Nigeria Ranks High in Malicious Internet Activities

Symantec Corp has just
announced the findings of its
Internet Security Threat Report,
Volume 16, showing a massive
threat volume of more than 286
million new threats last year. The
report was also accompanied by
several new megatrends in the
threat landscape.
In the report, Nigeria ranked 65th
out of 233 countries monitored by
the company ’s global intelligence
network.
The report highlights dramatic
increases in both the frequency
and sophistication of targeted
attacks on enterprises; the
continued growth of social
networking sites as an attack
distribution platform; and a
change in attackers ’ infection
tactics, increasingly targeting
vulnerabilities in Java to break
into traditional computer systems.
In addition, the report explores
how attackers are exhibiting a
notable shift in focus toward
mobile devices.
It highlighted that targeted
attacks such as Hydraq and
Stuxnet posed growing threat to
enterprises in 2010. To increase
the likelihood of successful,
undetected infiltration into the
enterprise, an increasing number
of these targeted attacks
leveraged zero-day vulnerabilities
to break into computer systems.
As one example, Stuxnet alone
exploited four different zero-day
vulnerabilities to attack its targets.
The report said that in 2010,
attackers launched targeted
attacks against a diverse collection
of publicly traded, multinational
corporations and government
agencies, as well as a surprising
number of smaller companies. In
many cases, the attackers
researched key victims within
each corporation and then used
tailored social engineering attacks
to gain entry into the victims’
networks.
It added that due to their targeted
nature, many of these attacks
succeeded even when victim
organizations had basic security
measures in place.
According to the senior vice
president, Symantec Security
Technology and Response report,
Stephen Trilling, “while the high-
profile targeted attacks of 2010
attempted to steal intellectual
property or cause physical
damage, many targeted attacks
preyed on individuals for their
personal information. For
example, the report found that
data breaches caused by hacking
resulted in an average of more
than 260,000 identities exposed
per breach in 2010, nearly
quadruple that of any other
cause”.
Social network platforms continue
to grow in popularity and this
popularity has not surprisingly
attracted a large volume of
malware. One of the primary
attack techniques used on social
networking sites involved the use
of shortened URLs. Under typical,
legitimate, circumstances, these
abbreviated URLs are used to
efficiently share a link in an email
or on a web page to an otherwise
complicated web address. Last
year, attackers posted millions of
these shortened links on social
networking sites to trick victims
into both phishing and malware
attacks, dramatically increasing
the rate of successful infection.
The report found that attackers
overwhelmingly leveraged the
news-feed capabilities provided
by popular social networking sites
to mass-distribute attacks. In a
typical scenario, the attacker logs
into a compromised social
networking account and posts a
shortened link to a malicious
website in the victim ’s status area.
The social networking site then
automatically distributes the link
to news feeds of the victim ’s
friends, spreading the link to
potentially hundreds or thousands
of victims in minutes. In 2010, 65
percent of malicious links in news
feeds observed by Symantec used
shortened URLs. Of these, 73
percent were clicked 11 times or
more, with 33 percent receiving
between 11 and 50 clicks.
In 2010, attack toolkits, software
programs that can be used by
novices and experts alike to
facilitate the launch of widespread
attacks on networked computers,
continued to see widespread use.
These kits increasingly target
vulnerabilities in the popular Java
system, which accounted for 17
percent of all vulnerabilities
affecting browser plug-ins in 2010.
As a popular cross-browser, multi-
platform technology, Java is an
appealing target for attackers.
The report said that the number of
measured Web-based attacks per
day increased by 93 percent in
2010 compared to 2009. Since
two-thirds of all Web-based threat
activity observed by Symantec is
directly attributed to attack kits,
these kits are likely responsible for
a large part of this increase.
“The major mobile platforms are
finally becoming ubiquitous
enough to garner the attention of
attackers, and as such, Symantec
expects attacks on these platforms
to increase. In 2010, most
malware attacks against mobile
devices took the form of Trojan
Horse programs that pose as
legitimate applications. While
attackers generated some of this
malware from scratch, in many
cases, they infected users by
inserting malicious logic into
existing legitimate applications.
The attacker then distributed
these tainted applications via
public app stores. For example,
the authors of the recent Pjapps
Trojan employed this
approach ”.says the report.
It said that while the new security
architectures employed in today ’s
mobile devices are at least as
effective as their desktop and
server predecessors, attackers can
often bypass these protections by
attacking inherent vulnerabilities
in the mobile platforms ’
implementations. Unfortunately,
such flaws are relatively
commonplace as Symantec
documented 163 vulnerabilities
during 2010 that could be used by
attackers to gain partial or
complete control over devices
running popular mobile platforms.
In the first few months of 2011
attackers have already leveraged
these flaws to infect hundreds of
thousands of unique devices.

Subs