subscribe: Daily Newsletter

 

New threats emerge

0 comments

More than 286-million million new threats surfaced last year, and number of new megatrends are emerging on the threat landscape.

This is according to the latest Internet Security Threat Report from Symantec, which says one of the emerging trends is targeted attacks, such as Hydraq and Stuxnet, which pose a growing threat to enterprises in 2011.
To increase the likelihood of successful, undetected infiltration into the enterprise, an increasing number of these targeted attacks, leveraged zero-day vulnerabilities in order to break into computer systems. These zero-day vulnerabilities are computer threats that are unknown to others or the software developer. They occur during the vulnerability window that exists in the time between when a vulnerability is first exploited and when software developers start to develop a counter to that threat.
As an example, Stuxnet alone exploited four different zero-day vulnerabilities to attack its targets.
In addition, the major mobile platforms are finally becoming ubiquitous enough to gain the attention of attackers, and as such, Symantec expects attacks on these platforms to increase.
In 2010, most malware attacks against mobile devices took the form of Trojan Horse programs that pose as legitimate applications.  While attackers generated some of this malware from scratch, in many cases, they infected users by inserting malicious logic into existing legitimate applications.  The attacker then distributed these tainted applications via public app stores.
While the new security architectures employed in today’s mobile devices are at least as effective as their desktop and server predecessors, attackers can often bypass these protections by attacking inherent vulnerabilities in the mobile platforms’ implementations.
Unfortunately, such flaws are relatively commonplace – Symantec documented 163 vulnerabilities during 2010 that could be used by attackers to gain partial or complete control over devices running popular mobile platforms.  In the first few months of 2011 attackers have already leveraged these flaws to infect hundreds of thousands of unique devices.
According to findings from Mocana, it is no surprise that 47% of organisations do not believe they can adequately manage the risks introduced by mobile devices. In addition, more than 45% of organisations say security concerns are one of the biggest obstacles to rolling out more smart devices.