Symantec detected more than 286 million malware threats last year. In its annual Internet Security Threat Report, the company found that threats are more sophisticated and targeted.
Symantec identified more than 286 million new threats in
2010, according to its annual threat security report. The report highlighted
increasingly sophisticated attacks, the growth of networking sites as an attack
vector, using Java to spread malware, an increase in rootkits and a shift
toward smartphone attacks.
Not only were there more threats in 2010, the threats were
more sophisticated than before, according to Symantec's annual Internet
Security Threat Report, which the company released April 5.
When an organization's network is compromised by malware, it
is most likely using a rootkit to conceal its presence, making it difficult to
remove, Gerry Egan, director of Symantec Security Technology and Response, told
Automated attack kits targeting Websites accounted for
two-thirds of all Web-based attacks. The number of Web-based attacks grew 93
percent in 2010 from 2009. The most popular attack kit was Phoenix
, which accounted
for 39 percent of attacks observed by Symantec. NeoSploit and Nukesploit attack
toolkits were also highlighted, with 18 percent of attacks each.
The targeted attacks
were effective and had a higher success rate since they allowed hackers to
break into enterprises and spy on employees in order to gather information that
can be used to tailor social engineering methods that could trick the users.
Malware highlighted in the report included Hydraq
, a Trojan
that compromised Google and other companies, and Stuxnet
, a sophisticated piece
of malware that damaged nuclear centrifuges in Iran.
The report identified Facebook and Twitter users as being
particularly vulnerable to social networking threats. Attackers successfully
used social networks to distribute malware and other attacks because people
were willing to trust messages they thought came from their friends on the
platform. Symantec estimated about 17 percent of links posted on Facebook were
actually links to malicious software. URL shorteners were an effective way to drive
users to malware sites. Of the malicious links found in users' news feeds, 65
percent were malicious and about three-quarters of those links were clicked on
at least 11 times.
URL shorteners have become "one more tool to hide"
attackers, Egan said.
Attackers changed their infection tactics in 2010, targeting
Java or other application vulnerabilities to compromise systems. Java accounted
for 17 percent of vulnerabilities affecting browser plug-ins in 2010. Adobe
Flash and Reader were heavily targeted and exploited in 2010.
"As the operating system and browser guys have gotten better
about patching their software, the weakness now is often in the plug-ins that
sit inside the browser," Egan said.
The rise in Web-based threats and the increasing number of
attack kits being used was also reported in HP DVLabs
report on April 4. HP
also noted the toolkits were very affordable and easy to use in its report.
There were more attacks on mobile devices in 2010 as more
people used them for mobile computing and Web surfing. Users are less security
savvy about malware on mobile devices, and the report specifically called out Android
users as being vulnerable. Apple's prevetting mobile apps may have a lot to do
with iPhone being less targeted. Most malware attacks targeting mobile devices
were Trojans posing as legitimate apps in various app stores.
There were 163 known vulnerabilities in mobile operating
systems in 2010, up 42 percent compared to 115 in 2009. In many cases, the
security flaws were exploited on Android smartphones to install harmful
software. Criminals view mobile phone hacking as a potentially lucrative
Even though the number of attacks on mobile platforms
remained small compared to other cyber-crimes such as phishing, the company
expected these mobile attacks to increase in 2011.
The Symantec report also had a number of other interesting
numbers. More than 260,000 identities were exposed per data breach in 2010, and
the 286 million malware threats exploited 6,253 new vulnerabilities. Those
threats were used in 3 billion attacks.
The report is based on data gathered from 240,000 points
around the Web in more than 200 countries. More than 133 million systems use
Symantec's antivirus products, which also provide data used in the report.