Targeted attacks set to blow up in 2011

News
By published

Symantec says targeted attacks will spike this year, following 2010 where Stuxnet set a new precedent.

Security

Businesses have been warned about more targeted attacks coming in 2011, as cyber criminals build on their successes from 2010.

Last year saw the likes of Stuxnet and Hydraq set a precedent for targeted attacks, using zero-day vulnerabilities to penetrate systems, a Symantec report noted.

This year will only see more of these attacks, where employees are targeted by spear phishing emails and cyber criminals go after specific kinds of corporate data, the security giant claimed.

Sian John, distinguished engineer at Symantec, said Stuxnet proved "there is no such thing as something that is not a target."

"For us it is a move towards looking at any file that comes on a system, don't assume that it's good," John told IT PRO.

"Let's look at building a reputation around it, let's look at what the file is actually doing But at the same time look at what you are actually doing on a system, so once you have installed a file, let me just check what that system is doing is it trying to bypass things, is it trying to open up backdoors?"

The report came following various targeted attacks on both the public and private sector this year.

In particular, Advanced Persistent Threats (APTs) emerged as something the security industry and enterprises needed to look at seriously, John said.

The security arm of EMC, RSA, was recently hit by an APT, as data on the firm's token product SecurID went missing.

Symantec said the increasing prevalence of zero-day vulnerabilities and rootkits was partly responsible for the rise of targeted attacks.

In 2010, a total of 14 new zero-day flaws were discovered in a number of widely used applications, such as Adobe Flash Player and Internet Explorer.

Hackers will increasingly adopt rootkit exploits into targeted attacks too, Symantec said.

More generally, the security giant saw 286 million new threats appear last year, as well as a 93 per cent in rise in web attacks over 2009.

Making money from mobile malware

Meanwhile, mobile attacks will start bringing in profit for hackers in 2011, according to Symantec, as the level of threats rise.

Symantec spotted 163 vulnerabilities in mobile device operating systems in 2010, compared to 115 in 2009.

Up until now, however, attacks have mainly come through trojanised third-party applications, which have only dialled or texted premium rate numbers from the phone.

This is still not as profitable as stealing online banking credentials and carrying out credit card fraud, Symantec noted.

"As people start to do more financial transactions over mobiles, we expect to see more activity," John said.

"In the next year, mobile attacks will get more sophisticated."

Symantec said it expects to see more PC-like attacks hit smartphones - such as phishing - as cyber criminals decide to stick with tried and tested methods.

Tom Brewster
Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.

More about public sector
NHS logo displayed on a smartphone screen in white lettering on a blue background.

DHSC eyes infrastructure overhaul amid £114 million IT spending boost
UK Prime Minister Keir Starmer speaking during a Q&A session after delivering a speech on plans to reform the civil service, during a visit to Reckitt Benckiser Health Care UK.

Starmer bets big on AI to unlock public sector savings
An abstract image showing blocks of blue shiny material overlaid on one another to represent LQMs and AI.

What are large quantitative models (LQMs)?
See more latest
Most Popular
Red Ubuntu logo appearing on a web browser with a microscope over the logo, placing emphasis on it
Qualys discovers three bypasses of Ubuntu's unprivileged user namespace restrictions
Gold lock floating above a digitally rendered motherboard with blue and red glowing hues, denoting ransomware
Security researchers hack BlackLock ransomware gang in push back against rising threat actor
A busy customer service desk
Omnissa eyes growth with revamped partner program
Female software developer using AI coding tools on a desktop computer with light from screen reflecting in spectacles.
Developers spend 17 hours a week on security — but don't consider it a top priority
A close-up of a digital dashboard showing stock market graphs overlaid onto a world map.
Financial services firms look to AI to improve resilience
Male software engineer working on a laptop at a home office desk with two PC monitors sitting on top of desk.
‘This shift highlights not just a continuation but a broad acceptance of remote work as the norm’: Software engineers are sticking with remote work and refusing to budge on RTO mandates – and 21% would quit if forced back to the office
Ransomware concept image showing a warning symbol in red with binary code in background.
Healthcare systems are rife with exploits — and ransomware gangs have noticed
Application security concept image showing a digitized padlock placed upon a digital platform.
ESET looks to ‘empower’ partners with cybersecurity portfolio updates
Databricks logo and branding pictured on a MacBook Pro screen.
Databricks and Anthropic are teaming up on agentic AI development – here’s what it means for customers
Dell Technologies logo and branding pictured at the company's stall at Mobile World Congress (MWC) in Barcelona, Spain.
Scale of Dell job cuts laid bare as firm sheds 10% of staff in a year