Vulnerabilities / Threats
4/5/2011
10:12 AM
Connect Directly
RSS
E-Mail
50%
50%

Web Attacks Skyrocketed 93% In 2010

Symantec report finds that the daily threat volume, sophistication, and cost of security breaches have escalated since 2009.

10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches
The volume and sophistication of online attacks continues to increase. In fact, the daily volume of Web-based attacks increased by 93% from 2009 to 2010, while attack toolkits grew to account for two-thirds of all Web-based threats.

That's according to the new "Internet Security Threat Report" from Symantec, released Tuesday.

Notably, the report found that Web-based attacks are hitting businesses' bottom lines, due to the cost of data breaches. In particular, the report found that hacking results in an average of 262,767 identities exposed per data breach incident. Accounting for many fewer lost records are insiders (68,418), theft or loss (67,528), insecure policies (30,572), or fraud (6,353).

Which attack vectors were the most popular in 2010? According to the report, the Phoenix toolkit was the number-one technique used by Web-based attackers, and accounted for 39% of attacks that used the top 10 techniques observed by Symantec. The attack toolkits NeoSploit and Nukesploit, meanwhile, accounted for 18% each, followed by JavaScript buffer overflow attacks (8%), Adobe Reader attacks (8%), and non-kit-specific attacks against Java (3%).

Attacks continue to grow more sophisticated. From 2009 to 2010, found the report, the number of attacks that used executable files and Windows auto-run to circulate and launch increased by 74%. Meanwhile, attacks that took advantage of file-sharing protocols to spread increased by 47%, while remote attacks exploiting vulnerabilities jumped by 24%.

In recent years, applications and browsers have come under heavy fire. But 2010 appears to have been the year of the vulnerable plug-in. "As the operating system and browser guys have gotten better about patching their software, the weakness now is often in the plug-ins that sit inside the browser," said Gerry Egan, a director with Symantec Security Response. Such plug-ins include Adobe Flash and Reader, which were heavily targeted and exploited in 2010.

Getting rid of infections grew more difficult. "Once malware gets inside an organization, there's evidence that it's more likely to use some type of rootkit technology to cloak itself," said Egan.

In 2010, attacks against social network users also grew. The most-seen attack technique was directing users to a website that hosts malicious code, so attackers can execute a drive-by download that exploits any known vulnerabilities on the user's computer to infect it.

But despite the sophistication of the crimeware toolkits used to infect websites and launch such attacks, many social networking attack techniques were relatively simple. According to Symantec, during one three-month period, "two-thirds of malicious links in news feeds... used shortened URLs," with the shortened URL simply redirecting users to an attack website. Interestingly, 73% of the links studied by Symantec were clicked at least 11 times, and 33% were clicked up to 50 times, proving that an inability to see where links resolve doesn't seem to deter many social networking users.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6306
Published: 2014-08-22
Unspecified vulnerability on IBM Power 7 Systems 740 before 740.70 01Ax740_121, 760 before 760.40 Ax760_078, and 770 before 770.30 01Ax770_062 allows local users to gain Service Processor privileges via unknown vectors.

CVE-2014-0232
Published: 2014-08-22
Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a (1)...

CVE-2014-3525
Published: 2014-08-22
Unspecified vulnerability in Apache Traffic Server 4.2.1.1 and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks.

CVE-2014-3563
Published: 2014-08-22
Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.

CVE-2014-3587
Published: 2014-08-22
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists bec...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.