April 5, 2011

Mobile Devices, Social Networks Target For Cyber Criminals

Malicious code is being spread by smartphones and social networking sites such as Facebook and Twitter as criminals target these devices, security software maker Symantec Corp. revealed in its annual threat analysis.

"The report found that data breaches caused by hacking resulted in an average of more than 260,000 identities exposed per breach in 2010, nearly quadruple that of any other cause," according to a statement on Symantec's web site.

When it comes to mobile devices, the report documented 163 known opportunities that could allow attackers to "gain partial or complete control over devices running popular mobile platforms." The number is up from 115 discovered in 2009.

The security holes in the operating system were exploited to install harmful software onto Android handsets, reports BBC. This suggests that hacking into smartphones can be very lucrative for criminals.

Last year, malware attacks on mobile devices took on the form of legitimate applications. In most cases, attackers inserted these malicious codes into legitimate applications that were then distributed via public app stores.

For example, BBC News reports that attackers hid at least six different varieties of malware in applications that were distributed through a Chinese download service.

iPhones that have been "jailbroken" were affected by the attacks because they bypass Apple's security. However, by "pre-vetting" all new applications, it is believed that the company has been spared from major attacks on its devices, reports BBC.

Social networks are also being eyed by cyber criminals. Symantec found that the primary attack technique used to collect personal information is through web links that encourage users to click through to sites that contain malware and rogue applications.

The security company estimates that 1 in 6 links posted on Facebook pages are connected to malicious software.

Abbreviated URLs are used in these attacks to shorten web addresses, making it harder to tell what the target site is.

Millions of these shortened URLs were posted last year on social networking sites, tricking its victims by using scams that seem to relate to them on a personal level, BBC reports.

In addition, the news-feed capabilities provided by social networking sites were exploited to mass-distribute attacks.

Symantec gave an example where the attacker logs into a compromised account and posts a shortened URL link to a malicious website in the victim's status area. The link is then automatically distributed by the social networking site to news feeds of the victim's friends. This potentially could spread to hundreds of thousands of people in a matter of minutes.

Symantec found that 65% of malicious links in news feeds used shortened URLs during its 2010 analysis. 73% of these were clicked through 11 times or more, and 33% received 11 to 50 clicks.

Symantec's annual Internet Security Threat Report is based on data supplied by users from around the world. It is regarded as a reliable measurement of the changing trends in cyber-crime, reports BBC. The company recorded a 93% increase in the number of web-based attacks between 2009 and 2010, globally.

The widespread availability of "attack toolkits," or software packages that allow users with little skill to design their own malicious software is believed to have caused the dramatic rise.

The most popular kit was 'Phoenix,' in which the Java programming language's vulnerabilities were exploited. Java is commonly used for web-based applications.

In 2010, Symantec found that attackers launched targeted attacks against specific companies and organizations, including government agencies. The well-known software worm Stuxnet that attacked the mechanical systems used in Iran's nuclear plant last year poses a growing threat to companies around the world.

Even with basic security measures in place at these organizations, many of the cyber-attacks succeeded because of its targeted nature.

Findings from Mocana indicate that 47% of organizations do not believe that they can manage the risks of the mobile devices accurately. For more than 45% of organization, security concerns is one of the biggest obstacles they face when rolling out more smart devices, reports Symantec.


On the Net: