There was an explosion in the number of malicious attacks in 2007 conducted largely through exploits on social networking Web sites and browser plug-ins, according to Symantec Canada Corp.
The computer security vendor released the 13th version of its Internet Security Threat Report in Toronto today.
The report gives an overview of security threats posed to PCs connected to the Internet over the second half of 2007.
With an explosive 468 per cent increase in new threats from 2006 to 2007, and nearly half a million new threats emerging in the six-month period covered by the report, the balance is tipping in favour of malware, says Michael Murphy, general manager at Symantec Canada.
“Most malware is [recorded] on a blacklist, and that’s how Symantec detects it,” he says.
But “having a list to detect all of these threats can choke bandwidth and a computer’s processing…if at some point the blacklist gets too big, the industry might have to move exclusively to whitelisting.”
A whitelist approach was first suggested by Murphy when Symantec released its previous report. The idea is that it is now easier to keep track of all benevolent computer programs instead of tracking the hundreds of thousands of malware applications.
Of the 54,609 applications installed on Windows-based PCs between July and December 2007, 65 per cent were malicious, the report says.
Much of those applications are spread through social networking sites hosted from the U.S., or through exploitation of vulnerabilities in popular Web sites. Hackers are using major traffic junctions to mine data from unsuspecting end users, Murphy says.
“The landscape has shifted and the landscape is for profit,” he says. “That is not done by compromising Web browsers or operating systems, but by targeting end users and stealing their data.”
Now, more than ever, hackers are seeking to siphon data off infected computers for financial gain. Of the top 50 infections, 68 per cent were designed to expose confidential information, according to the report.
Data thieves are making a swift business peddling bank accounts, credit cards, and even full identities – sometimes sold in bulk at a discounted price.
“However, hackers aren’t necessarily looking at capturing information belonging to the end users,” notes James Quin, senior research analyst with Info-Tech Research Group, a London, Ont.-based consulting firm.
“They’re equally interested in capturing the information of the businesses those end users work for.”
“Businesses are absolutely not off the hook at all,” he adds.
Government top ID theft target
The government sector is host to a majority of data breaches that could result in identity theft (60 per cent) followed by healthcare (33 per cent).
Data theft or loss accounts for most (61 per cent) of the exposed identities, followed by insider theft (21 per cent) and hacking (13 per cent).
“The reason [the government sector is] number one is the data they collect is very valuable,” Symantec’s Murphy explains. “It contains addresses and birth dates – that’s the information needed to create an identity.”
The threat of identity theft from government data is a serious matter, Info-Tech analyst Quin agrees. Canada’s government could do more to protect against cyber-criminals.
“The government is leading the way in terms of privacy protection, but lagging in terms of security protection,” he says. “They really need to get out there and establish a strong, clear message for security.”
The most stringent piece of legislation regarding data security is the Personal Information Protection and Electronic Documents Act (PIPEDA), a bill designed mainly to protect privacy, Quin says. More legislation is needed to set the standard for what basic measures businesses – and the government itself – should take to protect sensitive data.
“They really need to get out there and establish a strong, clear message for security and set a baseline for other businesses,” he adds.
It may be that the increasingly sophisticated underworld of cyber-criminals is outpacing efforts to guard against them. Organizations are springing up across the globe devoted to producing malware, with the help of skilled programmers.
Toolkits available for purchase over the Internet allow almost anyone to create malware for their malevolent purposes, Murphy says. “Sophisticated threats are now being marketed and sold over the Internet.”
Enterprise at risk
While hackers are using new outlets to distribute malware, they continue to stand by their tried and tested means too.
E-mail attachments remained the second-most common method of propagating malicious code, at 32 per cent.
E-mail filters were working harder than ever to sift through and dispose of messages carrying the malware. Spam made up 71 per cent of all e-mail traffic over the report’s six-month period – a 16 per cent increase over the previous period.
“Spam is a very productive means of expanding the reach of an attacker,” Murphy says.
In addition to the threat posed by e-mail malware, businesses are also grappling with new risks posed by the growth of external consumer devices. Forty-three per cent of companies have no protection against USB keys or smartphones, according to the report.
“Consumers bring these into their places of work, not for any malicious intent, but what happens is these devices get lost or stolen,” Murphy explains. “Corporations need to reassess their policies or best practices.”
Encrypting data that is being transported on a device is a good start, and limited user access to data is also important, Murphy advises.
Other findings of the report included:
- ActiveX components continue to account for the majority of browser plug-in vulnerabilities, at 79 per cent
- The Mozilla Web browser had the most vulnerabilities by far with 88, but Internet Explorer had the longest window of exposure before vulnerabilities were patched
- IP addresses assigned by Bell Canada and Shaw Communications Inc. ISPs were observed as conducting the most malicious activity, with 17 and 16 per cent of all activity respectively
