Security Market Segment LS
Monday, 22 April 2013 06:22

Small businesses most vulnerable to Internet security threats


Many small businesses believe they are immune to cyber attacks aimed at them. But they are becoming primary targets.

Since 2002 Symantec has been publishing its Internet Security Threat Report, which provides an overview and analysis of the year in global threat activity. The report is based on data from the Symantec Global Intelligence Network, which Symantec's analysts use to identify, analyse, and provide commentary on emerging trends in the dynamic threat landscape.

Threats to online security grew considerably in 2012. From the threats of cyberespionage and industrial espionage to the widespread and chronic problems of malware and phishing, we have seen constant innovation from malware authors.

We have also seen an expansion of traditional threats into new forums. In particular, social media and mobile devices have come under increasing attack in 2012, even as spam and phishing attacks via traditional routes have fallen. Online criminals are following users onto these new platforms.

The most important trends in 2012 were:

Small businesses are the path of least resistance for attackers

Last year’s data made it clear that any business, no matter its size, was a potential target for attackers. This was not a fluke. In 2012, 50% of all targeted attacks were aimed at businesses with fewer than 2,500 employees. In fact, the largest growth area for targeted attacks in 2012 was businesses with fewer than 250 employees – 31% of all attacks targeted them.

This is especially bad news because based on surveys conducted by Symantec, small businesses believe they are immune to attacks targeted at them. But money stolen from a small business is as easy to spend as money stolen from a large business. And while small businesses may assume that they have nothing a targeted attacker would want to steal, they forget that they retain customer information, create intellectual property, and keep money in the bank. While it can be argued that the rewards of attacking a small business are less than what can be gained from a large enterprise, this is more than compensated by the fact that many small companies are typically less careful in their cyberdefences.

Even worse, the lack of adequate security practices by small businesses threatens all of us. Attackers deterred by a large company’s defences often choose to breach the lesser defences of a small business that has a business relationship with the attacker’s ultimate target, using the smaller company to leap frog into the larger one.

Additionally, small businesses and organizations can become pawns in more sophisticated attacks. Driven by attack toolkits, in 2012 the number of Web-based attacks increased by one third and many of these attacks originated from the compromised websites of small businesses. These massive attacks increase the risk of infection for all of us

Malware authors act as Big Brother

If you think someone is violating your privacy online, you are probably right. Half the mobile malware created in 2012 attempted to steal our information or track our movements. Whether they are attacking our computers, mobile phones or social networks, Cyber-criminals are looking to profit by spying on us.

Their ultimate goal is to make money. Their method is to learn our banking information, the phone numbers and email addresses of our friends and business associates, our personal information, and even how to become us by stealing our identity.

Creating successful targeted attacks requires attackers to learn about us. They will research our email addresses, our job, our professional interests, and even the conferences we attend and the websites we frequent. All of this information is compiled to launch a successful targeted attack. Once on our devices, the attacker’s tools are designed to pull as much data as possible.

Undiscovered targeted attacks can collect years of our email, files, and contact information. These tools also contain the ability to log our keystrokes, view our computer screens, and turn on our computers’ microphones and cameras.

Those jobs most targeted for attack in 2012 were knowledge workers who create the intellectual property that attackers want (27% of all targets in 2012) and those in sales (24% in 2012). Interest in targeting the CEO of an organisation waned in 2012; those attacks decreased by 8%.

For the fremaining highlights, read on:

With mobile, it’s not the vulnerability that will get you

As expected, the amount of mobile malware in 2012 continues to rise. 2012 saw a 58% increase in mobile malware families compared to 2011. The year’s total now accounts for 59% of all malware to-date. With a 32% increase in the number of vulnerabilities reported in mobile operating systems, it might be tempting to blame them for the increase.

But this would be wrong. In the PC space, a vulnerability drives attacks as new vulnerabilities are incorporated into commonly available toolkits. The more they’re used, the faster they spread. This is not occurring in the mobile space.

Mobile vulnerabilities have little correlation with mobile malware. In fact, while Apple’s iOS had the most documented vulnerabilities in 2012, there was only one threat created for the platform. Compare this to Android  – although only 13 vulnerabilities were reported, it led all mobile operating systems in the amount of malware written for the platform.

Vulnerabilities likely will become a factor in mobile malware, but today Android’s market share, the openness of the platform, and the multiple distribution methods available to applications embedded with malware make it the go-to platform of malware authors.

Zero-day vulnerabilities available when attackers need them

Zero-day vulnerabilities continue to trend upward; 14 were reported in 2012. In the last three years much of the growth in zero-day vulnerabilities used in attacks can be attributed to two groups; the authors of Stuxnet and the Elderwood Gang. In 2010, Stuxnet was responsible for 4 of the 14 discovered zero-day vulnerabilities.

The Elderwood Gang was responsible for 4 of the 14 discovered in 2012. The Elderwood Gang also used zero-day threats in 2010 and 2011, and they’ve used at least one so far in 2013.

Attackers use as many zero-day vulnerabilities as they need, not as many as they have. And Stuxnet and Elderwood make for an interesting contrast in the strategy of their use. Stuxnet remains the aberration, using multiple zero-day exploits in one attack.

From what we know today, it was a single attack that was directed at a single target. Multiple zero-day exploits were used to ensure success so they would not need to attack a second time.

By contrast the Elderwood Gang has used one zero-day exploit in each attack, using it continually until that exploit becomes public. Once that occurs they move on to a new exploit. This makes it seem that the Elderwood Gang has a limitless supply of zero-day vulnerabilities and is able to move to a new exploit as soon as one is needed. It is our hope that this is not the case.

Attribution Is Never Easy

Some targeted attacks make no attempt to stay undetected. A piece of malware named Shamoon was discovered in August. Its purpose was to wipe computer hard drives of energy companies in the Middle East. A group calling itself the “Cutting Sword of Justice” claimed responsibility.

Throughout 2012, DDoS attacks were launched against financial institutions. A group called Izz ad-Din al-Qassam Cyber Fighters claimed responsibility. These attacks and others appear to be classic cases of hacktivism. But proving attribution and motive are not easy, even when someone claims responsibility.

There has been much speculation, some reportedly from the intelligence community, that the Cutting Sword of Justice and the Qassam Cyber Fighters are fronts for a nation state. Complicating what appeared to be simple hactivism even further is the FBI’s warning to financial institutions that some DDoS attacks are actually being used as a “distraction.”

Subscribe to ITWIRE UPDATE Newsletter here


The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Graeme Philipson

Graeme Philipson sadly passed away in Jan 2021 and a much valued senior associate editor at iTWire. He was one of Australia’s longest serving and most experienced IT journalists. He is the author of the only definitive history of the Australian IT industry, ‘A Vision Splendid: The History of Australian Computing.’He was in the high tech industry for more than 30 years, most of that time as a market researcher, analyst and journalist. He was founding editor of MIS magazine, and is a former editor of Computerworld Australia. He was a research director for Gartner Asia Pacific and research manager for the Yankee Group Australia. He was a long time weekly IT columnist in The Age and The Sydney Morning Herald, and is a recipient of the Kester Award for lifetime achievement in IT journalism. Graeme will be sadly missed by the iTWire Family, Readers, Customers and PR firms.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News