Internet Security Threat Report (ISTR) Vol. 16

Symantec Internet Security Threat Report (ISTR), Volume 16 1

Internet Security Threat Report (ISTR) Vol. 16Highlights and Recommended Defenses

Agenda


Threat Landscape: Key Trends1

ISTR 16: Key Findings2

Best Practices for Protection3


Threat Landscape: Key Trends


Threat Landscape2010 Trends


Social Networking

+ social engineering = compromise

Attack Kits get a caffeine boost

Targeted Attacks continued to evolve

Hide and Seek

(zero-day vulnerabilities and rootkits)

Mobile Threats increase

Threat Landscape Targeted Attacks continue to evolve


• High profile attacks in 2010 raised awareness of impact of APTs

• Stuxnet was incredibly sophisticated– Four zero-day vulnerabilities

– Stolen digital signatures

– Ability to “leap” the air gap with USB key

– Potential damage to infrastructureDetailed review in the:W32.Stuxnet Dossier& W32.Stuxnet

More Info:

http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf

http://www.symantec.com/security_response/writeup.jsp?docid=2010-071400-3123-99

Threat Landscape Targeted Attacks continue to evolve


• Less sophisticated attacks also cause significant damage

• Average cost of U.S. data breach in 2010: $7.2 million

Average # of Identities Exposed per Data Breach by Cause

Threat Landscape Social Networking + Social Engineering = Compromise


• Hackers have adopted social networking – Use profile information to create targeted social engineering

– Impersonate friends to launch attacks

– Leverage news feeds to spread spam, scams and massive attacks

Detailed review of Social Media threats available in The Risks of Social Networking

More Info:

http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the_risks_of_social_networking.pdf

http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the_risks_of_social_networking.pdf

Threat Landscape Social networking + Social Engineering = Compromise


• Shortened URLs can hide malicious links, increasinginfections

• 73% of shortened URLS (malicious) were clicked 11+ times

Threat Landscape Hide and Seek (Zero-day Vulnerabilities and Rootkits)

• Zero-day trend is up• Being used more

aggressively by hackers

• Attack toolkits help spread zero-day exploits more quickly


Number of documented ‘zero-day’ vulnerabilities

Threat Landscape Hide and Seek (Zero-day Vulnerabilities and Rootkits)

• Rootkits taking more aggressive hold – Tidserv, Mebratix, and Mebroot are current front-runners

– U.S. is main source of Tidserv bot-infected computers

– Modify the master boot record (MBR) on Windows computers to gain control of the computer (see below)


More Info:

Security Response Threat Writeups:

Tidserv + Mebroot




Threat Landscape Attack Kits Get a Caffeine Boost


• Java exploits added to many existing kits• Kits exclusively exploiting Java vulnerabilities appeared

More Info:

Detailed information available in ISTR Mid-Term: Attack Toolkits and Malicious Websites

http://www.symantec.com/business/theme.jsp?themeid=threatreport



Threat Landscape Mobile Threats• Most malware for mobiles are Trojans posing as legitimate apps

• Mobiles will be targeted more when used for financial transactions


163 vulnerabilities

2010

115 vulnerabilities

2009

42% increase


ISTR 16: Key Findings

Symantec™ Global Intelligence NetworkIdentifies more threats, takes action faster & prevents impact

Information ProtectionPreemptive Security Alerts Threat Triggered Actions

Global Scope and ScaleWorldwide Coverage 24x7 Event Logging

Rapid Detection

Attack Activity• 240,000 sensors• 200+ countries

Malware Intelligence• 133M client, server,

gateways monitored• Global coverage

Vulnerabilities• 40,000+ vulnerabilities• 14,000 vendors• 105,000 technologies

Spam/Phishing• 5M decoy accounts• 8B+ email messages/day• 1B+ web requests/day

Austin, TXMountain View, CACulver City, CA

San Francisco, CA

Taipei, Taiwan

Tokyo, Japan

Dublin, IrelandCalgary, Alberta

Chengdu, China

Chennai, India

Pune, India

15

Symantec Internet Security Threat Report (ISTR), Volume 16

Key Facts and FiguresReport Appendix Structure


❶❷Malicious code takes advantage of vulnerabilities in OS, programs, applications, etc.

❸ This can lead to your computer, laptop or mobile phone being infected with threats like viruses, worms or Trojans

❹ It may also lead to ID theft and other forms of fraud

Threat Activity TrendsMalicious Activity by Country


Threat Activity TrendsData Breaches by Sector• Average cost to resolve a data breach in

U.S. was $7.2 million

• 85% of identities exposed were customers


Average Number of Identities Exposed per Data Breach by Sector

Average Number of Identities Exposed per Data Breach by Cause

Threat Activity TrendsWeb-based Attacks• 93% increase in Web-based attacks from 2009 to 2010 • Spikes related to specific activities (new attack kits, current

events, etc.)


Vulnerability TrendsWeb Browser Plug-In Vulnerabilities


• Number of Flash and Reader vulnerabilities continued to grow

Malicious Code TrendsTop Malicious Code Families


Fraud Activity TrendsPhishing Categories• 56% of phishing attacks spoofed banks • Email-based fraud attempts continue to leverage current events


Fraud Activity TrendsUnderground Economy Servers• Credit card information & bank account credentials still on top• Big range in bulk prices for credit cards




Best Practices for Protection

Defenses Against Targeted AttacksAdvanced Reputation Security• Detect and block new and unknown threats based on reputation and ranking

Host Intrusion Prevention• Implement host lock-down as a means of hardening against malware infiltration

Removable Media Device Control• Restrict removable devices and functions to prevent malware infection

Email & Web Gateway Filtering• Scan and monitor inbound/outbound email and web traffic and block accordingly

Data Loss Prevention• Discover data spills of confidential information that are targeted by attackers

Encryption• Create and enforce security policy so all confidential information is encrypted

Network Threat and Vulnerability Monitoring• Monitor for network intrusions, propagation attempts and other suspicious traffic patterns


Defenses Against Hide and Seek (Zero-Days & Rootkits)

Advanced Reputation Security

• Detect and block new and unknown threats based on reputation and ranking

Security Incident and Event Management

• Detect and correlate suspicious patterns of behavior

Network Threat and Vulnerability Monitoring

• Leverage external services to monitor and correlate security events

Vulnerability Assessment

• Ensure network devices, OS, databases and web applications systems are properly configured• Determine whether or not a vulnerability is truly exploitable

Host Intrusion Prevention

• Implement host lock-down as a means of hardening against malware infiltration


Defenses Against Social Engineering


• Scans all potentially malicious downloads regardless of how the download is initiated• Prevent users from being redirected to malicious Websites

Web Gateway Security

• Discover concentrations of confidential information downloaded to an employee’s PC

Data Loss Prevention

• Monitor and protect critical systems from exploitation• Protect against misleading applications like fake antivirus• Prevent drive-by download web attacks

Network and Host Based Intrusion Prevention

• Two-factor authentication to protect against socially engineered password theft

Strong Authentication

• Ensure employees become the first line of defense

Security Awareness Training

Defenses Against Mobile Threats

• Remotely wipe devices in case of theft or loss• Update devices with applications as needed without physical access• Get visibility and control of devices, users and applications

Device Management

• Guard mobile device against malware and spam• Prevent the device from becoming a vulnerability

Device Security

• Identify confidential data on mobile devices• Encrypt mobile devices to prevent lost devices from turning into lost confidential data

Content Security

• Strong authentication and authorization for access to enterprise applications and resources• Allow access to right resources from right devices with right postures

Identity and Access


Determine Your Level of Security• Symantec offers security assessments to reveal gaps in protection

Symantec Internet Security Threat Report (ISTR), Volume 16

Data Loss Risk Assessment

Vulnerability Assessment

Malicious Activity Assessment

Targeted Attack Assessment

Security Advisory Services • Assessment Services• PCI Assessments• Security Program Assessments

30

Stay Informed: Additional Resources


Build Your Own ISTRgo.symantec.com/istr

Daily measure of global cybercrime risksnortoncybercrimeindex.com

Stay Abreast of Latest ThreatsTwitter.com/threatintel

http://go.symantec.com/istr

http://go.symantec.com/istr

http://www.nortoncybercrimeindex.com/

http://www.twitter.com/threatintel

http://www.twitter.com/threatintel

Thank you!

Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.

Thank you!


For more information, download:Internet Security Threat Report (ISTR) Vol. 16

Reputation-based Security Whitepaper

https://scm.symantec.com/outreach/es/index.php?p=mdiduan&o=1&t=es&mt=SSslideoutreach



Internet Security Threat Report (ISTR) Vol. 16

Technology

information management

sensitive data

data policies

data breaches

customer data

data doesnt

key components of information

access control