Symantec Threat Activity Report: U.S. Tops the List

This week Symantec Corporation released its Internet Security Threat Report, Volume 16, which shows that cyberthreats are "skyrocket[ing] in volume and sophistication" and that the U.S. was tops in almost all that is cyberbad.

Specifically, the report found that the U.S. was No. 1 in the following categories for 2010:

  • Most overall malicious activity (19 percent of total)
  • Top country for originating network attacks (22 percent of total)

  • Most bot-infected computers (14 percent of total)

  • Most bot command-and-control servers (37 percent of total)

  • Most targeted country by denial-of-service attacks (65 percent of total)

For a more detailed breakdown of noteworthy statistics, check out "The Year in Numbers," which Symantec released as part of the report. The company also released a timeline of the "more newsworthy security-related events" in 2010.

Symantec identified more than 286 million new threats last year, threats that are increasing in both frequency and sophistication. Attackers are taking note of the growing popularity of social networks and mobile devices, with both increasingly becoming targets for attack. Indeed, there were 42 percent more mobile vulnerabilities, with more than 163 identified.

One of the most common attacks on social network platforms is the use of shortened URLs posted on news-feed sites of users and their friends, spreading the link to others. Symantec found that 65 percent of malicious links in news feeds were shortened links, of which 73 percent were clicked 11 times or more.

The report noted that at one point during the year, more than a million spambots were under the control of Rustock. Two other botnets, Grum and Cutwail, may have hundreds of thousands of computers under their control. A frightening thought is, What could happen if control of those botnets were ever deployed?

One other factoid worth noting:

The leading cause of data breaches that could lead to identity theft was the theft or loss of a computer or data-storage device. Given BP's lost laptop earlier this week, this should not be too surprising as the corporate world has far to go toward best practices.

The report is sobering and worth reading if you want an accurate view of what's really happening on the information security front.