New study shows cyber threats growing in volume and sophistication

An Internet Security Threat Report released by Symantec Corp. shows a massive threat volume of more than 286 million new threats last year, accompanied by several new megatrends in the threat landscape.

 

The report highlights dramatic increases in both the frequency and sophistication of targeted attacks on enterprises; the continued growth of social networking sites as an attack distribution platform; and a change in attackers’ infection tactics, increasingly targeting vulnerabilities in Java to break into traditional computer systems. In addition, the report explores how attackers are exhibiting a notable shift in focus toward mobile devices.

 

Targeted attacks such as Hydraq and Stuxnet posed a growing threat to enterprises in 2010. To increase the likelihood of successful, undetected infiltration into the enterprise, an increasing number of these targeted attacks leveraged zero-day vulnerabilities to break into computer systems. As one example, Stuxnet alone exploited four different zero-day vulnerabilities to attack its targets.

 

In 2010, attackers launched targeted attacks against a diverse collection of publicly traded, multinational corporations and government agencies, as well as a surprising number of smaller companies. In many cases, the attackers researched key victims within each corporation and then used tailored social engineering attacks to gain entry into the victims’ networks. Due to their targeted nature, many of these attacks succeeded even when victim organizations had basic security measures in place.

 

While the high-profile targeted attacks of 2010 attempted to steal intellectual property or cause physical damage, many targeted attacks preyed on individuals for their personal information. For example, the report found that data breaches caused by hacking resulted in an average of more than 260,000 identities exposed per breach in 2010, nearly quadruple that of any other cause.

 

Social network platforms continue to grow in popularity and this popularity has not surprisingly attracted a large volume of malware. One of the primary attack techniques used on social networking sites involved the use of shortened URLs. Under typical, legitimate, circumstances, these abbreviated URLs are used to efficiently share a link in an email or on a web page to an otherwise complicated web address.

 

Last year, attackers posted millions of these shortened links on social networking sites to trick victims into both phishing and malware attacks, dramatically increasing the rate of successful infection.

 

The report found that attackers overwhelmingly leveraged the news-feed capabilities provided by popular social networking sites to mass-distribute attacks. In a typical scenario, the attacker logs into a compromised social networking account and posts a shortened link to a malicious website in the victim’s status area. The social networking site then automatically distributes the link to news feeds of the victim’s friends, spreading the link to potentially hundreds or thousands of victims in minutes. 

 

In 2010, 65% of malicious links in news feeds observed by Symantec used shortened URLs. Of these, 73% were clicked 11 times or more, with 33% receiving between 11 and 50 clicks.