November’s Report demonstrates changing nature of cybercrime with a growth in targeted attacks
Dubai, UAE – December 13, 2011– Symantec Corp. (Nasdaq: SYMC) today announced the results
of the November 2011 Symantec.cloud Intelligence Report, revealing that the number of daily targeted
attacks increasing four-fold compared to January this year, with an average of 94 targeted attacks being
blocked each day during the month of November.
New research further shows that the Virus Rate in the United Arab Emirates is up to 1 in 327.9 from 1
in 433.4 last month. The news comes ahead of the second edition of the Black Hat conference coming to
Abu Dhabi’s Emirates Palace next week, a series of briefings and training sessions which will discuss and
demonstrate the latest and most important security issues faced in the market today.
“The aim of these targeted attacks is to establish persistent access to the targeted organization’s network,
in many cases with the aim of providing remote access to confidential data. They have the potential
to cause serious damage to an organization and in the long term represent a significant threat against
the economic prosperity of many countries in the Middle East,” said Bulent Teksoz, Chief Security
Strategist, Emerging Markets, Symantec. “There targeted attacks are designed to gather intelligence, steal
confidential information or trade secrets, and in the case of attacks like Stuxnet, disrupt operations or even
destroy critical infrastructure.”
While targeted attacks are on the increase, the global spam rate has now reached its lowest level in three
years. Despite this fall, Saudi Arabia was still ranked in the top five countries, this month the country was
the second most-spammed geography in November with 76.6 percent of email traffic blocked as spam
(down from 80.5% in October) and second only to Russia with a spam rate of 76.7 percent.
“The effect of spam volumes three years ago was very dramatic and spam accounted for 68.0% of global
emails. Recently the decline has been much slower, but spammers have also adapted to using more
targeted approaches and exploiting social media as alternatives to email,” added Teksoz.
This month’s analysis also indicates that large enterprises consisting of more than 2,500 employees
received the greatest number of attacks, with 36.7 being blocked each day. Small-to-medium sized
business sector with less than 250 employees are further facing security issues - according to Symantec’s
latest regional study on average only 29 percent of a total of 628 senior level employees or owners of
small to medium sized businesses across UAE, Egypt and Saudi claim they had never faced a known
attack on their systems by a virus or malicious code while between 57 and 72 percent of respondents
identified virus attacks as a key concern and between 44 and 63 percent expressed concerns around
Click-to-Tweet: Targeted attacks increase four-fold compared to January of 2011: http://bit.ly/slWzF5
November Symantec Intelligence Report
Other report highlights:
Spam: The global ratio of spam in email traffic in November fell by 3.7 percentage points since October
to 70.5 percent (1 in 1.42 emails).
Phishing: In November, the global phishing rate increased by 0.04 percentage points, taking the average
to one in 302.0 emails (0.33 percent) that comprised some form of phishing attack.
E-mail-borne Threats: The global ratio of email-borne viruses in email traffic was one in 255.8 emails
(0.39 percent) in November, a decrease of 0.03 percentage points since October 2011. Further analysis
also shows that 40.2 percent of email-borne malware contained links to malicious Web sites, an increase
of 20.1 percentage points since October 2011.
Web-based Malware Threats: In November, Symantec Intelligence identified an average of 4,915
Web sites each day harboring malware and other potentially unwanted programs including spyware and
adware; an increase of 47.8 percent since October 2011.
Endpoint Threats: The most frequently blocked malware for the last month was WS.Trojan.H1.
WS.Trojan.H is generic cloud-based heuristic detection for files that possess characteristics of an as yet
unclassified threat. Files detected by this heuristic are deemed by Symantec to pose a risk to users and are
therefore blocked from accessing the computer.
Russia became the most spammed geography in November; with a spam rate of 76.7 percent
Saudi Arabia was the second most-spammed with 76.6 percent
The spam level in the UK was 69.5 percent.
In The Netherlands, spam accounted for 70.5 percent of email traffic, 70.1 percent in Germany,
70.4 percent in Denmark.
In Australia 68.6 percent of email was blocked as spam, 69.2 percent in Hong Kong and 68.0
percent in Singapore, compared with 66.6 percent in Japan.
Spam accounted for 70.1 percent of email traffic in South Africa and 74.3 percent in Brazil.
• South Africa once again became the country most targeted for phishing attacks in November,
with one in 96.2 emails identified as phishing.
• The UK was the second most targeted country, with one in 167.0 emails identified as phishing
• Phishing levels for the US were one in 461.8 and one in 242.4 for Canada.
• In Germany phishing levels were one in 426.2, one in 781.5 in Denmark and one in 250.4 in The
In Australia, phishing activity accounted for one in 361.0 emails and one in 517.0 in Hong Kong;
for Japan it was one in 2,058 and one in 609.7 for Singapore.
In Brazil one in 775.3 emails was blocked as phishing.
• The UK remained at the top of the table with the highest ratio of malicious emails in November,
with one in 149.4 emails identified as malicious.
• Switzerland had the second highest rate, with one in 185.6 emails identified as malicious.
• South Africa returned to the top-5 list this month with one in 222.5 emails blocked as malicious.
• Virus levels for email-borne malware in the US reached one in 360.1 and one in 219.9 in Canada.
In Germany virus activity reached one in 275.0, one in 710.5 in Denmark and in The Netherlands
one in 238.2.
• In Australia, one in 326.2 emails was malicious and one in 325.8 in Hong Kong. For Japan the
rate was one in 1,147, compared with one in 450.0 in Singapore.
• In Brazil, one in 570.6 emails in contained malicious content.
• With a drop in spam this month, the Automotive industry became the most spammed industry
sector in November, with a spam rate of 73.0 percent.
• The spam rate for the Education sector was 71.5 percent and 69.1 percent for the Chemical &
Pharmaceutical sector, compared with 69.3 percent for IT Services, 69.0 percent for Retail, 68.8
percent for Public Sector and 69.2 percent for Finance.
• The spam rate for small to medium-sized businesses (1-250) was 69.4%, compared with 69.7.1%
for large enterprises (2500+).
• The Public Sector remained the most targeted by phishing activity in November, with one in
120.9 emails comprising a phishing attack.
• Phishing levels for the Chemical & Pharmaceutical sector reached one in 407.5 and one in 377.0
for the IT Services sector, one in 397.0 for Retail, one in 130.5 for Education and one in 331.7 for
• Phishing attacks targeting small to medium-sized businesses (1-250) accounted for one in 211.0
emails, compared with one in 334.0 for large enterprises (2500+).
• With one in 74.3 emails being blocked as malicious, the Public Sector remained the most targeted
industry in November.
• Virus levels for the Chemical & Pharmaceutical sector reached one in 275.5 and one in 276.6 for
the IT Services sector; one in 337.1 for Retail, one in 105.2 for Education and one in 386.6 for
• Malicious email-borne attacks destined for small to medium-sized businesses (1-250) accounted
for one in 253.7 emails, compared with one in 249.9 for large enterprises (2500+).
The November Symantec Intelligence Report provides greater detail on all of the trends and figures noted
above, as well as more detailed geographical and vertical trends.
• Whitepaper: Advanced Persistent Threats (PDF)
• SlideShare Presentation: November 2011 Symantec Intelligence Report
• Symantec.cloud Global Threats
• Symantec.cloud Intelligence Reports
• Symantec.cloud In the News
• Symantec.cloud Podcasts
W32.Stuxnet Threat Write-up
Connect with Symantec
• Follow Symantec on Twitter
• Join Symantec on Facebook
• View Symantec’s SlideShare Channel
• Subscribe to Symantec News RSS Feed
• Visit Symantec Connect Business Community
About Symantec Intelligence Report
The Symantec Intelligence report combines the best research and analysis from the Symantec.cloud
MessageLabs Intelligence Report and the Symantec State of Spam & Phishing Report. The new
integrated report, the Symantec Intelligence Report, provides the latest analysis of cyber security threats,
trends and insights from the Symantec Intelligence team concerning malware, spam, and other potentially
harmful business risks. The data used to compile the analysis for this combined report includes data from
September and October 2011.
Symantec is a global leader in providing security, storage and systems management solutions to help
consumers and organizations secure and manage their information-driven world. Our software and
services protect against more risks at more points, more completely and efficiently, enabling confidence
wherever information is used or stored. More information is available at www.symantec.com.