Cyber attacks surge as criminals target social media, mobiles

Computer security firm Symantec has revealed that a staggering 286 million new cyber threats emerged during 2010, with criminals targeting social media sites and starting to eye off mobile devices such as smartphones and tablets.

The Symantec report reveals a 93% increase in web-based attacks, led by a series of major targeted attacks designed to steal data, money or in some cases, take control of company infrastructure.

Craig Scroggie, vice president and managing director for Symantec in the Pacific region, says one of the most high-profiled targeted attacks saw cyber criminals target a power station in Iran in an attempt to gain control of the plant.

On average, 260,000 identities were exposed in major targeted attack breaches, while the average cost to resolve a breach was $US7.2 million.

The rise of attacks in the social media area was particular driven by the use of shortened URLs – used commonly to exchange links on Twitter and Facebook – to hide links to malicious sites or software, such as keyboard loggers or screen scrapers.

Symantec’s research found that 73% of malicious links sent out via social networking sites were clicked on 11 times or more.

“These networks are fertile ground for cyber criminals,” Scroggie says.

“Everyone is on the social networks, we trust them and when we are talking to our friends we think they are a safe place to be.”

Many of the social network-based attacks involve criminals piggybacking on current news events to drive clicks on malicious links, or using personal calls to actions, such as informing a user they’ve just been tagged in a photo or video.

“The juicer they make the headline, the better chance of a higher click-through rate. These criminals are no different when they want to increase traffic,” Scroggie says.

Other major threats to hit internet users in 2010 included the increased use of “hide and seek” threats, which are financially motivated attacks that use “rootkits” to extract cash out of an individual, business or user over a long period, and attack kits, which spread viruses through everything from spam to fake anti-virus software. These are increasingly aimed at Java vulnerabilities, because this technology is used on multiple platforms.

The rising area of concern is attacks on mobile devices, which Scroggie expects will increase as usage of smartphones and tablets continues to grow.

At present, attacks have been somewhat limited by the poor returns that cyber criminals have been able to extract from mobile users, but Scroggie says this will change as technology improves and users start to use their phones for more transactions.

Another looming issue for the Australian security scene is the establishment of the National Broadband Network.

While Scroggie is a big supporter of the network, he does point out that increased uptake of broadband services will create new security issues.

“When people leave their computers connected to broadband, that’s what botnets love. When you have a great big high-speed broadband network you could create a very large high-speed botnet.”

However, he points out that strong security measures will prevent the bulk of attacks and says SMEs cannot afford to be stung.

“In many of these attacks where data or money was lost, far more wide-reaching was the damage to reputation. The brand of your small business is more important than anything.”

He also says that like many sectors of the economy, crime is being transformed by the internet.

“If you are a criminal, your bricks market is drying up and your clicks market is getting much larger.”