Are Cyber Threats Getting Worse?

The Internet is a scary place and getting scarier by the minute. That's the gist of a new Internet Security Threat report, issued by Symantec Corp.

Though issued by a company that would like to sell you anti-virus software against such threats, the report is nonetheless compelling. It shows a massive threat volume of more than 286 million new threats last year, accompanied by what it calls "several new megatrends" in the threat landscape.

More frequent and sophisticated

It appears threats are becoming more frequent and sophisticated. Hackers increasingly are using social networking sites like Facebook as attack distribution platforms. They've also changed their infection tactics, increasingly targeting vulnerabilities in Java to break into traditional computer systems.

Now, with consumers turning to smartphones that access the Internet on the go, the report says attackers are exhibiting a notable shift in focus toward mobile devices.

Businesses are having to work much harder to stay one step ahead of the hackers. One 2010 trend identified in the report is targeted attacks. Instead of launching a random attack against a network server, hackers conducted research to identify key personnel within the business.

They then used tailored social engineering attacks to gain entry into the victims' networks. Due to their targeted nature, many of these attacks succeeded even when victim organizations had basic security measures in place.

Consumers still the main targets

While the high-profile targeted attacks of 2010 attempted to steal intellectual property or cause physical damage, many more targeted attacks preyed on individuals for their personal information.

For example, the report found that data breaches caused by hacking resulted in an average of more than 260,000 identities exposed per breach in 2010, nearly quadruple that of any other cause.

Hackers have found social network fertile ground for yielding victims, because of users' tendency to trust information they believe to be from "friends," and the fact that they like to share it.

One of the primary attack techniques used on social networking sites involved the use of shortened URLs. Under typical, legitimate, circumstances, these abbreviated URLs are used to efficiently share a link in an email or on a web page to an otherwise complicated web address. Last year, attackers posted millions of these shortened links on social networking sites to trick victims into both phishing and malware attacks, dramatically increasing the rate of successful infection.

Leveraging news feeds

News-feed capabilities provided by social networking sites also proved helpful to hackers. For example, the attacker might log into a compromised social networking account and posts a shortened link to a malicious website in the victim's status area.

The social networking site then automatically distributes the link to news feeds of the victim's friends, spreading the link to potentially hundreds or thousands of victims in minutes. In 2010, 65 percent of malicious links in news feeds observed by Symantec used shortened URLs, the company said. Of these, 73 percent were clicked 11 times or more, with 33 percent receiving between 11 and 50 clicks.

Attack toolkits focus on Java

In 2010, attack toolkits made it easier for anyone to become a hacker. These software programs can be used by novices and experts alike to facilitate the launch of widespread attacks on networked computers, and Symantec said they continued to see widespread use.

These kits increasingly target vulnerabilities in the popular Java system, which accounted for 17 percent of all vulnerabilities affecting browser plug-ins in 2010. As a popular cross-browser, multi-platform technology, the report said Java is an appealing target for attackers.

If that weren't scary enough, the report predicts the mobile universe will come under increasing attack in the future. In 2010, most malware attacks against mobile devices took the form of Trojan Horse programs that pose as legitimate applications.

While the new security architectures employed in today's mobile devices are at least as effective as their desktop and server predecessors, attackers can often bypass these protections by attacking inherent vulnerabilities in the mobile platforms' implementations.

Unfortunately, such flaws are relatively commonplace - Symantec documented 163 vulnerabilities during 2010 that could be used by attackers to gain partial or complete control over devices running popular mobile platforms.