Symantec Report Finds Cyber Threats Skyrocket in Volume and Sophistication

***Craig Scroggie, Vice President & Managing Director, Pacific Region, Symantec***

Australian and New Zealand businesses have recently been plagued by a number of high-profile security attacks. But it’s not just happening in Australia and New Zealand. You only need to pick up a newspaper to realise that data breaches are making big headlines worldwide while damaging the brands and reputations of everyone involved.

Security attacks against businesses speak volumes about the size of the threat we face, and the determination of criminals to steal valuable information.

The Symantec Internet Security Threat Report is one of the most comprehensive sources of Internet threat data in the world. It provides a year-long overview and analysis of Internet threat activity. Volume 16, covers the period from January to December 2010. We compiled the report using more than 240,000 sensors in more than 200 countries, and intelligence gathered from over 133 million Symantec client, server, and gateway systems that have deployed our antivirus products around the globe.

The report revealed significant changes to the threat landscape in 2010. The volume and sophistication of threat activity increased substantially, with Symantec identifying more than 286 million new threats last year while web attacks rose by 93 percent. We also uncovered 14 zero day threats and 6,253 new vulnerabilities. In the underground economy we saw credit card numbers being sold for as little as seven US cents.

**2010: the Year of the Targeted Attack**

Last year revealed that targeted attacks such as Hydraq and Stuxnet pose a serious challenge to businesses. The scale of these attacks range from publicly traded, multinational corporations and government organisations to smaller companies and individual computer users. The victims had one thing in common – they were specifically targeted and compromised, even though many had robust security measures.

While the high profile, targeted attacks that received the bulk of the media attention in 2010 attempted to steal intellectual property or cause physical damage, many of these attacks prey on individuals for their personal information. For example, in 2010 data breaches caused by hacking resulted in an average of more than 260,000 exposed identities, far more than the second leading cause, which was theft/loss, which accounted for an average of just over 67,000 exposed identities.

More and more zero day vulnerabilities are being leverage in targeted attacks. In 2010, Symantec observed 14 new zero-day vulnerabilities, an increase from 12 in 2009. Stuxnet, which infiltrated Iranian nuclear control systems, alone used an unprecedented four of these zero-day vulnerabilities. Hydraq, which targeted large multinational companies, used one of the three zero-day vulnerabilities in Internet Explorer.

**Social Networks: A Fertile Ground for Cybercriminals**

Perhaps the most disturbing trend of all was the prevalence of attacks that start with social networking. Social networks continue to be a security concern for organisations as companies and government agencies struggle to find a satisfactory compromise, leveraging the advantages of social networking while limiting the dangers posed by the increased exposure of potentially sensitive and exploitable information.

A chief concern is the popularity of shortened URLs. Attackers capitalise on these services because their victims are unable to quickly determine where shortened URLs will direct them, frequently leading to a phishing scam or malware infection.

A favourite method used to spread an attack is from a compromised social networking profile. The profile is used to post links to malicious websites so that the links appear in the news feeds of the victim’s friends.

In 2010 Symantec observed 65 percent of malicious links in news feeds used shortened URLs. During a four month period Symantec monitored shortened URLs leading to malicious websites; 73 percent were clicked 11 times or more, with 33 percent receiving between 11 and 50 clicks.

**Mobile Threat Landscape Comes Into View**

More users are downloading and installing third-party applications for mobile devices and the possibility of installing malicious applications is increasing. Most malicious codes are now designed to generate revenue and as people increasingly use mobile devices for sensitive transactions such as online shopping and banking we can expect more threats to be created for these devices. Trojans that steal data from mobile devices and phishing attacks will likely be some of the first threats to arrive.

Currently, most malicious code for mobile devices are Trojans that pose as legitimate applications. These applications are uploaded to mobile app marketplaces where users download and install them. In some cases, attackers may take a popular legitimate application and add malicious code to it. This happened in the case of the Pjapps Trojan.

In a sign that the mobile space is starting to garner more attention from both security researchers and cybercriminals, there was a 42 percent increase in the number of reported new mobile operating system vulnerabilities, from 115 in 2009 to 163 in 2010.

**How can you fight back?**

The first step is to recognise the risks we face. Criminal attacks are prevalent, potent and expensive to clean up. That reality will change the way organisations defend themselves.

The second step is to review the use of social networks within your organisation. Symantec has had positive experiences using social networks in the workplace and is enjoying some latent cost savings. But we all need to be aware that our employees use social networks at home and at work and then consider how that usage pattern impacts business security.

Understand the age of innocence has ended for mobile devices: your smartphone is set in the sights of criminals. Mobile behaviour must change to avoid risky practices.

Organisations need to recognise that cyber attacks are getting more sophisticated every year, and to repel attacks you will need to become more sophisticated in your response.

– The most important protective measure is to employ defence-in-depth, which emphasises multiple overlapping and mutually supportive defensive systems to guard against single-point failures in any specific technology or protection method. For consumers, this means using an Internet security solution that combines antivirus, firewall, intrusion detection and vulnerability management.
– Consumers and businesses should ensure that security patches are up-to-date and applied to all vulnerable applications when possible.
– Businesses and consumers should have emergency response procedures in place, including having a backup and restore solution.

To remain protected against today’s threats, Symantec encourages consumers and enterprises to employ defence-in-depth, keep systems patched and up-to-date and apply best practices for backup and recovery.

[message type=”custom”]Craig Scroggie is the Vice President and Managing Director of Symantec for the Pacific region (encompassing Australia, New Zealand and the Pacific Islands). Craig is responsible for driving Symantec’s sales and business development in the region and serves as the senior leader for the overall Symantec business in the Pacific.[/message]