Vulnerabilities and zero-day threats up in 2012, claims Symantec

Cyber space is become more lawless, according to Symantec's 2013 Threat Report

The number of new vulnerabilities identified in 2012 increased by six per cent from 4,989 to 5,291, according to Symantec's 2013 Internet Security Threat Report. Overall, claims Symantec, targeted attacks increased in number by 42 per cent.

Zero-day vulnerabilities - as far as they can be assessed - were also up, according to Symantec.

"In the past three years, much of the growth in zero-day vulnerabilities used in attacks can be attributed to two groups; the authors of Stuxnet and the Elderwood Gang. In 2010, Stuxnet was responsible for four of the 14 discovered zero-day vulnerabilities. The Elderwood Gang was responsible for four of the 14 discovered in 2012," claims the report.

The Elderwood Gang also exploited zero-day vulnerabilities in 2010 and 2011, and have used at least one so far in 2013.

However, while Stuxnet exploited multiple zero-day vulnerabilities, the Elderwood Gang tends to use one at a time. When one zero-day vulnerability is uncovered, it moves on to another one.

"This makes it seem that the Elderwood Gang has a limitless supply of zero-day vulnerabilities and is able to move to a new exploit as soon as one is needed."

At the same time, vulnerabilities in mobile operating systems also ballooned, increasing by one-third from 315 to 415, largely in the Android operating system due to the ease with which apps can be "sideloaded", bypassing the official app stores run by the likes of Google and Amazon.

Symantec also studied the industrial sectors most targeted by cyber attacks, and found that one-quarter - 24 per cent - were aimed at the manufacturing sector, with 19 per cent targeting finance and insurance. The energy and utilities sector accounted for just one-tenth.

The full report can be downloaded from the Symantec website.