There were more than 286 million cyber threats globally last year, according to security software provider Symantec Corp’s Internet Security Threat Report, Volume 16.
This increase in threats included the theft of intellectual property, phishing and malware attacks along with several new megatrends.
“This will motivate cyber criminals to refine their attack techniques to steal valuable data and intellectual property, which they can sell at a lucrative price in the underground economy,” said Symantec Corp’s Vice President for the Asia South Region, Eric Hoh.
Last year, there were forms of targeted attacks against publicly traded companies, multinational corporations and government agencies and a surprising number of smaller companies.
The Symantec report also pointed to the continued growth of social networking sites as an attack distribution platform.
The attacks worked at different levels. While most preyed on individuals for their personal information, the high profile targeted attacks attempted to steal intellectual property or cause physical damage.
One of the primary attack techniques used on social networking sites involved the use of shortened URLs. Under typical, legitimate, circumstances, these abbreviated URLs share a link in an email or a web page, to an otherwise complicated web address.
Last year, attackers posted millions of these shortened links on social networking sites to trick victims into phishing and malware attacks, dramatically increasing the rate of successful infection.
“Given the borderless nature of the Internet world today, the significant increase in cyber threats globally, is likely to have an impact on consumers and businesses in Malaysia.
“Consumers and businesses alike in Malaysia need to take proactive steps to secure and manage their information from a myriad of security risks posed by the proliferation of mobile devices and social networking,” Hoh said.
Symantec recorded over 3 billion malware attacks in 2010, but one stands out: Stuxnet.
That attack captured the attention of the industrial control industry along with the general population.
In a look back at 2010, Symantec saw five recurring themes:
1) Targeted attacks. Almost forgotten in the wake of Stuxnet was Hydraq. Hydraq’s intentions were old fashioned compared to the cyber sabotage of Stuxnet, it attempted to steal. What made Hydraq stand out was what and from whom it attempted to steal: Intellectual property from major corporations.
Targeted attacks did not start in 2010 and will not end there.
Stuxnet and Hydraq teach future attackers the easiest vulnerability to exploit is our trust of friends and colleagues. Stuxnet was able to breach its target because someone gave it trusted access with a USB key. Meanwhile, Hydraq would not have been successful without convincing users the links and attachments they received in an email were from a trusted source.
2) Social networks. Whether the attacker is targeting a chief executive or a member of the QA staff, the Internet and social networks provide rich research for tailoring an attack. By sneaking in among our friends, hackers can learn our interests, gain our trust, and convincingly masquerade as friends. A well-executed social engineering attack has become almost impossible to spot.
3) Zero-day vulnerabilities and rootkits. Once inside an organization, a targeted attack attempts to avoid detection until it meets its objective. Exploiting zero-day vulnerabilities is one part of keeping an attack stealthy since these enable attackers to get malicious applications installed on a computer without the user’s knowledge. In 2010, the industry discovered 14 such vulnerabilities. Rootkits also play a role. While rootkits are not a new concept, techniques continue to undergo refinement and redevelopment as attackers strive to stay ahead of detection tools. Many of these rootkits come about for use in stealthy attacks. There were also reports in 2010 of targeted attacks using common hacker tools. These are similar to building products — in this case attack tools — with “off-the-shelf” parts in order to save money and get to market faster. However, innovation runs in both directions, and attacks such as Stuxnet will certainly provide an example of how targeted attacks are studied and their techniques copied and adapted for massive attacks.
4) Attack kits. What brings these techniques to the common cybercriminal are attack kits. Zero-day vulnerabilities become everyday vulnerabilities via attack kits; inevitably, some of the vulnerabilities used on Stuxnet as well as the other 6,253 new vulnerabilities discovered in 2010 will find their way into attack kits sold in the underground economy. These tools—easily available to cybercriminals—also played a role in the creation of the more than 286 million new malware variants Symantec detected in 2010.
5) Mobile threats. As toolkits make clear, cybercrime is a business. Moreover, as with a legitimate business, the main focus for cybercrime is return on investment. Symantec believes this explains the current state of cybercrime on mobile threats. All of the requirements for an active threat landscape existed in 2010. The installed base of smart phones and other mobile devices has now grown to an attractive size. The devices run sophisticated operating systems that come with the inevitable vulnerabilities — 163 in 2010. In addition, Trojans hiding in legitimate applications sold on app stores provided a simple and effective propagation method.
The report offered recommendations for enterprises, including protecting infrastructure and information, developing and enforcing information technology policies as well as managing systems effectively.