Symantec.com > Unternehmen > Security Response > Internet Security Threat Report > View the Report > Symantec Internet Security Threat Report - 2010

Symantec Internet Security Threat Report - 2010

About This Report | Executive Summary | Notable Statistics | Threat Landscape | 2010 Timeline

Executive Summary

Source: Symantec Corporation


Symantec recorded over 3 billion malware attacks in 2010 and yet one stands out more than the rest—Stuxnet. This attack captured the attention of many and led to wild speculation on the target of the attacks and who was behind them. This is not surprising in an attack as complex and with such significant consequences as Stuxnet. In a look back at 2010, we saw five recurring themes:

1. Targeted attacks. Almost forgotten in the wake of Stuxnet was Hydraq. Hydraq’s intentions were old-fashioned compared to the cyber-sabotage of Stuxnet—it attempted to steal. What made Hydraq stand out was what and from whom it attempted to steal—intellectual property from major corporations. Targeted attacks did not start in 2010, and will not end there. In addition, while Hydraq was quickly forgotten and, in time, Stuxnet may be forgotten as well, their influence will be felt in malware attacks to come. Stuxnet and Hydraq teach future attackers that the easiest vulnerability to exploit is our trust of friends and colleagues. Stuxnet could not have breached its target without someone being given trusted access with a USB key. Meanwhile, Hydraq would not have been successful without convincing users that the links and attachments they received in an email were from a trusted source.

2. Social networks. Whether the attacker is targeting a CEO or a member of the QA staff, the Internet and social networks provide rich research for tailoring an attack. By sneaking in among our friends, hackers can learn our interests, gain our trust, and convincingly masquerade as friends. Long gone are the days of strange email addresses, bad grammar and obviously malicious links. A well-executed social engineering attack has become almost impossible to spot.

3. Zero-day vulnerabilities and rootkits. Once inside an organization, a targeted attack attempts to avoid detection until its objective is met. Exploiting zero-day vulnerabilities is one part of keeping an attack stealthy since these enable attackers to get malicious applications installed on a computer without the user’s knowledge. In 2010, 14 such vulnerabilities were discovered. Rootkits also play a role. While rootkits are not a new concept, techniques continue to be refined and redeveloped as attackers strive to stay ahead of detection tools. Many of these rootkits are developed for use in stealthy attacks. There were also reports in 2010 of targeted attacks using common hacker tools. These are similar to building products – in this case attack tools – with “off the shelf” parts in order to save money and get to market faster. However, innovation runs in both directions, and attacks such as Stuxnet will certainly provide an example of how targeted attacks are studied and their techniques copied and adapted for massive attacks.

4. Attack kits. What brings these techniques to the common cybercriminal are attack kits. Zero-day vulnerabilities become everyday vulnerabilities via attack kits; inevitably, some of the vulnerabilities used on Stuxnet as well as the other 6,253 new vulnerabilities discovered in 2010 will find their way into attack kits sold in the underground economy. These tools—easily available to cybercriminals—also played a role in the creation of the more than 286 million new malware variants Symantec detected in 2010.

5. Mobile threats. As toolkits make clear, cybercrime is a business. Moreover, as with a legitimate business, cybercrime is driven by a return on investment. Symantec believes that this explains the current state of cybercrime on mobile threats. All of the requirements for an active threat landscape existed in 2010. The installed base of smart phones and other mobile devices had grown to an attractive size. The devices ran sophisticated operating systems that come with the inevitable vulnerabilities—163 in 2010. In addition, Trojans hiding in legitimate applications sold on app stores provided a simple and effective propagation method. What was missing was the ability to turn all this into a profit center equivalent to that offered by personal computers. But, that was 2010; 2011 will be a new year.

This report discusses these trends, impending threats, and the continuing evolution of the Internet threat landscape in 2010. Supporting the commentary are four appendices of data collected over the course of the year covering the following categories:
  • Threat activity
  • Vulnerabilities
  • Malicious code
  • Fraud activity

Along with this analysis, Symantec provides a comprehensive guide to best practices for both enterprises and consumers to adhere to in order to reduce their risk from the dangers of the current Internet security threat landscape.