Security attacks hit home
Criminals and hackers looking to steal your company’s data or cause mischief are now knocking on the front door, with targetted attacks posing a growing threat to enterprises in 2011, according to a new report from Symantec.
Meanwhile HP has declared 2010 the year of Web vulnerability as attackers continued to focus on current, unpatched vulnerabilities in web applications, social networking sites and Web 2.0 interfaces
Symantec’s latest Internet Security Threat Report highights increases in both the frequency and sophistication of targeted attacks on enterprises; the continued growth of social networking sites as an attack distribution platform; and a change in attackers’ infection tactics, increasingly targeting vulnerabilities in Java to break into traditional computer systems. In addition, the report explores how attackers are exhibiting a notable shift in focus toward mobile devices.
Targeted attacks such as Hydraq and Stuxnet posed a growing threat to enterprises in 2010. To increase the likelihood of successful, undetected infiltration into the enterprise, an increasing number of these targeted attacks leveraged zero-day vulnerabilities to break into computer systems. As one example, Stuxnet alone exploited four different zero-day vulnerabilities to attack its targets.
The report found that attackers overwhelmingly leveraged the news-feed capabilities provided by popular social networking sites to mass-distribute attacks. In a typical scenario, the attacker logs into a compromised social networking account and posts a shortened link to a malicious website in the victim’s status area. The social networking site then automatically distributes the link to news feeds of the victim’s friends, spreading the link to potentially hundreds or thousands of victims in minutes. In 2010, 65 percent of malicious links in news feeds observed by Symantec used shortened URLs. Of these, 73 percent were clicked 11 times or more, with 33 percent receiving between 11 and 50 clicks.
“The Internet Security Threat report reveals significant changes to the threat landscape in 2010. The volume and sophistication of threat activity increased substantially, with Symantec identifying more than 286 million new threats last year. With such high profile threats as Hydraq and Stuxnet leading the way, 2010 was the year of the targeted attack,” said Craig Scroggie, vice president and managing director, Pacific region, Symantec. “ With the increased popularity of social media, cybercriminals are now leveraging the popularity of shortened URLs to obtain confidential information. In addition, as more users download and install third-party applications for mobile devices, the possibility of installing malicious applications is also increasing.”
In its own 2010 Top Cyber Security Risks Report, HP identified a significant increase in the volume of organized cybercrime targeting data centres and networks, which can lead to financial and data loss.
The new report indicates that while the majority of attacks are against known and patched security vulnerabilities, many high-profile attacks use new vulnerabilities before vendors issue fixes.
A key finding in the new report is the dramatic increase of web exploit toolkits. These “packaged” attack frameworks are traded online, enabling attackers to access enterprise IT systems and steal sensitive data. According to the report, web exploit toolkits are rapidly growing as the weapon of choice by attackers due to ease of use and high success rate.
The report identifies third-party plug-ins to content management systems as a leading cause of web application vulnerabilities. Blog-hosting and online discussion forum applications, such as Wordpress, Joomla and Drupal, are among the most frequently attacked systems.
“We’ve discovered that rather than investing resources to uncover new exploits, attackers are focused on current, unpatched vulnerabilities in web applications, social networking sites and Web 2.0 interfaces,” said Mike Dausin, manager, Advanced Security Intelligence, HP DVLabs.
Despite the serious threat posed to enterprises from accidental and malicious misuse of data, uptake of data loss prevention technology will remain low for the next four years, according to Ovum.
In a new report, the analyst firm states that the data loss prevention (DLP) technology market will reach global revenues of just $US832 million by 2015, in comparison to other key IT security markets such as network security, which will reach revenues of $US6.5 billion in 2015.
Andy Kellett, Ovum analyst and author of the report commented: “Both public and private sector organisations have compelling reasons to protect their sensitive data, such as the potential for financial losses and regulatory requirements. DLP solutions are widely available but, despite this, enterprise take-up levels remain relatively low.
“There are some justifiable reasons for this reluctance to take up DLP products; current offerings are often perceived as too complex to deploy and support and also expensive to operate and maintain, while not providing a good enough return on investment. Part of the problem is the unrealistic way these products were originally brought to market.
“However, organisations of all types and sizes must make better provision for protecting the sensitive data that they work with, maintain and store. If this does not happen, we will see regulatory and business implications, causing businesses to fail.”
According to the report, organisations that may have been put off investing in DLP technology due to IT budget pressures should take a risk-based prioritisation approach to deployments. Mr Kellett continued: “Organisations may not be certain about where all sensitive data is held, but will normally know what their most valuable data assets are. These are the areas for prioritisation and should be the first stage of the DLP project.”