A report from Symantec this week provided data on cyber-threat activity that occurred between January and December 2010. The report also offered some predictions regarding Internet dangers in 2011 and beyond. An accompanying press release highlighted what some of its researchers deem “government-focused megatrends” and sobering statistics on recent malicious activity.
According to Marc Fossi, executive editor and the manager of development for Security Technology and Response at Symantec, many cyber-attacks come from one of two sources — bad guys with specific targets or bad guys targeting anyone just for the money.
“That’s really what you’re seeing, that division between these low-level guys who are just after everybody. They want the quick buck. The high-level guys, they’re going after your government organizations,” he said. There are rumors about governments sponsoring “high-level” attackers to get into foreign networks, but that’s not something Symantec can confirm.
But whether they’re backed by big government or not, such malefactors are certainly dangerous. “They are sophisticated enough, and they’re working in teams,” Fossi said.
Data from the Internet Security Threat Report includes these sobering figures from 2010: a 93 percent increase in Web-based attacks from 2009; more than 286 million unique threats; a 42 percent increase in mobile vulnerabilities; and more than 260,000 identities exposed per average data breach. Symantec researched malicious cyber-activity targeting both consumers and organizations from the public and private sectors.
“We don’t do this as a wake-up call or anything like that,” Fossi said. “We’re just reporting on what we’ve seen and sort of trying to put that together in a clear picture.”
The report also highlights major trends from last year that set off alarm bells, all of which could be perceived as threats to government: highly targeted attacks aimed at and launched by nation-states, which werer exemplified by the Stuxnet and Hydraq malware exploits; exposures caused by government adoption of social networking and mobile applications; and Web-based attacks aimed at government systems.
The targeted attacks are the work of the high-level attackers Fossi mentions: men and women who want to disrupt government or corporate networks or discern private information. “Hydraq was a targeted attack where a bunch of really big multinational companies had all been infiltrated,” Fossi said. Hydraq was used to steal information from computers and send it back to criminals, a zero-day exploit, or one that takes advantage of a security hole that no one has developed a patch for.
Web-based attacks, however, are less discriminating it seems. These threats hijack applications or websites to compromise all users, not just those specific to certain companies or departments. Such infiltration is made easier today because people can access software that allows them to perform hacks that would have previously required advanced programming abilities. “They offer people who don’t know enough to construct their own attacks an easy way of launching pretty sophisticated attacks,” Fossi said.
Social networking is also an emergent avenue on the threat landscape for government organizations. And interestingly enough, attackers can use the technology to glean information about people without doing any hacking at all. “You can do so much reconnaissance work online through what people post to their social networking accounting,” Fossi said. For example, he said, if someone posts that he is attending the Symantec government symposium on a social networking site, an attacker could use that information by sending a fake e-mail to the person about the event. The e-mail would look like it came from a Symantec address and say something like, “Here’s an itinerary for the government symposium you’re attending.”
“If the victim fell for this and opened the e-mail, he or she just walked into a breach,” Fossi said.
This opens up a whole new can of worms when it comes to mobile technology where people access both corporate networks and private social networking accounts from personal mobile devices. The Symantec report cited mobile vulnerabilities but stopped short of claiming that malicious cyber-activity was running rampant on the devices. Fossi warns, however, that the world could be on the threshold of a mobile malware nightmare.
“What I think is going to be the tipping point for those types of threats is going to be people using their mobile devices for more financial transactions,” Fossi said. Once people use their phones to handle money, the temptation will be too great to resist. But as of now, laptops and desktops are the main avenues because they’re the paths of least resistance. “It’s still easier for them to compromise people through their computers.”