As a result of its most recent findings from its Internet Security Threat Report (ISTR), Volume 15, Symantec Corp. (NYSE: SYMC) executives are encouraging businesses to re-examine their existing security policies and procedures to help ward off a rise in targeted attacks.
This volume of Symantec’s ISTR covers last year’s period from January 1 to December 31 and is based on findings and research from the company’s Global Intelligence Network, Marc Fossi, executive editor of the report, and manager of development security and technology and response at Symantec said.
Fossi said there were five major themes that came out of the report which include: attack kits are making it easier for novices to steal information, targeted attacks are focusing on the enterprise, consumers are increasingly seeing more Web-based attacks, malicious activity is rooted in emerging countries, and the underground economy was relatively unaffected by the global economy.
The report highlighted a rise in targeted attacks on the enterprise, using the Google Attack, which is more specifically referred to as the Hydraq attack, as an example.
“Targeted attacks against businesses have been occurring for some time now, however during 2009, a large-scale targeted attack occurred that brought these types of incidents into the spotlight,” Fred Patterson, director of enterprise channel at Symantec Canada said. “This particular threat (Hydraq) originated in China and resulted in the theft of intellectual property from Google.”
Due to the rise and popularity of Web sites and social networking groups, Fossi said individuals are now putting more personal information into the public view. This is a problem because attackers can gather information through Web sites and social networks to carry out targeted attacks that are customized and appeal to a specific individual. These targeted attacks are what attackers use to get into enterprise networks and can lead to identity theft and the theft of intellectual property or corporate strategy.
“Symantec believes it is likely that targeted attacks of this nature will continue to play a large part in the threat landscape in the near future, so we encourage organizations in Canada and around the world to re-examine their existing security procedures and protection strategies against these zero-day vulnerabilities,” Patterson said.
The report also found that attack kits are becoming popular and are a way for novice attackers to steal information.
“Kits allow people to customize a piece of malicious code to steal data and other personal information,” Fossi explained. “This lets unskilled attackers enter the market using sophisticated tools. When the kit first came out, it was available for about $1,000 but the price has since dropped to $500 or $600. This price drop lowers the bar of entry for attackers, which means businesses and individuals must make sure they have the right policies in place.”
Amongst the other findings in the report, Fossi said due to the global economy, attackers have also modified their lure tactics by sending out spam messages to reflect the current financial circumstances. If a user clicks on any of these links, attackers can then install malicious code and other applications on the victim’s computer.
“The subject of phishing messages have changed from ‘there’s a problem in your account, please sign in here,’ to ‘get lower interest rates and consolidate your loans,” Fossi said. “This shows that attackers are able to rapidly adopt their social engineering techniques to take advantage of current events and situations.”
When it comes to vertical sectors, healthcare, government and education are the ones to report the most security breaches. This is because these sectors are typically required by law to report these situations. For channel partners who work in these areas, as well as others, it’s important that they explain to customers that these threats are real and they do exist, Patterson advises.
“Partners should also realize that small business customers usually do not have the cycles to effectively manage their IT infrastructure,” Patterson said. “Partners have the opportunity to educate and manage this aspect of their customer’s business. For businesses, they should make sure they have the right policies in place and augment them with security software that has advanced threat protection to ensure information is properly backed up.”