager

andrew_shepherd@symantec.com

WEBSITE SECURITY THREATS:DECEMBER 2013 UPDATE

Wednesday 4th December 2013

Agenda

Website Security Threats: December 2013 Update

1

2

3

4

5

6

Month in Numbers

2014 Security Predictions

Every Organisation a Target

Ransomware Update

Attack, Attack, Attack

Good news

The month in numbers…..• Eurobarometer Survey out this week reveals

– 76% European Internet users believe that the risk of becoming a victim of cybercrime has increased in the past year

– 46% have installed antivirus software

– 10% of EU Internet users have experienced online fraud and a further 6% were victims of identity theft

– 37% worried about a malicious party taking or misusing their personal data. When banking or shopping online.

• Anchorfree Survey on Public Wi-Fi usage– 4 out of 5 concerned about ID theft when using public

Wi-Fi

– 8 out of 10 however still happy to connect to public Wi-Fi

– Smartphone and tablet users were three times more likely than laptop users to connect to Wi-Fi in a shopping mall or tourist attraction.

Website Security Threats: December 2013 Update

Love by numbers• Stolen Cupid data reveals weak

password choices

Website Security Threats: December 2013 Update

Password Times used123456 1,902,801111111 1,212,235123456789 574,9141234567 173,23512345678 140,7340000000 107,996Iloveyou 91,2691234567890 81,755?????? 79,046123123 79,013

Love plus one

Website Security Threats: December 2013 Update

Password Times usedIloveyou 91,269lovely 54,045qwerty 40,023password 37,241azerty 33,579loveme 32,645aaaaaa 30,273mylove 28,266iloveu 23,787zxcvbnm 20,362

Password creation tips

A strong password:• Is at least eight characters

long• Does not contain your user

name, real name, or company name.

• Does not contain a complete word.

• Is significantly different from previous passwords.

• Contains Uppercase, lowercase, numbers and symbols.

Security Predictions for 2014

Symantec:

• People will finally begin taking active steps to keep their information private

• Scammers, data collectors and cybercriminals will not ignore any social network, no matter how “niche” or obscure

• The “Internet of Things” becomes the “Internet of Vulnerabilities”

• Mobile apps will prove that you can like yourself too much

Other:

• Advanced malware volume will decrease

• Attackers will be more interested in cloud data than your network

• Attackers will increasingly lure executives and compromise organizations via professional social networks

• Exploit kits will struggle for power in the wake of the Blackhole author arrest

Website Security Threats: December 2013 Update

Every organisation could be a target for

hackers

Website Security Threats: December 2013 Update

Assumption #1: I’m too small to be attacked

Greatest growth in 2012 is at companies with <250 employees

Small business often not well protected, but connected to others

Employees2,501+

50% 2,501+ 50% 1 to 2,500

50%

1,501 to 2,500

1,001 to 1,500501 to 1,000251 to 500

1 to 250

9%

2%3%5%

31%

Website Security Threats: December 2013 Update

Targeted Attacks by Company Size

Greatest growth in 2012 is at companies with <250 employees

Small business often not well protected, but connected to others

Employees2,501+

50% 2,501+ 50% 1 to 2,500

50%

1,501 to 2,500

1,001 to 1,500501 to 1,000251 to 500

1 to 250

18%in 2011

9%

2%3%5%

31%

87% of SMBs suffered a cyberattack last year, only

44% see security as a priority.

Website Security Threats: December 2013 Update

0%

5%

10%

15%

20%

25%

30% R&D27%

Senior12%

C-Level17%

Sales24%

Shared Mailbox

13%

Recruitment4% Media

3% PA1%

Attacks may start with the ultimate target, but often look opportunistically for any entry into a company

Assumption #2: Only CEOs and Senior Management are targeted

Website Security Threats: December 2013 Update

Every Organisation could be a target3 tips to bear in mind

Attacking weak passwords: A surprising number of servers and applications have default passwords or simple passwords.

Phishing key users: A now age-old trick that is becoming even more sophisticated as hackers pick up passwords and gain access by targeting key users.

Exploiting old and unpatched software: Unpatched systems are an easy target, especially given all the well-known and distributed exploits for old software.

Website Security Threats: December 2013 Update

1

2

3

Ransomware – Like a Business

Website Security Threats: December 2013 Update

• Anti-Fraud Service for Fraudsters• Multiple Pricing options

• “FBI" Ransomware – Now offers optional extras

– Authors resort to disturbing images in bid to make victims pay

• Cryptolocker– Continues to cause problems

– Roughly 25 per cent of computers are not running any real-time protection vs. malware

– Encrypts files with full PKI encryption and sets a deadline

– Offers a discount? 2 0.5 Bitcoins

Encrypting the world’s Web traffic• All Web traffic could be

encrypted under new HTTP standard proposals

• Yahoo Mail enabling SSL by default

• If you want to make sure you’re using an SSL connection whenever possible, also check out the Electronic Frontier Foundation’s HTTPS Everywhere browser plugin for Chrome and Firefox.

Website Security Threats: December 2013 Update

https://www.eff.org/https-everywhere

Attack, Attack, Attack • Google Dork: 35,000 websites using a type of

proprietary internet message board software that were vulnerable to a flaw that allowed hackers to create new admin account.

• Anonymous claimed to have hacked UK Parliament’s Wi-Fi during Million Mask march in London

Website Security Threats: December 2013 Update

Good News

• It can happen to the best of us…–Chief Wiggum not such

a distant reality• No Beard? No worries!

–Red-haired women tend to choose the best passwords and men with bushy beards or unkempt hair, the worst

Website Security Threats: December 2013 Update

Link Glossary (Press Print screen now)

• EFF Always on SSL App– https://www.eff.org/https-everywhere

• Infographic for 2014 predictions– http://www.symantec.com/connect/blogs/2014-predictions-symantec-0

• Register Article on Anonymous parliament– http://www.theregister.co.uk/2013/11/12/anonymous_hacked_government_sites_usin

g_parliament_wifi/

• BBC The gentle art of cracking passwords– http://www.bbc.co.uk/news/technology-24519306

• Symantec WSS Resources– @nortonsecured

– www.facebook.com/websitesecuritysolutions

– www.symantec-wss.comWebsite Security Threats: December 2013 Update

Thank you!

Copyright © 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.

Andrew Shepherdandrew_shepherd@symantec.com / +44 7912 552 896Andrew Horburyandy_horbury@symantec.com / +44 7703 468 966

Website Security Threats: December 2013 Update

Next webinar: Thursday 9th January 2014 9.30am UK / 10.30am CET