A threat volume of more than 286 million new threats has been reported last year, which has been accompanied by several new megatrends in the threat landscape, according to a new report by Symantec.
The report revealed dramatic increases in both the frequency and sophistication of targeted attacks on enterprises; the continued growth of social networking sites as an attack distribution platform; and a change in attackers’ infection tactics, increasingly targeting vulnerabilities in Java to break into traditional computer systems.
The report highlights how attackers are exhibiting a notable shift in focus toward mobile devices; targeted attacks such as Hydraq and Stuxnet posed a growing threat to enterprises in 2010.
To increase the likelihood of successful, undetected infiltration into the enterprise, an increasing number of these targeted attacks leveraged zero-day vulnerabilities to break into computer systems.
According to the report, in 2010, attackers launched targeted attacks against a diverse collection of publicly traded, multinational corporations and government agencies, and a surprising number of smaller companies.
In many cases, the attackers researched key victims within each corporation and then used tailored social engineering attacks to gain entry into the victims’ networks.
Due to their targeted nature, many of these attacks succeeded even when victim organisations had basic security measures in place.
The security firm said that while the high-profile targeted attacks of 2010 attempted to steal intellectual property or cause physical damage, many targeted attacks preyed on individuals for their personal information.
Further, last year, attackers posted millions of shortened links on social networking sites to trick victims into both phishing and malware attacks, dramatically increasing the rate of successful infection.
The report also found that attackers overwhelmingly leveraged the news-feed capabilities provided by popular social networking sites to mass-distribute attacks.
In 2010, 65% of malicious links in news feeds observed by Symantec used shortened URLs; of these, 73% were clicked 11 times or more, with 33% receiving between 11 and 50 clicks.
Also, in 2010, attack toolkits, software programs that can be used by novices and experts alike to facilitate the launch of widespread attacks on networked computers, continued to see widespread use.
These kits increasingly target vulnerabilities in the popular Java system, which accounted for 17% of all vulnerabilities affecting browser plug-ins in 2010.
According to the report, the Phoenix toolkit was responsible for the most Web-based attack activity in 2010; the sixth highest ranked Web-based attack during the reporting period was also an attempt to exploit Java technologies.
The number of measured Web-based attacks per day increased by 93% in 2010 compared to 2009; and two-thirds of all Web-based threat activity observed were directly attributed to attack kits, these kits are likely responsible for a large part of this increase.
The report also highlighted 286 million new threats – Polymorphism and new delivery mechanisms such as Web attack toolkits continued to drive up the number of distinct malware programs.
In 2010, 93% increase in Web-based attacks – Web attack toolkits drove the 93% increase in the volume of Web-based attacks.
260,000 identities exposed per breach, which is the average number of identities exposed per breach in data breaches caused by hacking during 2010; and 14 new zero-day vulnerabilities – Zero-day vulnerabilities played a key role in targeted attacks including Hydraq and Stuxnet.
The company also documented 6,253 new vulnerabilities in 2010 than in any previous reporting period; 42% more mobile vulnerabilities as cybercriminals started to focus their efforts on the mobile space, the number of reported new mobile operating system vulnerabilities increased, from 115 in 2009 to 163 in 2010.
One botnet with more than a million spambots – Rustock, the largest botnet observed in 2010, had more than one million bots under its control at one point during the year; and nearly three quarters of all spam in 2010 was related to pharmaceutical products, with a majority of them related to pharmaceutical websites and related brands.