Cyberattacks double in 2010, target social media and mobiles -Symantec

Are you a Facebook addict? Or a mobile phone junkie? Or both? Look out: you may be one of the main targets of cybercriminals. With their growing popularity, social networking and mobile communications were among the top targets of online threats in 2010, Internet security firm Symantec said. In its recently released Internet Security Threat Report for 2010, Symantec noted more than 286 million variants of malware in 2010, and a 93-percent increase in Web attacks. "A growing proliferation of Web-attack toolkits drove a 93% increase in the volume of Web-based attacks in 2010 over the volume observed in 2009. Shortened URLs appear to be playing a role here too. During a three-month observation period in 2010, 65% of the malicious URLs observed on social networks were shortened URLs," it said. Hacking in 2010 had also resulted in data breaches, with each breach exposing some 260,000 identities. Mobile phones increasingly vulnerable Symantec likewise noted 42 percent more mobile vulnerabilities - a sign the mobile space is getting more attention both from security researchers and cybercriminals. "In a sign that the mobile space is starting to garner more attention from both security researchers and cybercriminals, there was a sharp rise in the number of reported new mobile operating system vulnerabilities—up to 163 from 115 in 2009," it said. The report likewise cited 14 zero-day vulnerabilities in widely used software like Internet Explorer, Adobe Reader and Adobe Flash Player. Some 74 percent of spam in 2010 was related to pharmaceutical products. Symantec also observed an underground economy advertisement in 2010 promoting 10,000 bots for $15. Aside from spam or rogueware campaigns, uch bots are increasingly being used for denial-of-service (DoS) attacks. The underground economy also saw stolen credit card numbers being sold for between $0.07 to $100. Symantec noted five trends in 2010: Targeted attacks continue to evolve; hackers cull data from social networks to create social engineering attacks that can fool even sophisticated users; zero-day vulnerabilities will allow attackers to do their thing while hidden from view; more attack kits will exploit zero-day vulnerabilities; and mobile threats are bound to increase. Targeted attacks continue to evolve Targeted attacks are likely to continue against major organizations. “Targeted attacks did not start in 2010 and will not end there," Symantec said. It cited the cases of Stuxnet and Hydraq, which showed the easiest vulnerability to exploit is one’s trust of friends and colleagues. Symantec said Stuxnet could not have breached its target without someone being given trusted access with a USB key, while Hydraq would not have been successful without convincing users that the links and attachments they received in an email were from a trusted source. Culling data from social networks In social networking, Symantec said the ability to research a target online has enabled hackers to create powerful social engineering attacks that easily fool even sophisticated users. “By sneaking in among our friends, hackers can learn our interests, gain our trust, and convincingly masquerade as friends. Long gone are the days of strange email addresses, bad grammar, and obviously malicious links. A well-executed social engineering attack has become almost impossible to spot," it said. Worse, while increased privacy settings can reduce the likelihood of a profile being spoofed, a user can still be exploited if an attacker successfully compromises one of the user’s friends. “Because of this, organizations should educate their employees about the dangers of posting sensitive information. Clearly defined and enforced security policies should also be employed," it said. Symantec noted a favorite method used to distribute an attack from a compromised profile is to post links to malicious websites from that profile so that the links appear in the news feeds of the victim’s friends. Also, attackers are increasingly using shortened URLs. During a three-month period in 2010, nearly two-thirds of malicious links in news obscured from the user. “Of the shortened URLs leading to malicious websites that Symantec observed on social networking sites over the three-month period in 2010, 73 percent were clicked 11 times or more, with 33 percent receiving between 11 and 50 clicks. Only 12 percent of the links were never clicked," it said. Currently, most malicious URLs on social networking sites lead to websites hosting attack toolkits. Symantec also warned applications on social networking sites that appear to be innocuous may have a more malicious motive. “Many surveys and quizzes ask questions designed to get the user to reveal a great deal of personal information. While such questions often focus on generic details (shopping tastes, etc.), they may also ask the user to provide details such as his or her elementary school name, pets’ names, mother’s maiden name, and other questions that, not coincidentally, are frequently used by many applications as forgotten," it said. “Users should ensure that they monitor the security settings of their profiles on these sites as often as possible, especially because many settings are automatically set to share a lot of potentially exploitable information and it is up to users to restrict access themselves," it added. Hackers hiding in plain view Symantec said attackers continue to exploit zero-day vulnerabilities through malicious applications installed on a computer without the user’s knowledge. In 2010, 14 such vulnerabilities were discovered. The current frontrunners in the rootkit arena are tidserv, Mebratix, and Mebroot, which modify the master boot record (MBR) on Windows computers to gain control of the computer before the operating system is loaded. Symantec said innovations from targeted attacks will make their way into massive attacks, most likely via toolkits. Increase in mobile threats Symantec noted an increase in mobile threats, which it said are limited only by attackers getting a return on their investment. “All of the requirements for an active threat landscape existed in 2010. the installed base of smart phones and other mobile devices had grown to an attractive size. the devices ran sophisticated operating systems that come with the inevitable vulnerabilities in 2010," it said. Also, it said Trojans hiding in legitimate applications sold on app stores provided a simple and effective propagation method. “What was missing was the ability to turn all this into a profit center equivalent to that offered by personal computers. But, that was 2010; 2011 will be a new year," it said. Symantec said that while the number of immediate threats to mobile devices remains relatively low in comparison to threats targeting PCs, there have been new developments in the field. “As more users download and install third-party applications for these devices, the chances of installing malicious applications also increases. In addition, because most malicious code now is designed to generate revenue, there are likely to be more threats created for these devices as people increasingly use them for sensitive transactions such as online shopping and banking," it added. Malicious code for mobile devices Currently, most malicious code for mobile devices consists of Trojans that pose as legitimate applications. These applications are uploaded to mobile zappy marketplaces in the hopes that users will download and install them. In March 2011 alone, Google reported that it had removed several malicious Android applications from the Android Market and even deleted them from users’ phones remotely. But Symantec noted attackers have also taken a popular legitimate application and added additional code to it, as happened in the case of the pjapps Trojan for Android devices. It added that over the last several years, most malicious online activity has focused on generating revenue. While mobile-device Trojans have made attempts at revenue generation through premium-rate services, this is still not as profitable as credit card fraud and the theft of online banking credentials. “Some of the first threats of this kind to arrive will likely be either phishing attacks or Trojans that steal data from mobile devices. Because the blueprints for such threats are already well established on personal computers, adapting them to mobile devices should be relatively easy. For example, as mobile devices introduce new features such as wireless payments, it is likely that attackers will seek ways to profit from them the way they have with personal computers. Attackers are constantly looking for new avenues to exploit and profit," Symantec said. Prevention and mitigation of attacks Symantec stressed prevention and mitigation, noting implementing best practices, sufficient policies, and a program of user education can prevent or expose a targeted attack. “For example, restricting the use of USB devices limits exposure to threats designed to propagate through removable media. Educating users not to open email attachments and not to click on links in email or instant messages can also help prevent breaches," it said. If a breach occurs, strong password policies that require the use of different passwords across multiple systems can prevent the attack from expanding further into the network. Also, limiting user privileges can help to reduce the number of network resources that can be accessed from a compromised computer. “Since one of the primary goals of targeted attacks is information theft, whether the attackers seek customer records or intellectual property, proper egress filtering should be performed and data loss prevention solutions employed. This can alert network operations personnel to confidential information leaving the organization," it said. Symantec also said that while the purpose of most malicious code has not changed over the past few years as attackers seek ways to profit from unsuspecting users, the sophistication of these threats has increased as attackers employ more features to evade detection. These features allow malicious code to remain resident on infected computers longer, thus allowing attackers to steal more information and giving them more time to use the stolen information before the infections are discovered. As more users become aware of these threats and competition among attackers increases, it is likely that more threats will incorporate rootkit techniques to thwart security software. As for mobile threats, they are not likely to make significant inroads right away, but their impact is likely to increase in the near future. “To avoid the threats that currently exist, users should only download applications from regulated marketplaces. Checking the comments for applications can also indicate if other users have already noticed suspicious activity from installed applications," it said. — TJD, GMA News