May 1, Government Computer News (International) Targeted attacks, mobile vulnerabilities on the rise, report states. The findings of the latest “Internet Security Threat Report” from Symantec can be summed up as: “Attacks are rising, but the number of new vulnerabilities is decreasing.” This describes the threat landscape in 2011 in which hackers continued to exploit known vulnerabilities through new vectors as enterprises and end users failed to keep up with the flood of security updates from vendors patching their software. “The old vulnerabilities still work,” said the manager of Symantec’s security technology and response product group and a contributor to the report. Malware variants are being packaged in attack toolkits that effectively circumvent signature-based defenses. The data in the report is gathered from the company’s Global Intelligence Network monitoring activity in more than 200 countries. The total number of vulnerabilities reported in 2011 dropped 20 percent, from a high of 6,253 in 2010 to fewer than 5,000. Over the same time, the number of unique variants of malware identified in the wild increased 41 percent and the number of attacks blocked by Symantec tools jumped 81 percent to 5.5 billion in 2011. The vectors for delivering the malware are shifting, with Web attacks and social engineering through social networks replacing e-mail as the method of choice. This is due in part to successful law enforcement campaigns against command-and-control systems for spam-spewing botnets in 2011, and also because the Web offers a good alternative. Targeted attacks, which have proven to be effective in breaching high-value – 16 – organizations through carefully crafted social engineering, increased during 2011, from 26 such attacks identified in January of that year to 154 in December. At the same time, the attacks are now targeting smaller organizations and lower-level employees.