Symantec Reports 500 Million Personal Records Stolen or Lost in 2015
According to Symantec’s recent Internet Security Threat Report (ISTR), over half a billion personal records were stolen or lost in 2015.
These records were exposed during the “record-setting” nine mega-breaches and other smaller incidents last year. According to Symantec, this number is much higher than what was actually reported, as many companies are choosing not to release the number of records lost in breaches. In fact, the number of companies that chose to withhold this information increased by 85% last year.
“The increasing number of companies choosing to hold back critical details after a breach is a disturbing trend,” said Kevin Haley, director, Symantec Security Response. “Transparency is critical to security. By hiding the full impact of an attack, it becomes more difficult to assess the risk and improve your security posture to prevent future attacks.”
The ISTR also found that cybercriminals are becoming more professional and adopting “best practices” to become more efficient in their illegal activities.
“Advanced criminal attack groups now echo the skill sets of nation-state attackers. They have extensive resources and a highly-skilled technical staff that operate with such efficiency that they maintain normal business hours and even take the weekends and holidays off,” said Haley. “We are even seeing low-level criminal attackers create call center operations to increase the impact of their scams.”
These professional criminals are also leveraging zero-day vulnerabilities, which allow them to more quickly sell data to lower-level criminals on the open market. In 2015, the number of zero-day vulnerabilities doubled to 54 in 2015, a 125% increase from 2014.
Other key findings of the report include:
- 430 new malware variants were discovered.
- Ransomware attacks increased 35%. These attacks also moved past PCs to smartphones and Mac and Linux systems.
- Fake technical support scams increased 200% and took advantage of smartphones.