Symantec: Targeted Cyber Attacks On The Rise

2010 was the year targeted attacks got serious, using multiple zero-day flaws and social engineering

2010 was the year of the targeted attack, with attacks such as Hydraq and Stuxnet using sophisticated techniques such as the use of multiple zero-day vulnerabilities to break into high-level computer systems, according to Symantec.

In the latest edition of the security firm’s Internet Security Threat Report, released on 5 April, Symantec also highlights the growing use of social networks and a growing number of attacks on mobile devices.

Maturing market

“Overall, it’s becoming a much more mature underground market,” Symantec security strategist Sian John told eWEEK Europe UK. “Everything’s moving on, as it has been for years, from being about kudos to being about making money and the market. The targeted attacks, the growing sophistication, the use of social networking, the attacks on mobile devices, all link back to that. We’re seeing a growing commercial element to the underground economy.”

Symantec noted that Stuxnet alone exploited four different zero-day vulnerabilities and that attacks were launched on a wide range of publicly traded, multinational corporations and government agencies, as well as a surprising number of smaller companies.

In many cases the attackers researched key victims within organisations and used tailored social engineering techniques to gain entry into the victims’ networks, allowing them to get around existing security measures, Symantec said.

Data breaches caused by hacking resulted in an average of more than 260,000 identities exposed per breach in 2010, nearly four times that of any other cause, Symatec said.

Social network malice

Social networks became a major attack vector last year, with attackers in particular making use of millions of shortened links to spread malware, often via users’ news feeds.

Sixty-five percent of malicious links in news feeds used shortened URLs, and of these 73 percent were clicked on 11 times or more, with 33 percent receiving between 11 and 50 clicks, Symantec said.

Symantec noted that attack toolkits continued to see widespread use last year, and increasingly targeted Java, which accounted for 17 percent of all vulnerabilities affecting browser plug-ins for the year. The Phoenix toolkit was responsible for most web-based attack activity for the year.

Symantec estimated that attack kits are responsible for two-thirds of all web-based threat activity, and found that the number of measured web-based attacks per day increased by 93 percent over 2009.

The major mobile platforms are beginning to attract serious attention from attackers, with Symantec documenting 163 flaws during 2010 that could be used to gain partial or complete control over devices. In the first few months of 2011 attackers have leveraged these to infect hundreds of thousands of devices, the company said.

The threats to date have taken the form of Trojan Horse programs posing as legitimate applications, as was the case with the recent Pjapps Trojan, the company said.

Identity theft

However, to date such Trojans are less of a threat than data loss via lost or stolen mobile devices, according to Symantec’s John.

“Although mobile threats are increasing, until people start to do more financial transactions on mobile devices, it’s about managing and controlling devices that might get lost,” she said. “It’s the back-of-a-taxi problem.”

Most identity theft during 2010 resulted from the theft or loss of a computer or other data-storage device, accounting for 36 percent of the total, Symantec said. That proportion is almost unchanged from 2009, when it accounted for 37 percent of the total.