The Internet Security Threat Report examined multiple aspects of security, including targeted attacks, smartphone threats, social media scams and Internet of Things vulnerabilities, as well as attackers' tactics, motivations and behaviors.

Symantec revealed the following six key findings and trends from 2015:

1. The number of zero-day vulnerabilities, or unknown software gaps, discovered more than doubled to 54, a 125% increase from the year before. Symantec reported vulnerabilities can appear in almost any software type, but the most attractive target for attackers is software that is widely used. The majority of these vulnerabilities discovered in software turned up in popular applications such as Internet Explorer and Adobe Flash.

2. The total reported number of exposed identities jumped 23% to 429 million.

"But this number hides a bigger story," the report said. "In 2015, more and more companies chose not to reveal the full extent of the breaches they experienced."

A conservative estimate by Symantec of those unreported breaches pushed the real number of records lost to more than half a billion.

"The fact that companies are increasingly choosing to hold back critical details after a breach is a disturbing trend," Symantec said. "Transparency is critical to security."

3. Spear-phishing campaigns targeting employees increased 55%. In 2015, a government organization or a financial company that was hit once experienced at least three more hits throughout the year. In the last five years, they observed a steady increase in attacks targeting businesses with less than 250 employees. Forty-three percent of all attacks targeted small businesses in 2015.

4. Ransomware increased 35%. Cybercriminals are using encryption as a weapon to hold critical data hostage. Ransomware also continued to evolve. Symantec revealed in 2015, crypto-ransomware, which encrypts files, pushed the less damaging locker-style ransomware (locking the computer screen) out of the picture.

"An extremely profitable type of attack, ransomware will continue to ensnare PC users and expand to any network-connected device that can be held hostage for a profit," the report said.

In 2015, ransomware moved beyond its focus on PCs to smartphones, Macs and Linux systems. Symantec even demonstrated proof of concept attacks against smart watches and televisions in 2015.

5. Major security vulnerabilities exist in three quarters of popular websites.

"Cybercriminals continue to take advantage of vulnerabilities in legitimate websites to infect users, because website administrators fail to secure their websites," Symantec revealed.

More than 75% of all legitimate websites have unpatched vulnerabilities. Fifteen percent of legitimate websites have vulnerabilities that are deemed critical, meaning it would only take a trivial effort for cybercriminals to gain access to and manipulate these sites for their own purposes.

6. Symantec blocked 100 million fake technical support scams. Fake technical support scams, first reported by Symantec in 2010, have evolved from cold calls to unsuspecting victims to the attacker fooling victims into calling them directly. Attackers trick people with pop-ups that alert them to a serious error or problem, thus steering the victim to an 800 number, where a "technical support representative" attempts to sell the victim worthless services.