View
4.344
Download
4
Category
Preview:
DESCRIPTION
Symantec's Internet Security Threat Report, Volume 16 reveals significant changes to the threat landscape in 2010, including an increase in volume and sophistication of threat activity. The report, which highlights key trends in cybercrime and the threat landscape from Jan.1, 2010 to Dec. 31, 2010, discloses that Symantec identified more than 286 million new threats last year. This increase can be attributed to the growing prevalence of targeted attacks on enterprises, the continuing use of social networking sites to compromise users, the rising threats impacting mobile devices and the ongoing use of attack toolkits, which are increasingly exploiting vulnerabilities in Java.
Citation preview
Symantec Internet Security Threat Report (ISTR), Volume 16 1
Internet Security Threat Report (ISTR) 16Highlights and Recommended Defenses
April 2011
Symantec Internet Security Threat Report (ISTR), Volume 16 2
Threat Landscape
Threat Landscape
2010 Trends
Symantec Internet Security Threat Report (ISTR), Volume 16 3
Social Networking + Social Engineering = Security Nightmare
Mobile Threats increase
Targeted Attacks continue to evolve
Whether targeting a CEO or the family next door, the Internet and social networks provide cybercriminals rich research for tailoring an attack. By sneaking in among our friends, hackers can learn our interests, gain our trust, and convincingly masquerade as friends. A well-executed, socially engineered attack has become almost impossible to spot.
More people than ever are using smartphones and tablets, and cybercriminals are taking notice. Because most malicious code now is designed to generate revenue, there are likely to be more threats created for these devices as people increasingly use them for sensitive transactions such as online shopping and banking.
Targeted attacks, while not new, gained notoriety from high-profile attacks against major organizations (Hydraq) and significant targets (Stuxnet). These attacks raised awareness of Advanced Persistent Threats (APTs) .
Threat Landscape
2010 Trends
Symantec Internet Security Threat Report (ISTR), Volume 16 4
Hide and Seek zero-day vulnerabilities and rootkits
Attack Kits get a caffeine boost
While targeted attacks are focused on compromising specific organizations or individuals, attack toolkits are the opposite side of the coin, using broadcast blanket attacks that attempt to exploit anyone unfortunate enough to visit a compromised website. Innovations from targeted attacks will make their way into massive attacks, most likely via toolkits.
The primary goal of malicious code that employs rootkit techniques is to evade detection. This allows the threat to remain running on a compromised computer longer and, as a result, increases the potential harm it can do. Targeted attacks depend on their ability to get inside an organization and stay hidden in plain sight. Zero-day vulnerabilities and rootkits have made this possible.
Threat Landscape
Social networking + social engineering = security nightmare
Symantec Internet Security Threat Report (ISTR), Volume 16 5
• Hackers have adopted social networking sites to:
– Use profile information to create targeted social engineering attacks
– Impersonate friends to launch attacks
– Leverage news feeds to spread spam, scams and massive attacks
Detailed review of Social Media threats available in The Risks of Social Networking
More Info:
Threat Landscape
Social networking + social engineering = security nightmare
Symantec Internet Security Threat Report (ISTR), Volume 16 6
• Shortened URLs can hide malicious links, increasinginfections
• 73% of the shortened URLs observed on social networks (that led to malicious websites) were clicked 11 times or more
Threat Landscape
Mobile threats
• Currently most malicious code for mobile devices consists of Trojans that pose as legitimate applications
• Will be increasingly targeted as they are used for financial transactions
Symantec Internet Security Threat Report (ISTR), Volume 16 7
163 vulnerabilities
2010
115 vulnerabilities
2009
Threat Landscape
Targeted attacks continue to evolve
Symantec Internet Security Threat Report (ISTR), Volume 16 8
• High-profile targeted attacks in 2010 raised awareness of Advanced Persistent Threats (APTs)
Stuxnet signaled a leap in the sophistication of these types of attacks:
– Four zero-day vulnerabilities (vulnerabilities that werepreviously unknown)
– Stolen digital signatures helped mask it from security systems
– Ability to leap the “air gap” (Used USB keys to spreadStuxnet to computers not connected to a network)
– Potential damage to infrastructure including power grids, water supplies and nuclear power plants Detailed review in the:
W32.Stuxnet Dossier& W32.Stuxnet
More Info:
Threat Landscape
Targeted attacks continue to evolve
Symantec Internet Security Threat Report (ISTR), Volume 16 9
• Less sophisticated attacks also cause significant damage
• Average cost to resolve a data breach in 2010: $7.2 mm USD
Average Number of Identities Exposed per Data Breach by Cause
Threat Landscape
Attack kits get a caffeine boost with Java
Symantec Internet Security Threat Report (ISTR), Volume 16 10
Def: Bundles of malicious code tools used to facilitate the launch of concerted and widespread attackson networked computers
• Attack kits continue to see widespread use
• Java exploits added to many existing kits
• Kits exclusively exploiting Java vulnerabilities appeared for the first time
More Info:
Detailed information available in ISTR Mid-Term: Attack Toolkits and Malicious Websites
Threat Landscape
Hide and seek (zero-day vulnerabilities and attack rootkits)
• A rootkit is a collection of tools that allow an attacker to hide traces of a computer compromise from the operating system and also the user
• Zero-days are being used in a more aggressive way and featured heavily in Hydraq/Stuxnet
• Attack toolkits help to spread knowledge of exploits that leverage vulnerabilities
Symantec Internet Security Threat Report (ISTR), Volume 16 11
Number of documented ‘zero-day’ vulnerabilities
Symantec Internet Security Threat Report (ISTR), Volume 16 12
ISTR 16: Key Facts and Figures
Symantec™ Global Intelligence NetworkIdentifies more threats, takes action faster & prevents impact
Information ProtectionPreemptive Security Alerts Threat Triggered Actions
Global Scope and ScaleWorldwide Coverage 24x7 Event Logging
Rapid Detection
Attack Activity• 240,000 sensors
• 200+ countries
Malware Intelligence• 133M client, server,
gateways monitored
• Global coverage
Vulnerabilities• 40,000+ vulnerabilities
• 14,000 vendors
• 105,000 technologies
Spam/Phishing• 5M decoy accounts
• 8B+ email messages/day
• 1B+ web requests/day
Austin, TXMountain View, CA
Culver City, CA
San Francisco, CA
Taipei, Taiwan
Tokyo, Japan
Dublin, IrelandCalgary, Alberta
Chengdu, China
Chennai, India
Pune, India
13Symantec Internet Security Threat Report (ISTR), Volume 16
Key Facts and Figures
Symantec Internet Security Threat Report (ISTR), Volume 16 14
Malicious code, which is any programming code capable of causing harm to legitimate code or data, or that can compromise confidentiality in a computing system…
…takes advantage of vulnerabilities in operating systems, programs, applications, etc….
…which can lead to your computer, laptop, mobile phone, or other Internet-connected device being infected with threats like viruses, worms, or Trojans…
…It may also lead to ID theft and other forms of fraud.
Malicious Code Trends
Threats to confidential information
• 64% of potential infections by the top 50 malicious code samples were threats to confidential information
Symantec Internet Security Threat Report (ISTR), Volume 16 15
Vulnerability Trends
Web Browser Plug-In Vulnerabilities
Symantec Internet Security Threat Report (ISTR), Volume 16 16
• Number of Flash and Reader vulnerabilities continued to grow
Threat Activity Trends
Malicious Activity by Country
Symantec Internet Security Threat Report (ISTR), Volume 16 17
Threat Activity Trends
Data Breaches by Sector
• The average cost to resolve a data breach in 2010 was $7.2 million USD
• 85% of identities exposed were customers
Symantec Internet Security Threat Report (ISTR), Volume 16 18
Average Number of Identities Exposed per Data Breach by Sector
Average Number of Identities Exposed per Data Breach by Cause
Threat Activity Trends
Web-based Attacks
• 93% increase in Web-based attacks from 2009 to 2010
• Spikes related to specific activities (release of new attack kits, current events, etc.)
Symantec Internet Security Threat Report (ISTR), Volume 16 19
Fraud Activity Trends
Phishing categoriesDef: “Phishing” is a derivative of “fishing” and alludes to the use of “bait” to “catch” personally identifiable information
• 56% of phishing attacks imitated banks
• Many email-based fraud attempts referred to major sporting, news and pop-culture events in 2010
Symantec Internet Security Threat Report (ISTR), Volume 16 20
Fraud Activity Trends
Underground economy servers
• Credit cards and bank account credentials continue to be the top two advertised items on the black market
• Bulk rates for credit cards range from 10 cards for $17 to 1000 cards for $300
Symantec Internet Security Threat Report (ISTR), Volume 16 21
Symantec Internet Security Threat Report (ISTR), Volume 16 22
Consumer and Enterprise Best Practices For protection defending against latest threats
Consumer Best Practices
• Use a modern Internet security solution for maximum protection against online threats that includes:
• Antivirus protection
• Intrusion prevention to protect against Web-attack toolkits, unpatched vulnerabilities, and socially engineered attacks
• Browser protection to protect against Web-based attacks
• Reputation-based tools that check the reputation and trust of a file before downloading
• Behavioral prevention that keeps malicious threats from executing even if they get onto your computer
• URL reputation and safety ratings for websites found through online searches
Protect yourself
• Keep virus definitions and security content updated at least daily - if not hourly – to protect your computer against the latest viruses and malicious software (“malware”)
Keep up-to-date
• Ensure that passwords are a mix of letters and numbers, and change them often. Passwords should not consist of words from the dictionary, since these are easier for cybercriminals to hack
• Do not use the same password for multiple applications or websites
• Use complex passwords (upper/lowercase, punctuation and symbols) or passphrases. (e.g., “I want to go to Paris for my birthday” becomes, “I1t2g2P4mb”
Use an effective password policy
Symantec Internet Security Threat Report (ISTR), Volume 16 23
Consumer Best Practices
• “Free,” “cracked,” or “pirated” versions of software can contain malware or social engineering attacks
• Read end-user license agreements (EULAs) carefully and understand all terms before agreeing to them. Some security risks can be installed because of that acceptance
Know what you are doing
• Limit the amount of personal information you make publicly available on the Internet (including and especially social networks) as it may be harvested by cybercriminals and used in targeted attacks, phishing scams, or other malicious activities
• Never disclose any confidential personal or financial information unless and until you can confirm that any request for such information is legitimate
• Avoid banking or shopping online from public computers (such as libraries, Internet cafes, etc.) or from unencrypted Wi-Fi connections
Guard your personal data
• Never view, open, or execute any email attachment or click on a URL, unless you expect it and trust the sender.; even if it’s coming from trusted users, be suspicious
• Do not click on shortened URLs without expanding them first using “preview” tools
• Do not click on links in social media applications with catchy titles or phrases; you may end up “liking it” and sending it to all of your friends – just by clicking anywhere on the page
• Be suspicious of warnings that pop-up asking you to install media players, document viewers and security updates; only download software directly from the vendor’s website
Think before you click
Symantec Internet Security Threat Report (ISTR), Volume 16 24
Enterprise Defenses Against Social Engineering
Symantec Internet Security Threat Report (ISTR), Volume 16 25
• Scan all potentially malicious downloads regardless of how the download is initiated
• Prevent users from being redirected to malicious Websites
Web Gateway Security
• Discover concentrations of confidential information downloaded to an employee’s PC
Data Loss Prevention
• Monitor and protect critical systems from exploitation
• Protect against misleading applications like fake antivirus
• Prevent drive-by download web attacks
Network and Host Based Intrusion Prevention
• Protect against unauthorized access to confidential data beyond just username and password
Strong Authentication
• Ensure employees become the first line of defense
Security Awareness Training
Defenses Against Mobile Threats
•Remotely wipe devices in case of theft or loss
•Update devices with applications as needed without physical access
•Get visibility and control of devices, users and applications
Device Management
• Guard mobile device against malware and spam
• Prevent the device from becoming a vulnerability
Device Security
• Identify confidential data on mobile devices
• Encrypt mobile devices to prevent lost devices from turning into lost confidential data
Content Security
• Strong authentication and authorization for access to enterprise applications and resources
• Allow access to right resources from right devices with right postures
Identity and Access
Symantec Internet Security Threat Report (ISTR), Volume 16 26
Enterprise Defenses Against Targeted Attacks
• Detect and block new and unknown threats based on reputation and ranking
Advanced Reputation Security
• Implement host lock-down as a means of hardening against malware infiltration
Host Intrusion Prevention
• Restrict removable devices and functions to prevent malware infection
Removable Media Device Control
• Scan for infected files and block accordingly
Email & Web Gateway Filtering
• Discover data spills of confidential information that are targeted by attackers
Data Loss Prevention
• Create and enforce security policy so all confidential information is encrypted
Encryption
• Monitor for network intrusions, propagation attempts and other suspicious traffic patterns
Network Threat and Vulnerability Monitoring
Symantec Internet Security Threat Report (ISTR), Volume 16 27
Defenses Against Attack Toolkits
• Detect and block new and unknown threats based on reputation and ranking
Advanced Reputation Security
• Monitor and analyze specific transaction types for known scams and evolving threats
Fraud Detection Services
• Identify what and where your high value assets are
• Ensure latest patches are deployed and up-to-date across all platforms and applications
Asset and Patch Management
• Monitor for network intrusions, propagation attempts & suspicious traffic patterns
• Receive alerts for new vulnerabilities and threats across vendor platforms
Threat and Vulnerability Management
• Monitor and protect critical systems from being exploited
Host Intrusion Detection and Prevention
Symantec Internet Security Threat Report (ISTR), Volume 16 28
Enterprise Defenses Against Hide and Seek
• Detect and block new and unknown threats based on reputation and ranking
Advanced Reputation Security
• Detect and correlate suspicious patterns of behavior
Security Incident and Event Management
• Monitor environment for excessive log-ins or privileged escalation
Network Threat and Vulnerability Monitoring
• Ensure network devices, OS, databases and web applications systems are properly configured
• Determine whether or not a vulnerability is truly exploitable
Vulnerability Assessment
• Implement host lock-down as a means of hardening against malware infiltration
Host Intrusion Prevention
Symantec Internet Security Threat Report (ISTR), Volume 16 29
Stay Informed: Additional Resources
Symantec Internet Security Threat Report (ISTR), Volume 16 30
Build Your Own ISTR
go.symantec.com/istr
Daily measure of cybercrime risks
nortoncybercrimeindex.com
Follow Us:
Twitter.com/threatintel
Twitter.com/nortononline
Thank you!
Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Thank you!
Symantec Internet Security Threat Report (ISTR), Volume 16 31
For more information, please visit:
go.symantec.com/istr
Recommended