It should come as no surprise – another authoritative study reports that identity theft is on the increase again. But more than that simple fact, the 2013 Internet Security Threat Report Volume 18 from Symantec Security Response shows a sharp increase of identity theft attacks aimed at business, especially small business, an increase in targeted attacks against databases, a sharp increase in attacks aimed at Mac users, and likewise, a growing threat aimed at mobile operating systems.
Symantec's experts found that "threats to online security have grown and evolved considerably in 2012. From the threats of cyberespionage and industrial espionage to the widespread, chronic problems of malware and phishing, we have seen constant innovation from malware authors.
We have also seen an expansion of traditional threats into new forums. In particular, social media and mobile devices have come under increasing attack in 2012, even as spam and phishing attacks via traditional routes have fallen. Online criminals are following users onto these new platforms."
The key findings of the study
- 42% increase in targeted attacks in 2012.
- 31% of all targeted attacks aimed at businesses with less than 250 employees.
- One waterhole attack infected 500 organizations in a single day.
- 14 zero-day vulnerabilities.
- 32% of all mobile threats steal information.
- A single threat infected 600,000 Macs in 2012.
- Spam volume continued to decrease, with 69% of all email being spam.
- The number of phishing sites spoofing social networking sites increased 125%.
- Web-based attacks increased 30%.
- 5,291 new vulnerabilities discovered in 2012, 415 of them on mobile operating systems.
To explain, a "waterhole" attack occurs when the bad guys figure out what websites are frequently visited by you or others at your company. Then the hacker either maliciously modifies the website's code so that malware is sprung when you or a colleague visits, or else an object or link on the site is modified so malware is downloaded when you or your colleague clicks on the object.
Likewise, a "Zero-day attack" occurs during the time between when vulnerability in a program is first discovered and when the software developers develop and publish a patch to close and counter the threat.
Just looking at these highlights underscores the need for id theft protection whether you are an individual, a family or a business - especially a small business.
I was especially taken by one finding in the study:
If you think someone is violating your privacy online, you are probably right. Fifty percent of mobile malware created in 2012 attempted to steal our information or track our movements.
Whether they are attacking our computers, mobile phones or social networks, Cyber-criminals are looking to profit by spying on us. Their ultimate goal is to make money. Their method is to learn our banking information, the phone numbers and email addresses of our friends and business associates, our personal information, and even how to become us by stealing our identity.
Too often these days we hear that the danger of identity theft is overblown. Study after study - from the government, from private industry experts, from academic experts – relate the inescapable fact that identity theft is actually a growing problem. ID theft protection is like any kind of insurance. You hope that you will never use it, but the evidence grows every day that more than ever you need it.