Businesses have been warned about more targeted attacks coming in 2011, as cyber criminals build on their successes from 2010.
Last year saw the likes of Stuxnet and Hydraq set a precedent for targeted attacks, using zero-day vulnerabilities to penetrate systems, a Symantec report noted.
This year will only see more of these attacks, where employees are targeted by spear phishing emails and cyber criminals go after specific kinds of corporate data, the security giant claimed.
Sian John, distinguished engineer at Symantec, said Stuxnet proved "there is no such thing as something that is not a target."
"For us it is a move towards looking at any file that comes on a system, don't assume that it's good," John told IT PRO.
"Let's look at building a reputation around it, let's look at what the file is actually doing But at the same time look at what you are actually doing on a system, so once you have installed a file, let me just check what that system is doing is it trying to bypass things, is it trying to open up backdoors?"
The report came following various targeted attacks on both the public and private sector this year.
In particular, Advanced Persistent Threats (APTs) emerged as something the security industry and enterprises needed to look at seriously, John said.
The security arm of EMC, RSA, was recently hit by an APT, as data on the firm's token product SecurID went missing.
Symantec said the increasing prevalence of zero-day vulnerabilities and rootkits was partly responsible for the rise of targeted attacks.
In 2010, a total of 14 new zero-day flaws were discovered in a number of widely used applications, such as Adobe Flash Player and Internet Explorer.
Hackers will increasingly adopt rootkit exploits into targeted attacks too, Symantec said.
More generally, the security giant saw 286 million new threats appear last year, as well as a 93 per cent in rise in web attacks over 2009.
Making money from mobile malware
Meanwhile, mobile attacks will start bringing in profit for hackers in 2011, according to Symantec, as the level of threats rise.
Symantec spotted 163 vulnerabilities in mobile device operating systems in 2010, compared to 115 in 2009.
Up until now, however, attacks have mainly come through trojanised third-party applications, which have only dialled or texted premium rate numbers from the phone.
This is still not as profitable as stealing online banking credentials and carrying out credit card fraud, Symantec noted.
"As people start to do more financial transactions over mobiles, we expect to see more activity," John said.
"In the next year, mobile attacks will get more sophisticated."
Symantec said it expects to see more PC-like attacks hit smartphones - such as phishing - as cyber criminals decide to stick with tried and tested methods.
-
LaunchDarkly to "double down" on observability with Highlight acquisitionNews Highlight's observability tools will be integrated into LaunchDarkly's Guarded Releases software deployment service
-
Samsung Galaxy Tab S10 FE reviewReviews The Tab S10 FE retains the feel and core capabilities of Samsung's high-end S10 tablets, but compromises on the display and the performance
-
Dell sells RSA security business to private equity firmNews Cash deal worth £1.6bn expected to close within the next 9 months
-
View from the Airport: RSA Conference 2017Opinion Brace yourselves for the cyberpocalypse... or not
-
Why complex security plans mar business-IT relationshipNews Michael Dell talks security at first post-acquisition RSA Conference
-
C-suite and IT must collaborate for safer businessesNews "Business-driven security" is the name of the game at RSA Conference 2017
-
What to expect from RSA Conference 2017Opinion This year's security landscape means there's more to discuss than ever
-
RSA 2016: Weakened encryption compromises national securityNews Terrorists will move to other platforms, while criminals will exploit the flaws, claim speakers
-
Dell and Symantec reports paint worrying cyber security picture for the year aheadNews Cyber security fears abound if the latest research is anything to go by...
-
ChewBacca malware steals data from retailers in 11 countriesNews RSA researchers uncover global malware operation that relies on ChewBacca keystroke logger.
