A Nation In Distress

A Nation In Distress

Wednesday, April 6, 2011

Internet Threat Landscape Offers A Grim Picture

From Homeland Security NewsWire:


Internet threat landscape offers a grim picture



Published 6 April 2011



A new Symantec report paints a grim picture of the Internet threat landscape; Symantec detected more than three billion malware attacks from 286 million malware variants in 2010 -- up 93 percent on 2009; 49 percent of malicious sites found through Web searches were pornographic; in 2010, 6,253 software vulnerabilities were reported, higher than in any previous year; fourteen vulnerabilities were used in zero-day attacks, including four different Windows zero-days used in the Stuxnet attack; the bad guys also demonstrated a firm grasp of new technology: social networking sites are a huge target, and hackers are exploiting the boom in URL shortening services such as bit.ly; smartphones are also beginning to attract malware



The numbers are staggering. Symantec detected more than three billion malware attacks from 286 million malware variants last year, according to the 2010 edition of its annual Internet Security Threat Report, published the other day. Web-based attacks were up 93 percent on 2009, and you were most likely to come across a malicious Web site if you were on the hunt for pornography; 49 percent of malicious sites found through Web searches were pornographic.



Ars technica reports that overall, the report paints a grim picture of the Internet threat landscape. Software flaws are abundant. In 2010, 6,253 software vulnerabilities were reported, higher than in any previous edition of the report. Fourteen vulnerabilities were used in zero-day attacks, including four different Windows zero-days used in the Stuxnet attack.



Though data breaches are still relatively rare — 457 in 2010 according to aggregator DataLossDB — they still put many at risk. About 61,000 identities were compromised on average, with breaches in the finance sector particularly big, at an average of over 235,000 identities per breach. Breaches as a result of hacks — rather than insiders, or theft or loss of hardware and media — tended to be substantial, averaging more than 262,000 identities per hack.



Symantec notes that the bad guys also demonstrated a firm grasp of new technology. Social networking sites are a huge target, both due to their wide use and their enormous susceptibility to social engineering. In mass, untargeted attacks, the social networking sites give malicious links a veneer of integrity — if a friend of yours posts a link it is surely going to be safe. For spear-phishing and other targeted attacks, the social networks give valuable insight into individual habits and interests, not to mention the ability for hackers to strike up friendships with their would-be victims and to gain their trust that way.



Hand in hand with social networking sites like Twitter, there has also been a boom in URL shortening services such as bit.ly. Hackers have been quick to exploit the way these mask the destination URL, making it much harder to know whether a link is malicious until you actually click on it. Two-thirds of attacks used on social networking sites used such masked, shortened URLs.



Smartphones are also beginning to attract malware. 2010 saw the discovery of the first Android trojan, and it looks like hackers regard Android as a ripe platform for attacks—last month more than 50 malicious programs were yanked from Android Market. More vulnerabilities are being found on mobile platforms, with 163 found last year, an increase of 41 percent. While still small-scale attacks compared to their PC-based counterparts, this is set to be a growth market. Smartphones are chock full of personal information and thanks to premium rate phone and text numbers, have an unparalleled ability to monetize malware.



Symantec says that 2010 was also a big year for targeted attacks; Google came out as a victim of the Aurora attacks, and Stuxnet struck Iran. The targeted attacks were notable for their use of zero-day vulnerabilities — three different Internet Explorer zero-days were used in three separate targeted attacks, and Stuxnet used four Windows zero-days.



Ars Technica notes that the use of zero-days is significant because it means that even an organization with good practices (patching machines on a timely basis, using anti-malware software) is at risk; these old mechanisms do little to guard against this style of attack. Heuristic analysis and sandboxing techniques both have a role to play in detecting these problems but work still needs to be done to make these easy to use, robust, and effective.



More than anything else, the report shows that the security situation is not improving; it is getting worse. Social networking-based social engineering and zero-day targeted attacks put even conscientious, well-educated users at risk.

No comments:

Post a Comment