Compared to their 2012 data, Microsoft attracted a significantly larger proportion of attacks in 2013. In 2012, they attracted fewer than 12 per cent of the total attacks reported. In 2013, this rose to almost 22 per cent of the total attacks reported. In contracts, Apple's share dropped from almost 15 per cent to just over 3 per cent. Dell reported 14 zero-day vulnerabilities in 2013. Browser-based attacks lead the list with Java being the most targeted application, followed closely by Internet Explorer, and Adobe Flash Player.
SCADA systems were not immune from attack with systems from Siemens responsible from just over a third of all the reported vulnerabilities. The next most vulnerable systems came from Cisco with just 12 per centof the reported vulnerabilities. Over a quarter of these vulnerabilities left system operators vulnerable to DDoS attacks improper input validation, buffer overflow and privilege escalation the next most popular categories of CADA vulnerability.
The most popular types of targeted attacks in 2013 were targeted spam against corporate employees leveraging services like fax, voicemail, printers and scanners; sophisticated ransomware like CryptoLocker; SSL-based malware download and communication and; and web-based exploit kits with zero-day exploit payloads resulting in drive-by malware download and install on the targeted machine.