Symantec Report Highlights Increase in Targeted Attacks, Social Networking and Mobile Threats
Recently, Symantec released findings of the company's latest Internet Security Threat Report.
Stuxnet worm made headlines for targeting industrial installations, Iranian nuclear facilities in particular, during the previous year. The sophisticated attacks were aimed at disrupting the functioning of crucial installations. Google was in the news for facing sophisticated Hydraq attacks. The Trojan allows the attacker to open a back door on the targeted computer. Most of the targeted attacks exploited zero-day vulnerabilities to intrude into the computer systems. According to the security firm, the Stuxnet targeted four different zero-day vulnerabilities to attack the targeted systems.
Government agencies, corporates, small enterprises and public companies, all were targeted by cybercriminals over the last year. Attackers first identified potential victims in these organizations and then intruded into the networks through customized social engineering attacks. The major purpose of attacks was to steal intellectual property, cause damage and extract personal information. According to Symantec, over 260,000 identities were revealed per breach in case of incidents caused by intrusion. However, such incidents could be reduced by creating cyber security awareness among employees through training sessions, online degree and e-learning programs.
Social networking sites have become immensely popular. Organizations are also making use of the emerging medium to promote their business. Cybercriminals placed shortened Unique Resource Locators (URLs) on social networking sites to deceive unwary users through phishing and malware scams. In case of shortened URLs, users are not able to view the complete URL of the sites to which they are directed to. Cybercriminals also exploited the news feed option of the social networking sites. Attackers place shortened URLs directing to a malicious website in the status section of compromised user accounts.
As networking sites distribute the links to news feeds of the compromised user's friends, more number of computers are infected. According to the Internet security firm, shortened URLs were used in around 65% of the malicious links in news feeds. Around 73% of these links were clicked 11 times or more and 33% of these links were clicked between 11 and 50 times. Regular security evaluation through professionals qualified in penetration testing, computer science degree and IT security certifications would enable service providers to mitigate weaknesses and provide secured services to the end-user.
The release identifies that attackers increasingly targeted Java vulnerabilities during the previous year. Attack toolkits such as Phoenix toolkit were used for web-based attacks. The popularity of mobile applications and devices has attracted the attention of cybercriminals. Symantec reports that attackers targeted mobile users by inserting malicious code in legitimate applications. Some attackers such as the creators of Pjapps Trojan even distributed compromised applications through public application stores. The Internet security firm identified around 163 security flaws, which could be exploited by attackers to acquire partial or complete control over devices running mobile platforms. IT professionals must constantly update their technical skills and know-how through webinars, online university degree programs and seminars to deal with the sophisticated threats in the IT environment.
EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.
EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.
EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.
Tag Words: social networking, zero day, internet security, symantec, mobile devices, attack toolkits, shortened urls, online degree, pjapps trojan, stuxnet, java