Symantec identified more than 286 million new threats in 2010, according to its annual threat security report. The report highlighted increasingly sophisticated attacks, the growth of networking sites as an attack vector, using Java to spread malware, an increase in rootkits and a shift toward smartphone attacks.
Not only were there more threats in 2010, the threats were more sophisticated than before, according to Symantec’s annual Internet Security Threat Report, which the company released April 5.
When an organization’s network is compromised by malware, it is most likely using a rootkit to conceal its presence, making it difficult to remove, Gerry Egan, director of Symantec Security Technology and Response, told eWEEK.
Automated attack kits targeting Websites accounted for two-thirds of all Web-based attacks. The number of Web-based attacks grew 93 percent in 2010 from 2009. The most popular attack kit was Phoenix, which accounted for 39 percent of attacks observed by Symantec. NeoSploit and Nukesploit attack toolkits were also highlighted, with 18 percent of attacks each.
The targeted attacks were effective and had a higher success rate since they allowed hackers to break into enterprises and spy on employees in order to gather information that can be used to tailor social engineering methods that could trick the users.
Malware highlighted in the report included Hydraq, a Trojan that compromised Google and other companies, and Stuxnet, a sophisticated piece of malware that damaged nuclear centrifuges in Iran.
The report identified Facebook and Twitter users as being particularly vulnerable to social networking threats. Attackers successfully used social networks to distribute malware and other attacks because people were willing to trust messages they thought came from their friends on the platform. Symantec estimated about 17 percent of links posted on Facebook were actually links to malicious software. URL shorteners were an effective way to drive users to malware sites. Of the malicious links found in users’ news feeds, 65 percent were malicious and about three-quarters of those links were clicked on at least 11 times.
URL shorteners have become “one more tool to hide” attackers, Egan said.
Attackers changed their infection tactics in 2010, targeting Java or other application vulnerabilities to compromise systems. Java accounted for 17 percent of vulnerabilities affecting browser plug-ins in 2010. Adobe Flash and Reader were heavily targeted and exploited in 2010.
“As the operating system and browser guys have gotten better about patching their software, the weakness now is often in the plug-ins that sit inside the browser,” Egan said.
The rise in Web-based threats and the increasing number of attack kits being used was also reported in HP DVLabs report on April 4. HP also noted the toolkits were very affordable and easy to use in its report.
There were more attacks on mobile devices in 2010 as more people used them for mobile computing and Web surfing. Users are less security savvy about malware on mobile devices, and the report specifically called out Android users as being vulnerable. Apple’s prevetting mobile apps may have a lot to do with iPhone being less targeted. Most malware attacks targeting mobile devices were Trojans posing as legitimate apps in various app stores.
There were 163 known vulnerabilities in mobile operating systems in 2010, up 42 percent compared to 115 in 2009. In many cases, the security flaws were exploited on Android smartphones to install harmful software. Criminals view mobile phone hacking as a potentially lucrative activity.
Even though the number of attacks on mobile platforms remained small compared to other cyber-crimes such as phishing, the company expected these mobile attacks to increase in 2011.
The Symantec report also had a number of other interesting numbers. More than 260,000 identities were exposed per data breach in 2010, and the 286 million malware threats exploited 6,253 new vulnerabilities. Those threats were used in 3 billion attacks.
The report is based on data gathered from 240,000 points around the Web in more than 200 countries. More than 133 million systems use Symantec’s antivirus products, which also provide data used in the report.