Cyber Criminals Now Target Mobile Platforms and Social Networks: Symantec

Symantec
has announced the findings of its Internet Security Threat Report, Volume 16,
which shows a massive threat volume of more than 286 mn new threats last year,
accompanied by several new megatrends in the threat landscape. The report
highlights dramatic increases in both the frequency and sophistication of
targeted attacks on enterprises; the continued growth of social networking
sites as an attack distribution platform; and a change in attackers’ infection
tactics.  In addition, the
report explores how attackers are exhibiting a notable shift in focus toward
mobile devices.

 

The
growing prevalence and capabilities of the most visible cyber-events of 2010,
Stuxnet and Hydraq, have turned the focus on protecting businesses and critical
infrastructure,” said Shantanu Ghosh, VP, India Product Operations, Symantec. As
India Inc. rapidly takes to mobile computing and social networking it needs to
be watchful about the vulnerabilities and threats these platforms present.”

 

India
Highlights include: “
2010:
The Year of the Targeted Attack”

In
2010, attackers launched targeted attacks against a diverse collection of
publicly traded, multinational corporations and government agencies, as well as
a surprising number of smaller companies.  In many cases, the attackers
researched key victims within each corporation and then used tailored social
engineering attacks to gain entry into the victims’ networks.  Due to their targeted nature, many of
these attacks succeeded even when victim organizations had basic security
measures in place.

 

While
the high-profile targeted attacks of 2010 attempted to steal intellectual
property or cause physical damage, many targeted attacks preyed on individuals
for their personal information. For example, the report found that data
breaches caused by hacking resulted in an average of more than 260,000
identities exposed per breach in 2010, nearly quadruple that of any other
cause.

 

–       Removable drives, but not removable
malware:  India was home to the third highest Stuxnet
infections, after Iran and Indonesia.
Stuxnet targeted sensitive information by exploiting a zero-day vulnerability
in order to infect machines through removable drives.  The high infection statistics of
Stuxnet in India
can be attributed to the large number of computer users in the country relying
on removable media for copying data. During the reporting period, Symantec
observed that the majority of malware samples in India were spread through removable
drives.

 

Indicative
of the state of enterprise security in India, ISTR XVI finds the presence
of older malware like DownadupB in the country. This points to the lack of
basic security software and lax signature updates in Indian enterprises.

 

–       Critical infrastructure Protection:
Stuxnet and Hydraq represented true incidents of cyberwarfare and have
fundamentally changed the threat landscape. The nature of the threats has
expanded from targeting individual bank accounts to targeting the information
and physical infrastructure of nation states.

 

Social
Networks and Instant Messaging – A Fertile Ground for Cybercriminals

Social
Networks: India
now ranks as the seventh largest market worldwide for social networking and the
total Indian social networking audience grew 43 percent in the past yearii. The
popularity of social networks is directly proportional to the volume of malware
it attracts.  One of the
primary attack techniques used on social networking sites involved the use of
shortened URLs. Last year, attackers posted millions of these shortened links
on social networking sites to trick victims into both phishing and malware
attacks, dramatically increasing the rate of successful infection.

 

The
report found that attackers overwhelmingly leveraged the news-feed capabilities
provided by popular social networking sites to mass-distribute attacks.  In a typical scenario, the attacker
logs into a compromised social networking account and posts a shortened link to
a malicious website in the victim’s status area.  The social networking site then
automatically distributes the link to news feeds of the victim’s friends,
spreading the link to potentially hundreds or thousands of victims in
minutes.  In 2010, 65
percent of malicious links in news feeds observed by Symantec used shortened
URLs. Of these, 73 percent were clicked 11 times or more, with 33 percent
receiving between 11 and 50 clicks.

 

Instant
messages and instant malware:  A
growing number of Indian Internet users turning to instant messaging (IM)
applications has opened the door for malware that spreads through IM applications
and a large number of users are victims of attacks using this vector.  W32.Imaut and its family are highly
prevalent in the Indian region. This malware sends malicious links that are
embedded in messages sent to users found in IM contact lists. Statistics
indicate that social engineering tricks that entice users to visit maliciously
crafted websites have been quite successful among Indian users.

 

Mobile
Threat Landscape Comes Into View

The
major mobile platforms are finally becoming ubiquitous enough to garner the
attention of attackers, and as such, Symantec expects attacks on these
platforms to increase.  In
2010, most malware attacks against mobile devices took the form of Trojan Horse
programs that pose as legitimate applications.  While attackers generated some of this
malware from scratch, in many cases, they infected users by inserting malicious
logic into existing legitimate applications.  The attacker then distributed these
tainted applications via public app stores. For example, the authors of
the recent Pjapps Trojan employed this approach.

 

While
the new security architectures employed in today’s mobile devices are at least
as effective as their desktop and server predecessors, attackers can often
bypass these protections by attacking inherent vulnerabilities in the mobile
platforms’ implementations. Unfortunately, such flaws are relatively
commonplace – Symantec documented 163 vulnerabilities during 2010 that could be
used by attackers to gain partial or complete control over devices running
popular mobile platforms.  In
the first few months of 2011 attackers have already leveraged these flaws to
infect hundreds of thousands of unique devices. According to findings from
Mocana, it is no surprise that 47% of organizations do not believe they can
adequately manage the risks introduced by mobile devices. And, that more than
45% of organizations say security concerns are one of the biggest obstacles to
rolling out more smart devices.

 

By
TelecomLead.com Team

editor@telecomlead.com