|
|
 |
/ / Trends
Trends
The volume and sophistication of malicious activity has increased substantially in recent years. According to a global survey conducted by Arbor Network, the largest DDoS single attack observed in 2010 rose to 100Gbps, which was a 102 per cent increase from 2009, and a 1000 per cent increase from 2005. [ 1 ]
Application-layer DDoS attacks are increasing in sophistication and operational impact. The most frequently targeted applications are HTTP, DNS and SMTP, where attacks targeted both customers and support devices of operators, inflicting increased operation expenses, customer churn and revenue loss. [ 1 ]
Symantec, another global network security company, has also addressed that the internet threats are getting more sophisticated and frequent. They listed five main trends in a report. [ 2 ]
Targeted attacks
Targeted attacks have gained notoriety from high-profile attacks against major organizations and significant targets. The attacks have become more complicated, and malicious codes attached can even affect physical devices as in the case of Stuxnet worm, which attempted to exploit for zero-day vulnerabilities.
Imperva, one of the world’s leading web application security firm, has also predicted that Nation-sponsored hackers like the Stuxnet worm will continue to build on concepts and techniques from the commercial hacker industry to create more powerful Advanced Persistent Threats (APT). This attack has been listed as the top predicted IT security threat trend in 2011 [ 3 ].
Social Networking
While social networking sites have become increasingly popular, this can mean serious consequences for companies. The information posted by employees on social networking sites can be employed in social engineering tactics as part of targeted attacks. Additionally, these sites also serve as vectors for malicious code infection, while Facebook malware may also possess a potentially extensive spread, by promising users information such as "who had been viewing their profile."
Zero-day vulnerabilities and Rootkits
Exploiting zero-day vulnerabilities enable attackers to acquire malicious applications installed on a computer without the user’s knowledge. While techniques of Rootkits continue to be refined and re-developed, attackers will continue to strive to stay ahead of detection tools.
Attack Kits
Attack toolkits continue to lead in Web-based attack activities. Their ease of use combined with advanced capabilities makes them an attractive investment for attackers, and eventually enables more common and frequent cybercriminal activities.
Mobile Threats
The installed base of smartphones and other mobile devices with sophisticated operating systems have grown to a substantially attractive size. Rapid developments have been accompanied by inevitable vulnerabilities. One significant threat would be the way cybercriminals hide Trojans in legitimate applications sold in app stores, which provides them with a simple and effective propagation method.
Source:
1. 2010 Report, Worldwide Infrastructure Security Report
2. Trend for 2011, Symantec Internet Security Threat Report
3. Security Trends for 2011, Imperva
|
