Targeted attacks set to blow up in 2011
Symantec says targeted attacks will spike this year, following 2010 where Stuxnet set a new precedent.


Businesses have been warned about more targeted attacks coming in 2011, as cyber criminals build on their successes from 2010.
Last year saw the likes of Stuxnet and Hydraq set a precedent for targeted attacks, using zero-day vulnerabilities to penetrate systems, a Symantec report noted.
This year will only see more of these attacks, where employees are targeted by spear phishing emails and cyber criminals go after specific kinds of corporate data, the security giant claimed.
Sian John, distinguished engineer at Symantec, said Stuxnet proved "there is no such thing as something that is not a target."
"For us it is a move towards looking at any file that comes on a system, don't assume that it's good," John told IT PRO.
"Let's look at building a reputation around it, let's look at what the file is actually doing But at the same time look at what you are actually doing on a system, so once you have installed a file, let me just check what that system is doing is it trying to bypass things, is it trying to open up backdoors?"
The report came following various targeted attacks on both the public and private sector this year.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
In particular, Advanced Persistent Threats (APTs) emerged as something the security industry and enterprises needed to look at seriously, John said.
The security arm of EMC, RSA, was recently hit by an APT, as data on the firm's token product SecurID went missing.
Symantec said the increasing prevalence of zero-day vulnerabilities and rootkits was partly responsible for the rise of targeted attacks.
In 2010, a total of 14 new zero-day flaws were discovered in a number of widely used applications, such as Adobe Flash Player and Internet Explorer.
Hackers will increasingly adopt rootkit exploits into targeted attacks too, Symantec said.
More generally, the security giant saw 286 million new threats appear last year, as well as a 93 per cent in rise in web attacks over 2009.
Making money from mobile malware
Meanwhile, mobile attacks will start bringing in profit for hackers in 2011, according to Symantec, as the level of threats rise.
Symantec spotted 163 vulnerabilities in mobile device operating systems in 2010, compared to 115 in 2009.
Up until now, however, attacks have mainly come through trojanised third-party applications, which have only dialled or texted premium rate numbers from the phone.
This is still not as profitable as stealing online banking credentials and carrying out credit card fraud, Symantec noted.
"As people start to do more financial transactions over mobiles, we expect to see more activity," John said.
"In the next year, mobile attacks will get more sophisticated."
Symantec said it expects to see more PC-like attacks hit smartphones - such as phishing - as cyber criminals decide to stick with tried and tested methods.
Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.
He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.
-
LaunchDarkly to "double down" on observability with Highlight acquisition
News Highlight's observability tools will be integrated into LaunchDarkly's Guarded Releases software deployment service
By Daniel Todd
-
Samsung Galaxy Tab S10 FE review
Reviews The Tab S10 FE retains the feel and core capabilities of Samsung's high-end S10 tablets, but compromises on the display and the performance
By Stuart Andrews
-
Dell sells RSA security business to private equity firm
News Cash deal worth £1.6bn expected to close within the next 9 months
By Jane McCallion
-
View from the Airport: RSA Conference 2017
Opinion Brace yourselves for the cyberpocalypse... or not
By Jane McCallion
-
Why complex security plans mar business-IT relationship
News Michael Dell talks security at first post-acquisition RSA Conference
By Jane McCallion
-
C-suite and IT must collaborate for safer businesses
News "Business-driven security" is the name of the game at RSA Conference 2017
By Jane McCallion
-
What to expect from RSA Conference 2017
Opinion This year's security landscape means there's more to discuss than ever
By Jane McCallion
-
RSA 2016: Weakened encryption compromises national security
News Terrorists will move to other platforms, while criminals will exploit the flaws, claim speakers
By Jane McCallion
-
Dell and Symantec reports paint worrying cyber security picture for the year ahead
News Cyber security fears abound if the latest research is anything to go by...
By Caroline Preece
-
ChewBacca malware steals data from retailers in 11 countries
News RSA researchers uncover global malware operation that relies on ChewBacca keystroke logger.
By Caroline Donnelly