Job offers:
 

> Post a job: <
Rates: $100 - One job posting - displayed for one month

 
VideoGAMESCanada.ca:
 


 
HEADINGS:
> News
> Gadgets
> Technology TIPS, useful stuff
> Research / Studies
NEWSLETTER:
Email:

LATEST ISSUES:
 


 
OUR SITES:
   
XML/RSS:
  RSS All ITnewsLink
RSS News
RSS Case studies
RSS Techno Cool
RSS Technology TIPS, usefull stuff

  
News

Symantec Report Finds Cyber Threats Skyrocket in Volume and Sophistication

Symantec Corp. (NASDAQ: SYMC) unveiled the findings of its Internet Security Threat Report, Volume 16, which shows a massive threat volume of more than 286 million new threats last year, accompanied by several new megatrends in the threat landscape. The report highlights dramatic increases in both the frequency and sophistication of targeted attacks on enterprises; the continued growth of social networking sites as an attack distribution platform; and a change in attackers’ infection tactics, increasingly targeting vulnerabilities in Java to break into traditional computer systems. In addition, the report explores how attackers are exhibiting a notable shift in focus toward mobile devices.

2010: The Year of the Targeted Attack
Targeted attacks such as Hydraq and Stuxnet posed a growing threat to enterprises in 2010. To increase the likelihood of successful, undetected infiltration into the enterprise, an increasing number of these targeted attacks leveraged zero-day vulnerabilities to break into computer systems. As one example, Stuxnet alone exploited four different zero-day vulnerabilities to attack its targets.

In 2010, attackers launched targeted attacks against a diverse collection of publicly traded, multinational corporations and government agencies, as well as a surprising number of smaller companies. In many cases, the attackers researched key victims within each corporation and then used tailored social engineering attacks to gain entry into the victims’ networks. Due to their targeted nature, many of these attacks succeeded even when victim organizations had basic security measures in place.

While the high-profile targeted attacks of 2010 attempted to steal intellectual property or cause physical damage, many targeted attacks preyed on individuals for their personal information. For example, the report found that data breaches caused by hacking resulted in an average of more than 260,000 identities exposed per breach in 2010, nearly quadruple that of any other cause.

Social Networks: A Fertile Ground for Cybercriminals
Social network platforms continue to grow in popularity and this popularity has not surprisingly attracted a large volume of malware. One of the primary attack techniques used on social networking sites involved the use of shortened URLs. Under typical, legitimate, circumstances, these abbreviated URLs are used to efficiently share a link in an email or on a web page to an otherwise complicated web address. Last year, attackers posted millions of these shortened links on social networking sites to trick victims into both phishing and malware attacks, dramatically increasing the rate of successful infection.

The report found that attackers overwhelmingly leveraged the news-feed capabilities provided by popular social networking sites to mass-distribute attacks. In a typical scenario, the attacker logs into a compromised social networking account and posts a shortened link to a malicious website in the victim’s status area. The social networking site then automatically distributes the link to news feeds of the victim’s friends, spreading the link to potentially hundreds or thousands of victims in minutes. In 2010, 65 percent of malicious links in news feeds observed by Symantec used shortened URLs. Of these, 73 percent were clicked 11 times or more, with 33 percent receiving between 11 and 50 clicks.

Attack Toolkits Focus on Java
In 2010, attack toolkits, software programs that can be used by novices and experts alike to facilitate the launch of widespread attacks on networked computers, continued to see widespread use. These kits increasingly target vulnerabilities in the popular Java system, which accounted for 17 percent of all vulnerabilities affecting browser plug-ins in 2010. As a popular cross-browser, multi-platform technology, Java is an appealing target for attackers.

The Phoenix toolkit was responsible for the most Web-based attack activity in 2010. This kit, as well as many others, incorporates exploits against Java vulnerabilities. The sixth highest ranked Web-based attack during the reporting period was also an attempt to exploit Java technologies.

The number of measured Web-based attacks per day increased by 93 percent in 2010 compared to 2009. Since two-thirds of all Web-based threat activity observed by Symantec is directly attributed to attack kits, these kits are likely responsible for a large part of this increase.

Mobile Threat Landscape Comes Into View
The major mobile platforms are finally becoming ubiquitous enough to garner the attention of attackers, and as such, Symantec expects attacks on these platforms to increase. In 2010, most malware attacks against mobile devices took the form of Trojan Horse programs that pose as legitimate applications. While attackers generated some of this malware from scratch, in many cases, they infected users by inserting malicious logic into existing legitimate applications. The attacker then distributed these tainted applications via public app stores. For example, the authors of the recent Pjapps Trojan employed this approach.

While the new security architectures employed in today’s mobile devices are at least as effective as their desktop and server predecessors, attackers can often bypass these protections by attacking inherent vulnerabilities in the mobile platforms’ implementations. Unfortunately, such flaws are relatively commonplace — Symantec documented 163 vulnerabilities during 2010 that could be used by attackers to gain partial or complete control over devices running popular mobile platforms. In the first few months of 2011 attackers have already leveraged these flaws to infect hundreds of thousands of unique devices. According to findings from Mocana, it is no surprise that 47% of organizations do not believe they can adequately manage the risks introduced by mobile devices. And, that more than 45% of organizations say security concerns are one of the biggest obstacles to rolling out more smart devices.

Threat Landscape Key Facts and Figures:

  • 286 million new threats — Polymorphism and new delivery mechanisms such as Web attack toolkits continued to drive up the number of distinct malware programs. In 2010, Symantec encountered more than 286 million unique malicious programs.

  • 93 percent increase in Web-based attacks — Web attack toolkits drove the 93 percent increase in the volume of Web-based attacks in 2010. The use of shortened URLs also impacted this increase.

  • 260,000 identities exposed per breach — This is the average number of identities exposed per breach in data breaches caused by hacking during 2010.

  • 14 new zero-day vulnerabilities — Zero-day vulnerabilities played a key role in targeted attacks including Hydraq and Stuxnet. Stuxnet alone used four different zero-day vulnerabilities.

  • 6,253 new vulnerabilities — Symantec documented more vulnerabilities in 2010 than in any previous reporting period.

  • 42 percent more mobile vulnerabilities — In a sign that cybercriminals are starting to focus their efforts on the mobile space, the number of reported new mobile operating system vulnerabilities increased, from 115 in 2009 to 163 in 2010.

  • One botnet with more than a million spambots — Rustock, the largest botnet observed in 2010, had more than one million bots under its control at one point during the year. Other botnets such as Grum and Cutwail followed with many hundreds of thousands of bots each.

  • 74 percent of spam related to pharmaceuticals — Nearly three quarters of all spam in 2010 was related to pharmaceutical products—a great deal of which was related to pharmaceutical websites and related brands.

  • $15 per 10,000 bots — Symantec observed an advertisement that listed the price for 10,000 bot-infected computers as $15 on an underground forum in 2010. Bots are typically used for spam or rogueware campaigns, but are increasingly also used for DDoS attacks.

  • $0.07 to $100 per credit card — The price for credit card data on underground forums ranged widely in 2010. Factors dictating prices include the rarity of the card and discounts offered for bulk purchases.

Source : Symantec

 [June 30, 2011]


Send this IT news to a friend
Recipient :
(enter the e-mail address of the recipient)

From 
(enter your name)

(enter your e-mail address)

  

Other IT news about Symantec

  • Symantec Solutions Achieve Rigorous Foreign Government Certifications (April 3, 2013)
  • Symantec provides broad security and compliance portfolio integration with the VMware Cloud infrastructure suite (March 1, 2012)
  • Norton One to deliver comprehensive security with personalized service (February 20, 2012)
  • Symantec releases new research revealing psychology behind intellectual property theft by corporate insiders (December 9, 2011)
  • Symantec Announces November 2011 Symantec Intelligence Report (December 6, 2011)
  • Symantec: Major cyber security trends from 2011 and 2012 Storage and Backup trends (December 2, 2011)
  • Norton Online Family Report Identifies Issues of "Cyberbaiting" and Overspending (November 18, 2011)
  • Norton Mobile Security update includes new “Scream” feature and web-based antitheft capabilities (November 8, 2011)
  • 24x7 Help Desk Service Offers Multi-Platform and Multi-Device Support for Technology Challenges Faced by Consumers and Small Offices (October 27, 2011)
  • DLT Solutions Demonstrates Expertise through its Achievement of all Available Symantec Specializations (October 24, 2011)
  • New Symantec DeepSight Reputation DataFeeds Identify Attack Actors, Malicious Activity Sources in Real-Time (October 13, 2011)
  • Symantec Threat Researchers Profile Top 7 Android Monetization Schemes (October 13, 2011)
  • Symantec Introduces Intelligent Authentication to Combat Evolving Threats (October 12, 2011)
  • Huawei Symantec Moves Into Canada With NetStor Technology Group (NTG) (September 20, 2011)
  • Cybercrime Cost Canadians $840 million Last Year (September 7, 2011)
  • Norton Launches 2012 Products, Extends “Norton Everywhere” Initiative (September 7, 2011)
  • Norton Gives “Likejacking” Scams the Thumbs-Down (September 2, 2011)
  • Norton’s Back-to-School Checklist for Online Safety (August 23, 2011)
  • Norton Mobile Security Lite Available for Free Download in Android Market (August 12, 2011)
  • Norton Safe Web for Facebook Application Passes the Million User Mark (July 13, 2011)
  • Symantec Announces June 2011 Symantec Intelligence Report (June 29, 2011)
  • Symantec to Acquire Clearwell Systems (May 20, 2011)
  • Symantec Releases April 2011 MessageLabs Intelligence Report (April 26, 2011)
  • Norton Internet Security and Norton AntiVirus 2012 Public Betas Now Available (April 18, 2011)
  • Symantec System Recovery Delivers Flexible Recovery of Physical and Virtual Systems (April 5, 2011)
  • Symantec NetBackup Adds Intelligent Policy Technology to Automatically Discover and Protect Virtual Machines (March 16, 2011)
  • NTT DOCOMO and Symantec to Introduce New Managed Service to Help Customers Protect Data on Lost or Stolen Laptops (February 11, 2011)
  • Norton Survey Reveals One in Three Experience Cell Phone Loss, Theft (February 10, 2011)
  • Symantec Announces January 2011 MessageLabs Intelligence Report: (January 26, 2011)
  • Symantec Delivers Industry First Appliance With Backup, Deduplication and Storage Capabilities (January 18, 2011)
  • Study Finds Antiquated IT Safeguards and Access Policies Leave Employees Frustrated and Enterprises Vulnerable (January 13, 2011)
  • Symantec Delivers Norton Internet Security to Small Businesses on HP PCs Worldwide (January 4, 2011)
  • Norton Study Reveals ’Over-Sharing’ of Holiday Cheer Puts Consumers at Risk (December 17, 2010)
  • Botnets prove resilient another year on; Email-borne malware increases one hundred fold, according to Symantec (December 9, 2010)
  • Symantec Announces October 2010 MessageLabs Intelligence Report (October 27, 2010)
  • Norton 360 Version 5.0 Beta Now Available for Download and Testing (October 13, 2010)
  • The Silent Epidemic: Cybercrime Strikes More Than Two-Thirds of Internet Users (September 9, 2010)
  • Symantec Solutions Give Customers the Confidence to Virtualize Their Business-Critical Applications (September 1, 2010)
  • Symantec Completes Acquisition of VeriSign’s Security Business (August 10, 2010)
  • Survey Finds Infinite Data Retention Leading to Costly Information Management Mistakes (August 4, 2010)
  • One in Three Top-Trending Search Topics Return Malicious Results, Finds Norton Study (July 29, 2010)
  • Symantec Tool Challenges Small Businesses to Assess their Exposure to Information Risk (July 22, 2010)
  • ’Twilight’ Fever Brings Cybercriminals Out of the Woodwork (July 1, 2010)
  • Symantec Announces June 2010 MessageLabs Intelligence Report (June 23, 2010)
  • Symantec Survey Reveals Information Protection Is the Highest IT Priority for SMBs (June 21, 2010)
  • Symantec Completes Acquisition of PGP and GuardianEdge (June 8, 2010)
  • ’Norton Everywhere’ Initiative Takes Consumer Business Beyond the PC and Security (May 28, 2010)
  • Symantec to Offer Broadest Data Protection Capabilities With Acquisition of PGP Corporation and GuardianEdge (April 30, 2010)
  • Symantec Announces April 2010 MessageLabs Intelligence Report (April 28, 2010)
  • Cybercrime’s Financial and Geographic Growth Shows No Slowdown during the Global Economic Crisis (April 20, 2010)
  • The Norton Top 10 Riskiest Online Cities Report Reveals Who in Canada is Most Vulnerable to Cybercrime (March 23, 2010)
  • Symantec Unveils February 2010 MessageLabs Intelligence Report (March 2, 2010)
  • Symantec 2010 State of Enterprise Security Study Shows Frequent, Effective Attacks on Worldwide Business (February 22, 2010)
  • Symantec Unveils January 2010 MessageLabs Intelligence Report (January 25, 2010)
  • Symantec Report: November State of Spam and Phishing Report (November 13, 2009)
  • Symantec Simplifies Backup and Recovery to Help Small Businesses Protect Against Downtime (November 4, 2009)
  • Symantec Report: October State of Spam and Phishing Report (October 28, 2009)
  • Cybercriminals Use Fear and Anxiety to Convince Users to Buy Rogue Security Software (October 19, 2009)
  • Symantec Platform Helps Customers Build and Manage Cloud Storage Infrastructure (October 6, 2009)
  • Symantec Announces September and Q3 2009 MessageLabs Intelligence Report (September 30, 2009)
  • Symantec Launches Norton 2010 Products, Introducing New Detection Technologies in the Fight against Cyber Crime (September 10, 2009)
  • Symantec VoR: Trojan.Peskyspy Recording Skype VoIP Conversations (August 28, 2009)
  • Symantec Identifies “Dirtiest Web Sites of Summer 2009” (August 20, 2009)
  • Symantec VoR: A botnet using Twitter as a command and control structure (aka Downloader.Sninfs) (August 16, 2009)
  • Symantec Protection Suite Delivers Streaming Defense Against Web 2.0 Threats (August 4, 2009)
  • Symantec Awarded $18.6 Million in Judgments Resulting From Two Anti-Piracy Cases (July 13, 2009)
  • Symantec Raises the Bar for Next Generation Information Management (July 9, 2009)
  • Symantec Unveils New Model of Consumer Protection Codenamed "Quorum" (July 6, 2009)
  • Symantec Managed Endpoint Protection Services Deliver Enhanced Security Against Emerging Threats (June 24, 2009)
  • Symantec Launches MessageLabs Instant Messaging Security Service (June 17, 2009)
  • Symantec to Offer Online Backup on HP Consumer Desktop and Notebook PCs (June 15, 2009)
  • Symantec Survey Reveals Canadian SMBs Are Not Implementing Basic Security Practices (May 8, 2009)
  • Symantec Managed Backup Services Provide Comprehensive Management of Backup and Recovery Operations (May 1, 2009)
  • Symantec Announces April 2009 MessageLabs Intelligence Report (April 29, 2009)
  • Symantec Launches OnlineFamily.Norton Service for Free Through 2009 (April 27, 2009)
  • Symantec Internet Security Threat Report Finds Malicious Activity Continues to Grow at a Record Pace (April 16, 2009)
  • IT Embracing Managed Security to Meet Security Challenges (March 25, 2009)
  • Symantec Delivers New Generation of Client and Server Management (March 11, 2009)
  • Norton 360 Now Speeds PC Performance and Extends Online Protection With Norton Safe Web (March 5, 2009)
  • Symantec Previews Web-Based Remote Support Innovation at DEMO 2009 (March 3, 2009)
  • More Than Half of Ex-Employees Admit to Stealing Company Data According to New Study (February 24, 2009)
  • Symantec Launches Beta Service That Connects Parents to Their Kids’ Online Lives (February 19, 2009)
  • Symantec Transforms Workspace Management With Endpoint Virtualization (February 18, 2009)
  • Symantec Presents January 2009 MessageLabs Intelligence Report (January 28, 2009)
  • Symantec Incubates Next Generation Cloud and Web 2.0 Computing Concepts (January 26, 2009)
  • Symantec Announces Availability of Enterprise Vault 8.0 and Its 10-Year Anniversary (January 20, 2009)
  • Symantec’s 2008 State of the Data Center Report Reveals Managers Pressured to "Do More with Less" (January 13, 2009)
  • Symantec Releases Public Beta of Norton 360 Version 3.0 (December 31, 2008)
  • Symantec Announces New Norton Internet Security for Mac (December 19, 2008)
  • Symantec Awarded $12 Million Judgment in Counterfeit Software Case (December 18, 2008)
  • Symantec Unveils Comprehensive Storage Solution to Help Customers Stop Buying Storage (December 16, 2008)
  • Symantec Delivers High Availability and Disaster Recovery Solutions for VMware Environments (December 10, 2008)
  • Symantec Reveals Small to Medium Business Data Protection Practices Not on Pace With Data Growth (December 1, 2008)
  • Symantec Provides Protection With Norton 360 on Gateway and eMachines PC Brands (November 26, 2008)
  • Symantec Launches Norton AntiVirus 2009 Gaming Edition (November 26, 2008)
  • New Symantec Report Reveals Booming Underground Economy (November 24, 2008)
  • Symantec Completes Acquisition of MessageLabs (November 17, 2008)
  • Symantec Demonstrates Market Leadership in Storage Software (October 28, 2008)
  • 3PAR and Symantec Team to Develop Non-Disruptive, Automated Space Reclamation Technologies (October 17, 2008)
  • Symantec Enhances Interoperability Through the Open Collaborative Architecture (October 15, 2008)
  • Symantec and Dell to Deliver Simple, All-in-One Data Protection Solution (October 10, 2008)
  • Symantec Brightmail Gateway 8.0 Adapts to Environment and Starves Spam Connections (October 10, 2008)
  • Symantec to Extend Online Services With Acquisition of MessageLabs (October 9, 2008)
  • Symantec Protection Network Continues Momentum With Beta Launch of Online Remote Access (September 18, 2008)
  • Symantec Delivers Innovative Data and System Protection for Virtual Machines and Windows Server 2008 Environments (September 17, 2008)
  • Symantec Launches Fastest Security Products in the World (September 10, 2008)
  • Virtualization Driving Organizations to Reevaluate Disaster Recovery Plans (August 28, 2008)
  • Symantec Releases Public Betas of Norton Internet Security 2009, Norton AntiVirus 2009 (July 17, 2008)
  • Symantec Defines the Next Generation of Endpoint Management (June 25, 2008)
  • Symantec Redefines Next Generation Data Protection (June 11, 2008)
  • Symantec Offers Complete, Integrated Virtualization Solution to Enable the Dynamic Data Center (June 11, 2008)
  • Voltage Launches eDiscovery Archive Connector for Symantec Enterprise Vault (June 10, 2008)
  • Symantec Expands Product Certification Program (June 3, 2008)
  • Symantec Awarded Funding From European Commission for Third Long-Term Research Project (April 8, 2008)
  • Symantec Announces New Versions of Veritas Storage Foundation and High Availability Solutions for Windows (March 18, 2008)
  • Symantec Releases New Altiris Workflow Solution (March 17, 2008)
  • Symantec Delivers Endpoint Encryption Offering to Help Protect Sensitive Information (March 3, 2008)
  • Symantec Launches Two Software as a Service Offerings (February 21, 2008)
  • Symantec Helps ING Investment Management Meet E-Discovery Requirements (February 7, 2008)
  • Symantec Goes Virtual With Messaging Defense (February 5, 2008)
  • Symantec Research Debunks Common Myths That Contribute to IT Failures (January 31, 2008)
  • Symantec Names Enrique T. Salem Chief Operating Officer (January 10, 2008)
  • Symantec Awarded $21 Million in Judgments Against Counterfeit Software Piracy Rings (December 18, 2007)
  • Symantec Announces New Mac OS X Leopard-Compatible Norton AntiVirus (December 12, 2007)
  • Symantec Completes Acquisition of Vontu (December 4, 2007)
  • Symantec Releases the Latest Versions of Its Leading PC TuneUp Solution Norton SystemWorks (November 19, 2007)
  • Symantec Announces Comprehensive Solution for the Healthcare Industry (November 13, 2007)
  • Symantec Managed Threat Analysis Offers Customized Assessment of Targeted Malware Attacks (November 1, 2007)
  • Symantec Extends Complete Windows Protection to Altiris Environments (October 18, 2007)
  • Symantec Managed Security Services Delivers Increased Protection Against Bot Networks (October 4, 2007)
  • New Symantec Endpoint Security Solution Now Available (September 28, 2007)
  • iKeepSafe and Symantec Bring Internet Safety to Winston-Salem Children at Boys & Girls Club (September 20, 2007)
  • Symantec Launches Norton Internet Security 2008, Norton AntiVirus 2008 (August 30, 2007)
  • Symantec Announces Availability of Veritas NetBackup 6.5 (August 15, 2007)
  • Symantec Protects Critical Data and Systems to Support LifeGift’s Operations in Times of Disaster (August 3, 2007)
  • Symantec Unveils Next Generation Storage Resource Management with Veritas CommandCentral 5.0 (August 3, 2007)
  • Symantec Secures Web-Based Access to Corporate E-mail (July 20, 2007)
  • Symantec Selected as Sole Supplier of Innovative Network Security Solution and Services for International Military Demonstration (July 3, 2007)
    		•   

    Website based on SPIP, an Open Source program under GNU/GPL licence
    GADGETS: