TAILORED ATTACKS against small businesses, an increase in mobile security threats and the prevalence of worms for which there are patches were some of the main features of the internet security landscape last year, according to a new report from Symantec. The anti-virus and security software vendor, which runs one of its three global centres for monitoring internet security in Dublin, discovered 403 million pieces of malicious software – worms, viruses or other “malware” – last year, up from just 285 million in 2010.

The data is contained in its annual Internet Security Threat Report, which shows that the number of software vulnerabilities discovered, which can be exploited by malware authors, fell significantly as did the amount of spam in circulation.

Instead, criminal gangs, state security agencies and political activists are more likely to target specific organisations using social engineering and tailored malware to gain access to their networks.

The Stuxnet computer worm, which was designed to infect the industrial control systems in a specific Iranian nuclear reactor, brought targeted attacks to mainstream attention in 2010, says Orla Cox, senior security operations manager with Symantec in Dublin. “It was the first time we saw actual sabotage as the motive rather than espionage,” said Ms Cox.

The Symantec report found that tailored attacks are no longer limited to state agencies and military contractors. More than 50 per cent of such attacks were against organisations with under 2,500 workers, and 18 per cent were against companies with fewer than 250 staff.

Smaller firms may be a target because they hold a large amount of financial or personal information, or because they are a supplier to a larger organisation in which the criminals are interested, said Ms Cox.

Mobile attacks are focused on Google’s Android platform; Symantec discovered just five threats for Apple’s iOS platform, all of which attack jailbroken iPhones – ie those which have been altered to allow the installation of software not approved by Apple.

“Android threats are still in their infancy; they are not as sophisticated as on a PC, but they are evolving,” said Ms Cox. “Things will shift when people have more financial data on their phones.”

Although Symantec’s survey is based on data from around the world, Dermot Williams, managing director of Threatscape, Symantec’s specialist security partner in Ireland, said the global trends apply locally.

He is also seeing an increase in malware for Apple devices and believes attacks on certificate authorities, which issue the digital signatures verifying the identity of websites, could undermine the whole structure of the internet.

“That’s undermining the fundamental trust people have got used to online,” said Mr Williams. “It underlines how a lot of security on the internet is built on layers of trust.”

Net figures

5.5 billion – number of malicious attacks blocked by Symantec in 2011 (up 81 per cent)

403 million – unique pieces of malware identified

4,989 – software vulnerabilities identified (down 20 per cent)

82 – number of daily targeted attacks discovered

1.1 million – average number of identities stolen per data breach last year

93 per cent – increase in mobile vulnerabilities in 2011