Vulnerabilities / Threats
4/5/2011
10:12 AM
50%
50%

Web Attacks Skyrocketed 93% In 2010

Symantec report finds that the daily threat volume, sophistication, and cost of security breaches have escalated since 2009.

10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches
The volume and sophistication of online attacks continues to increase. In fact, the daily volume of Web-based attacks increased by 93% from 2009 to 2010, while attack toolkits grew to account for two-thirds of all Web-based threats.

That's according to the new "Internet Security Threat Report" from Symantec, released Tuesday.

Notably, the report found that Web-based attacks are hitting businesses' bottom lines, due to the cost of data breaches. In particular, the report found that hacking results in an average of 262,767 identities exposed per data breach incident. Accounting for many fewer lost records are insiders (68,418), theft or loss (67,528), insecure policies (30,572), or fraud (6,353).

Which attack vectors were the most popular in 2010? According to the report, the Phoenix toolkit was the number-one technique used by Web-based attackers, and accounted for 39% of attacks that used the top 10 techniques observed by Symantec. The attack toolkits NeoSploit and Nukesploit, meanwhile, accounted for 18% each, followed by JavaScript buffer overflow attacks (8%), Adobe Reader attacks (8%), and non-kit-specific attacks against Java (3%).

Attacks continue to grow more sophisticated. From 2009 to 2010, found the report, the number of attacks that used executable files and Windows auto-run to circulate and launch increased by 74%. Meanwhile, attacks that took advantage of file-sharing protocols to spread increased by 47%, while remote attacks exploiting vulnerabilities jumped by 24%.

In recent years, applications and browsers have come under heavy fire. But 2010 appears to have been the year of the vulnerable plug-in. "As the operating system and browser guys have gotten better about patching their software, the weakness now is often in the plug-ins that sit inside the browser," said Gerry Egan, a director with Symantec Security Response. Such plug-ins include Adobe Flash and Reader, which were heavily targeted and exploited in 2010.

Getting rid of infections grew more difficult. "Once malware gets inside an organization, there's evidence that it's more likely to use some type of rootkit technology to cloak itself," said Egan.

In 2010, attacks against social network users also grew. The most-seen attack technique was directing users to a website that hosts malicious code, so attackers can execute a drive-by download that exploits any known vulnerabilities on the user's computer to infect it.

But despite the sophistication of the crimeware toolkits used to infect websites and launch such attacks, many social networking attack techniques were relatively simple. According to Symantec, during one three-month period, "two-thirds of malicious links in news feeds... used shortened URLs," with the shortened URL simply redirecting users to an attack website. Interestingly, 73% of the links studied by Symantec were clicked at least 11 times, and 33% were clicked up to 50 times, proving that an inability to see where links resolve doesn't seem to deter many social networking users.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-1793
Published: 2014-12-25
rendering/svg/RenderSVGResourceFilter.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted SVG document that leads to a "stale pointer."

CVE-2011-1794
Published: 2014-12-25
Integer overflow in the FilterEffect::copyImageBytes function in platform/graphics/filters/FilterEffect.cpp in the SVG filter implementation in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified ...

CVE-2011-1795
Published: 2014-12-25
Integer underflow in the HTMLFormElement::removeFormElement function in html/HTMLFormElement.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document con...

CVE-2011-1796
Published: 2014-12-25
Use-after-free vulnerability in the FrameView::calculateScrollbarModesForLayout function in page/FrameView.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaS...

CVE-2011-1798
Published: 2014-12-25
rendering/svg/RenderSVGText.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 does not properly perform a cast of an unspecified variable during an attempt to handle a block child, which allows remote attackers to cause a denial of service (application crash) or possibly have unknown othe...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.