Educational websites were the sixth most frequently exploited type of website, with 6.4 percent of the total number of infected websites in 2015.
A move to stronger authentication, accelerating to always-on encryption, and changing browsers’ security indicators to better indicate to visitors how safe a site is could help, the report notes.
In particular, “organizations need to be more proactive around SSL/TLS implementation,” the authors write. “Rather than thinking solely about protection, website managers need to think about protection, detection, and response.”
New mobile vulnerabilities saw a 214 percent increase, to 528, up from 168 in 2014.
“Smartphones are an increasingly attractive target for online criminals,” according to the report. “As a result, they are investing in more sophisticated attacks that are effective at stealing valuable personal data.”
Android devices seem to be the main target, though Apple devices are also subject to attacks.
Smartphones and tablets–which are in the backpacks or pockets of university students across the globe–have high-bandwidth connectivity and powerful processors, and they also contain valuable personal information, the report notes, such as Apple Pay, Samsung Pay and Android Pay.
App stores also present an opportunity for “cross-over” threats. The report offers an example: “…With Google Play, customers can browse the Play Store from their computer using a normal web browser, installing apps directly onto their phone. Recent examples of some Windows malware have exploited this by stealing browser cookies for Google Play sessions from the infected desktop computer and using these stolen cookies (essentially the users’ credentials), impersonating the user to remotely install apps onto the victims’ phones
and tablets without their knowledge or consent.”
The report’s authors recommend that people treat their mobile devices like small, powerful computers and protect them accordingly, including:
- Access control, including biometrics where possible
- Data loss prevention, such as an on-device encryption
- Automated device backup
- Remote find and wipe tools in the event of a lost device
- Regular updating
- Refrain from downloading apps from unfamiliar sites
- Don’t jailbreak devices
- Pay attention to permissions requested by an app
- Update apps as often as possible
- Change IDs and passwords if a compromise is suspected
The Internet of Things
The number of “things” connected to the internet grows quickly, and in the U.S., there are 25 online devices per 100 inhabitants. Gartner forecasts 6.4 billion connected things will be in use worldwide in 2016, reaching 20.8 billion by 2020.
But the authors note that in the last year, Symantec observed “an increase in proof-of-concept attacks and growing numbers of IoT attacks in the wild. In numerous cases, the vulnerabilities were obvious and all too easy to exploit. IoT devices often lack stringent security measures…”
Cars, smart home devices, medical devices, smart TVs, and embedded devices are all cause for concern.