With the release of Symantec Corp.‘s (NASDAQ: SYMC) Internet Security Threat Report (ISTR), volume 16 findings, executives are warning users that anti-virus solutions simply aren’t good enough these days with today’s threats including targeted attacks, attack kits, mobile threats and more.
Marc Fossi, manager of research and development at Symantec, and executive editor of the report, highlighted five overarching threats from the latest volume, which includes findings from 2010, which was gathered from the company’s Global Intelligence Network.
The five threats Fossi pointed out include: targeted attacks, social networking, attack kits and mobile threats.
“Targeted attacks are continuing to evolve,” Fossi said. “Targeted attacks have been going on for a while now but they’re also targeting SMBs. The number of identities exposed per breach was 260,000 on average for less sophisticated targeted attacks and the average cost to resolve a data breach in 2010 was US$7.2M.”
With an increase in user activity around social networking, Fossi said hackers are targeting users using social engineering tactics, which may include impersonating friends to launch attacks and spread spam. It may be as simple of going onto an individual’s social networking Web page and seeing they attended a conference, then sending him or her an e-mail with a malicious link.
“People who attend conferences often meet so many people and it’s hard to remember who they meet, so they may be more likely to open that file if they get an e-mail saying how they met,” Fossi said. “A lot of companies struggle to find a balance with social networking and reaching out to customers and also keeping their own users happy by allowing them to go to social networking sites at work. But they need to limit the dangers that could be posed with this increased and possible exposure of information. Companies must create policies about sensitive information.”
The third trend to come out of the ISTR was around zero-day vulnerabilities, which are now being used in a more “aggressive way,” Fossi said. In much the same way, rootkits are also starting to take a “more aggressive hold” in the security threat landscape. The current frontrunners in the rootkit arena include Tidserve, Mebratix and Mebroot, Fossi added.
Attack kits are also continuing to see widespread use where Java exploits are being added to many existing kits, Fossi said. This is happening because Java is a cross-platform browser technology so if attackers are looking for ways to compromise a wide range of users, they’ll often use this method.
The fifth security threat trend to come out of ISTR, volume 16, which wasn’t necessarily evident in volume 15, is around mobile threats. Fossi said today, the most malicious code for mobile devices consists of Trojans that pose as legitimate applications.
“We documented 163 vulnerabilities in mobile devices in 2010, compared with 115 vulnerabilities in 2009, which was a 42 per cent increase,” Fossi said. “These mobile threats will become increasingly targeted as (more phones are being) used for financial transactions like banking and purchases.”
Furthermore, although mobile attacks increased in 2010 compared to 2009, attackers will continue take the path of least resistance, Fossi said. If attackers find they’re making more money on attacking desktops than in the mobile space, they may be slower on the take up for mobile attacks, he added.
The top three sectors that experienced the most number of data breaches include healthcare (27 per cent), education (18 per cent) and government (13 per cent). In total, customer data accounted for 85 per cent of identities exposed, Fossi said.
What channel partners can take away from this report’s findings is that these are “evolving and fast moving threats,” Fossi said.
“It really goes to show your traditional anti-virus isn’t good enough anymore. In 2010, we had about half of our detection take place through Intrusion Prevention Systems rather than just anti-virus. The channel needs to ensure their end-users have a whole defense system, depth strategy, education and user awareness in place,” Fossi said.
Follow Maxine Cheung on Twitter: @MaxineCheungCDN.
