On April 5th Symantec released our annual Internet Security Threat Report Internet Security Threat Report, Volume 16 (ISTR), which highlights how the volume and sophistication of threats skyrocketed in 2010. The report is one of the most comprehensive sources of Internet threat data in the world. This report highlights dramatic increases in both the frequency and sophistication of targeted attacks on enterprises; the continued growth of social networking sites as an attack distribution platform; and a change in attackers’ infection tactics, in which they are increasingly targeting vulnerabilities in the Java computer language to break into traditional computer systems. In addition, the report explores how attackers are exhibiting a notable shift in focus toward mobile devices.
This week I presented Symantec’s ISTR to an industry security conference in Pennsylvania. During this conference, there has been much discussion about emerging cybersecurity threats. One of the highlights of the ISTR that I discussed during this conference is the increasing use by cybercriminals of social networks. Cybercriminals use these networks to find personal information or attack unsuspecting victims. This was the same message emphasized by the Australian police during a recent conference I attended in Malaysia. Cybercriminals are using social networks to post links that will infect a computer with a virus. They are also mining social networks for personal information that can be used to steal an identity.
Another issue heavily discussed this week was emerging mobile threats. Symantec identified 163 mobile vulnerabilities in 2010. This was a 42% increase in mobile threats identified from the previous year. Most of the attacks are based in malicious applications downloaded to smartphones from application stores. Norton is leading the fight to block mobile threats. In addition to developing mobile security products like Norton Everywhere, we are also sponsoring a telecommunications security group. This group is bringing together law enforcement and private industry to cooperate on finding a solution to these new mobile threats.
The final major topic of discussion this week was the increasing complexity of attacks. This past year saw the emergence of new and highly sophisticated attacks. The “Stuxnet” worm was the most reported example of an attack that took advantage of an engineering control system’s vulnerabilities. However, while Stuxnet received the most media attention, other targeted attacks occur frequently. These attacks don’t necessarily need to be sophisticated to be successful. A cybercriminal need only target a single unsecured person who has access to a larger system.
The Internet is an eco-system where we each play a role in safety. As threats increase in complexity and move across multiple devices it becomes even more critical for everyone to follow good security practices and stay safe.