BANGALORE, INDIA: Year 2010 is arguably the most dreaded year in terms of security. The year will be remembered as a turning point in the history as it saw an unprecedented record number of conventional attacks and emergence of blended attacks.
The 2010 evidence and metrics suggest that cybercriminals and their blended attacks are having a field day taking advantage of security gaps left open by legacy technologies like firewalls, antivirus, and simple URL blockers, the Websense Security Lab's recently observed it its annual security report.
End-point security company Symantec, too, is of the opinion that 2010 was the hottest year so far. The company in all 2009 had observed 12 zero-day vulnerabilities. Till December, 2010, the company has already tracked 18 zero-day vulnerabilities that were or are being used in cyber attacks. In fact, Stuxnet alone used a record four zero-day vulnerabilities.
Smartphones emerge new targets
The number of targeted malware attacks aimed at smartphones spiked 33 per cent this year, according to the results of a two-year-long study conducted by mobile security firm AdaptiveMobile. The firm compared results from 2009 and 2010 to arrive at its conclusion.
“With the increasing pervasiveness of smartphone devices, 2010 has undoubtedly been the year that fraudsters have truly turned their attention to mobile platforms,” AdaptiveMobile COO Gareth Maclachlan said.
Also read: Security will remain among highest priorities in 2011
Attacks aimed at Android-based devices rose the most, according to the report. Threats against Android smartphones increased four-fold, but remain modest in total number compared to older platforms.
Java-based applications experienced the second-highest increase in reported malware infections, up 45 per cent over 2009 results. Threats for the iPhone and Symbian-based devices both decreased, with the latter falling 11 per cent, according to the report.
Dan Hubbard, chief technology officer, Websense, feels that in 2010, cybercriminals adapted their strategies to address the social websites and sites with dynamic user-generated content. Attacks are now more blended, sophisticated, and targeted. Many of these attacks use new tricks and methods of delivery. Script-based attacks, blended email campaigns, and SEO poisoning were all common in 2010.
Even the most easily detected threats and botnets were successfully reproduced with variations that often allow them to slip through outdated defenses. The majority of attacks in 2010 focused on the same thing: stealing data.
Here are some of the 2010 security findings from Websense:
-
111.4 per cent increase in the number of malicious websites from 2009 to 2010
-
79.9 per cent of websites with malicious code were legitimate sites that have been compromised.
-
52 per cent of data-stealing attacks were conducted over the Web.
-
34 per cent of malicious Web/HTTP attacks included data-stealing code.
-
89.9 per cent of all unwanted emails in circulation during this period contained links to spam sites and/or malicious websites.
-
The United States and China continued to be the top two countries hosting crimeware and receiving stolen data during 2010; the Netherlands has found its way into the top five.
-
Searching for breaking news represented a higher risk (22.4 per cent) than searching for objectionable content (21.8 per cent)
-
23 per cent of real-time search results on entertainment lead to a malicious link.
-
40 per cent of all Facebook status updates have links and 10 per cent of those links are either spam or malicious.