Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

Web Attacks Skyrocketed 93% In 2010

Symantec report finds that the daily threat volume, sophistication, and cost of security breaches have escalated since 2009.

10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches
The volume and sophistication of online attacks continues to increase. In fact, the daily volume of Web-based attacks increased by 93% from 2009 to 2010, while attack toolkits grew to account for two-thirds of all Web-based threats.

That's according to the new "Internet Security Threat Report" from Symantec, released Tuesday.

Notably, the report found that Web-based attacks are hitting businesses' bottom lines, due to the cost of data breaches. In particular, the report found that hacking results in an average of 262,767 identities exposed per data breach incident. Accounting for many fewer lost records are insiders (68,418), theft or loss (67,528), insecure policies (30,572), or fraud (6,353).

Which attack vectors were the most popular in 2010? According to the report, the Phoenix toolkit was the number-one technique used by Web-based attackers, and accounted for 39% of attacks that used the top 10 techniques observed by Symantec. The attack toolkits NeoSploit and Nukesploit, meanwhile, accounted for 18% each, followed by JavaScript buffer overflow attacks (8%), Adobe Reader attacks (8%), and non-kit-specific attacks against Java (3%).

Attacks continue to grow more sophisticated. From 2009 to 2010, found the report, the number of attacks that used executable files and Windows auto-run to circulate and launch increased by 74%. Meanwhile, attacks that took advantage of file-sharing protocols to spread increased by 47%, while remote attacks exploiting vulnerabilities jumped by 24%.

In recent years, applications and browsers have come under heavy fire. But 2010 appears to have been the year of the vulnerable plug-in. "As the operating system and browser guys have gotten better about patching their software, the weakness now is often in the plug-ins that sit inside the browser," said Gerry Egan, a director with Symantec Security Response. Such plug-ins include Adobe Flash and Reader, which were heavily targeted and exploited in 2010.

Getting rid of infections grew more difficult. "Once malware gets inside an organization, there's evidence that it's more likely to use some type of rootkit technology to cloak itself," said Egan.

In 2010, attacks against social network users also grew. The most-seen attack technique was directing users to a website that hosts malicious code, so attackers can execute a drive-by download that exploits any known vulnerabilities on the user's computer to infect it.

But despite the sophistication of the crimeware toolkits used to infect websites and launch such attacks, many social networking attack techniques were relatively simple. According to Symantec, during one three-month period, "two-thirds of malicious links in news feeds... used shortened URLs," with the shortened URL simply redirecting users to an attack website. Interestingly, 73% of the links studied by Symantec were clicked at least 11 times, and 33% were clicked up to 50 times, proving that an inability to see where links resolve doesn't seem to deter many social networking users.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23281
PUBLISHED: 2021-04-13
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM software does not sanitize the date provided via coverterCheckList action in meta_driver_srv.js class. Attackers can send a specially crafted packet to make IPM connect to ro...
CVE-2021-27598
PUBLISHED: 2021-04-13
SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc. because of missing authorization check in the servlet.
CVE-2021-27600
PUBLISHED: 2021-04-13
SAP Manufacturing Execution (System Rules), versions - 15.1, 15.2, 15.3, 15.4, allows an authorized attacker to embed malicious code into HTTP parameter and send it to the server because SAP Manufacturing Execution (System Rules) tab does not sufficiently encode some parameters, resulting in Stored ...
CVE-2021-27601
PUBLISHED: 2021-04-13
SAP NetWeaver AS Java (Applications based on HTMLB for Java) allows a basic-level authorized attacker to store a malicious file on the server. When a victim tries to open this file, it results in a Cross-Site Scripting (XSS) vulnerability and the attacker can read and modify data. However, the attac...
CVE-2021-27602
PUBLISHED: 2021-04-13
SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice application allows certain authorized users to create source rules which are translated to drools rule when published to certain modules within the application. An attacker with this authorization can inject malicious code in the sour...