Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

Web Attacks Skyrocketed 93% In 2010

Symantec report finds that the daily threat volume, sophistication, and cost of security breaches have escalated since 2009.

10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches
The volume and sophistication of online attacks continues to increase. In fact, the daily volume of Web-based attacks increased by 93% from 2009 to 2010, while attack toolkits grew to account for two-thirds of all Web-based threats.

That's according to the new "Internet Security Threat Report" from Symantec, released Tuesday.

Notably, the report found that Web-based attacks are hitting businesses' bottom lines, due to the cost of data breaches. In particular, the report found that hacking results in an average of 262,767 identities exposed per data breach incident. Accounting for many fewer lost records are insiders (68,418), theft or loss (67,528), insecure policies (30,572), or fraud (6,353).

Which attack vectors were the most popular in 2010? According to the report, the Phoenix toolkit was the number-one technique used by Web-based attackers, and accounted for 39% of attacks that used the top 10 techniques observed by Symantec. The attack toolkits NeoSploit and Nukesploit, meanwhile, accounted for 18% each, followed by JavaScript buffer overflow attacks (8%), Adobe Reader attacks (8%), and non-kit-specific attacks against Java (3%).

Attacks continue to grow more sophisticated. From 2009 to 2010, found the report, the number of attacks that used executable files and Windows auto-run to circulate and launch increased by 74%. Meanwhile, attacks that took advantage of file-sharing protocols to spread increased by 47%, while remote attacks exploiting vulnerabilities jumped by 24%.

In recent years, applications and browsers have come under heavy fire. But 2010 appears to have been the year of the vulnerable plug-in. "As the operating system and browser guys have gotten better about patching their software, the weakness now is often in the plug-ins that sit inside the browser," said Gerry Egan, a director with Symantec Security Response. Such plug-ins include Adobe Flash and Reader, which were heavily targeted and exploited in 2010.

Getting rid of infections grew more difficult. "Once malware gets inside an organization, there's evidence that it's more likely to use some type of rootkit technology to cloak itself," said Egan.

In 2010, attacks against social network users also grew. The most-seen attack technique was directing users to a website that hosts malicious code, so attackers can execute a drive-by download that exploits any known vulnerabilities on the user's computer to infect it.

But despite the sophistication of the crimeware toolkits used to infect websites and launch such attacks, many social networking attack techniques were relatively simple. According to Symantec, during one three-month period, "two-thirds of malicious links in news feeds... used shortened URLs," with the shortened URL simply redirecting users to an attack website. Interestingly, 73% of the links studied by Symantec were clicked at least 11 times, and 33% were clicked up to 50 times, proving that an inability to see where links resolve doesn't seem to deter many social networking users.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-34812
PUBLISHED: 2021-06-18
Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2021-34808
PUBLISHED: 2021-06-18
Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors.
CVE-2021-34809
PUBLISHED: 2021-06-18
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.
CVE-2021-34810
PUBLISHED: 2021-06-18
Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.
CVE-2021-34811
PUBLISHED: 2021-06-18
Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors.