Current Filter: Security>>>>>News>

   

Symantec has reached a milestone on its journey to separate into two companies by appointing sales leaders in Europe Middle-East and Africa (EMEA) to support its customers and partners and to scale its businesses. The two revealed as having leadership responsibility are Kevin Isaac, head of sales for Enterprise Security, EMEA, Symantec, and Matt Ellard, head of sales for EMEA, Information Management entity, Veritas

"We have a comprehensive plan in place to ensure that we execute a successful separation, with minimal disruption to the business," said Symantec CEO Michael Brown. "With these critical leadership positions filled for both Symantec and Veritas, I'm confident we are well positioned to start our new fiscal year in a strong position."

Meanwhile, Symantec’s 2015 Internet Security Threat Report (ISTR), Volume 20, has exposed a tactical shift by cyber-attackers: they are infiltrating networks and evading detection by hijacking the infrastructure of major corporations and using it against them.

“Attackers don’t need to break down the door to a company’s network when the keys are readily available,” said Kevin Haley, director, Symantec Security Response. “We’re seeing attackers trick companies into infecting themselves by Trojanising software updates to common programs and patiently waiting for their targets to download them—giving attackers unfettered access to the corporate network.”

In a record-setting year for zero-day vulnerabilities, Symantec research reveals that it took software companies an average of 59 days to create and roll out patches—up from only four days in 2013. Attackers took advantage of the delay and, in the case of Heartbleed, leapt to exploit the vulnerability within four hours. There were 24 total zero-day vulnerabilities discovered in 2014, leaving an open playing field for attackers to exploit known security gaps before they were patched.

Meanwhile, advanced attackers continued to breach networks with highly-targeted spear-phishing attacks, which increased a total of eight percent in 2014. What makes last year particularly interesting is the precision of these attacks, which used 20 percent fewer emails to successfully reach their targets and incorporated more drive-by malware downloads and other web-based exploits.

Additionally, Symantec observed attackers: Using stolen email accounts from one corporate victim to spear-phish other victims higher up the food chain; taking advantage of companies’ management tools and procedures to move stolen IP around the corporate network before exfiltration; and building custom attack software inside the network of their victims to further disguise their activities.