informa
/
Vulnerabilities/Threats
Quick Hits

Report: Targeted Attacks Evolve, New Malware Variants Spike By 100 Percent

New Symantec Global Internet Threat Report shows evolution of targeted attacks, prevalence of Web-borne attacks, increase in malware variants in 2009
Targeted attacks may have finally gotten a reality check among enterprises earlier this year in the wake of Google's and Adobe's admissions that they had been hit by attackers out of China, but these types of attacks were well-entrenched in 2009, according to a new report released today by Symantec.

The Symantec Global Internet Threat Report, which covers trends in 2009, says attackers are aggressively targeting employees' social networking profiles to help target key personnel inside targeted companies. Meanwhile, Web-based attacks targeting PDF views accounted for half of all Web-based attacks last year, up from 11 percent in 2008.

And malware creation increased thanks to more automated tools, according to Symantec, which says it identified more than 240 million new malware programs last year, a 100 percent increase over 2008. The most prevalent malware was the Sality.AE virus, the Brisv Trojan, and the SillyFDC worm. "Malware showed a relentless increase, with more automation on systems that drove malware up," says Vincent Weaver, vice president of Symantec Security Response.

And Weaver noted that attackers are starting to target more of the "custodians" of customer data. "We are seeing them increasingly going after network administrators and data administrators, [for example], using spear-phishing attacks," he says. "Their sophistication is not in the malware [they use], but in the planning and execution" of the attacks, he says.

Sixty percent of all breaches that compromised identity information were a result of a hack, up from 22 percent in 2008, the report says.

Countries with newly emerging broadband infrastructures, like Brazil, India, Poland, Vietnam, and Russia moved up the list as the most common sources and targets of malicious activity. Brazil, for example, went from No. 5 in 2008 to No. 3 last year, accounting for 6 percent of all malicious activity worldwide. "A lot of this is driven by Conficker [infections]," Weaver notes.

Botnet activity last year, meanwhile, had some interesting twists: The number of active, infected bots per day decreased by 38 percent, from 75,158 per day in '08 to 46,541 last year. Symantec counted 6,798,338 distinct bot-infected computers last year, a 28 percent decrease from '08. But bot command-and-control servers grew from more than 15,000 to more than 17,000 last year, according to the report.

While the number of bots declined, botnet activity did not, according to Symantec. Weaver says the ISP and other botnet-related takedowns last year resulted in fewer bots, but botnet operators compensated by pumping up spam with their remaining bots. "In general, spam bots are either propagating aggressively and not spamming, or vice versa," Waver says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5