If you haven’t already come across Symantec’s new Internet Security Threat Report (ISTR), ponder this — in 2009, the world’s largest security software maker blocked an average of 100 potential attacks per second. In the article, “Cybercrime’s Financial and Geographic Growth Shows No Slowdown during the Global Economic Crisis,” last year hackers were more active than ever. According to Stephen Trilling, senior VP of Symantec’s Security Technology and Response Division, the continuing growth of more sophisticated cyber threats has become an international problem that we can no longer afford to ignore.
“Attacks have evolved from simple scams to highly sophisticated espionage campaigns targeting some of the world’s largest corporations and government entities. The scale of these attacks and the fact that they originate from across the world, makes this a truly international problem requiring the cooperation of both the private sector and world governments.”
The report highlighted the year’s two biggest cyber attacks — Conficker and Hydraq — which continue to wreck havoc on enterprises across the globe well into 2010. The report also pointed out other trends that both the private and public sectors should be aware of, including:
- More targeted threats on corporate enterprises:
Given the potential for monetary gain from compromised corporate intellectual property, the report found that cybercriminals are using personal information on social networking sites to create socially engineered attacks on key individuals within targeted organizations. The tricky thing about defending an enterprise from targeted attacks is that these threats may never be on a blacklist because they are not widespread. This is where application whitelisting fits right in as it stops the execution of any unauthorized application from running in the system. - Malware toolkits:
Cybercrime toolkits such as the Zeus botnet are making it easier for hackers with varying skill sets to create customized malware to compromise computers and steal information. This is also playing a large part in the growing number of hackers who are creating millions of new malicious code variants in an effort to evade detection by antivirus security software. In order to better protect our networks from evolving malware writers, anti-malware defenses need to evolve, too. - Unabated web-based attacks:
Cybercriminals are using social engineering techniques to trick unsuspecting users to visit malicious websites. Once there, these websites attack the victim’s Web browser and vulnerable plug-ins that are normally used to view video or document files. Since organizations realistically can’t control what websites people go on or what they download, the key is to stop the payload, not the user. - Applying patches continues to be a challenge:
The report also found that maintaining a secure, patched system is becoming more challenging than ever. Moreover, many users are failing to patch old vulnerabilities despite having the fixes to do so. The sheer volume of new patches and the time and resources it takes to make security updates is making it nearly impossible to protect a network from every new malware variant out there. As I mentioned in previous posts, the key is to stop the payload in the first place, even if you can’t stop the vulnerability in time.