Surge of targeted attacks in 2010

A general theme in 2010 was the rise of the highly-targeted attack. Two of the most high profile examples were finely targeted attacks that had very specific aims: Stuxnet, which targets industrial software, and Hydraq, which attempted to steal intellectual property from large corporations. The Stuxnet worm infects any Windows PC, but only targets particular software that controls industrial processes, such as those in factories or chemical plants. Various other features of the worm, including the fact that most infections were in Iran, led to mass speculation that it was developed either by the US or Israel to target the Bushehr nuclear power plant in Iran. More here.

Overall, 2010 saw an increase in these highly targeted types of attack that often involved social engineering techniques whereby attackers researched key individuals within the targeted organisation.

Attack toolkits, which can be used by novices, continued to see widespread use and increasingly targeted Java vulnerabilities. Norton Internet Security Expert Con Mallon told us: “Java is very attractive to attackers because it gives them a chance to go multi-OS, multi-platform. Developers need to be very aware of any vulnerabilities that are spotted for Java, keep themselves patched and really keep their knowledge up to date.” Daily web-based attacks were up 93% on 2009, with two-thirds of these attributable to attack kits.

Attacks on mobile operating systems are also on the rise. Most attacks so far have been Trojans, but Symantec also found 163 vulnerabilities in the popular mobile platforms. Con told us “To keep things in perspective, we found 5500 vulnerabilities in total across all OSs and platforms, so it’s still a small number, but the pace of activity seems to be rising. Most people have anti-virus software on their Windows system and only a tiny minority have it on their smartphones and tablets. That’s going to have to change; I think it will change pretty quickly.” Most of this year’s Trojans have been created by inserting malicious code into legitimate applications.

Social networks continued to provide a rich feeding ground for attackers in 2010. URL shorteners were widely used to conceal malicious links, and Symantec found that of these, 73% were clicked 11 times or more.

You can see the full report here.