Cybercrime to hit tablets

If there is one man who is in no doubt about the potential threat of new and innovative cybercrimes, it is Craig Scroggie, Symantec's vice-president and managing director for the Pacific region.

At the end of a lengthy interview, Signal reminded Mr Scroggie that he and the writer had been talking for years about potential threats to email, bogus websites, computers and now smartphones.

Was anyone listening?

Sometimes people did not listen to warnings until it was too late, he said.

The proliferation of tablet devices meant cyber criminals were changing their targets and Mr Scroggie predicted tablets would soon be facing the same sort of attacks PC owners had suffered in recent years.

The latest report from Symantec found a "massive threat volume" of more than 286 million new threats last year, accompanied by several new trends.

The report highlighted the increases in both the frequency and sophistication of targeted attacks on enterprises, the continued growth of social networking sites as an attack distribution platform and a change in the infection tactics of attackers.

Increasingly, vulnerabilities in Java were used to break into traditional computer systems.

Asked about the increasing number of updates to Java, Mr Scroggie said most were for security reasons.

Attack toolkits, software programs that could be used by novices and experts alike to launch widespread attacks on networked computers, continued to be used last year.

The kits increasingly targeted vulnerabilities within the popular Java system, which accounted for 17% of all vulnerabilities affecting browser plug-ins"As a popular cross-browser, multiplatform technology, Java is an appealing target for attackers."

The Phoenix toolkit was responsible for the most web-based attack activity in 2010, he said. The kit, as well as many others, incorporated exploits against Java.

Attacks such as Hydraq and Stuxnet posed a growing threat to businesses last year. To increase the likelihood of successful, undetected infiltration into the business, an increasing number of the targeted attacks used zero-day vulnerabilities to break into computer systems, he said.

In 2010, attackers hit a diverse collection of publicly traded, multi-national corporations and government agencies, as well as a surprising number of smaller companies.

In many cases, the attackers researched key people in each corporation then used tailored social engineering attacks to gain entry to the victims' networks.

"Due to their targeted nature, many of these attacks succeeded even when victim organisations had basic security measures in place."

While the high-profile targeted attacks of 2010 attempted to steal intellectual property or cause physical damage, many attacks preyed on individuals for their personal information.

Data breaches caused by hacking resulted in an average of more than 260,000 identities exposed per breach last year, nearly quadruple that of any other cause, Mr Scroggie said.

The major mobile platforms were finally becoming ubiquitous enough to draw the attention of attackers and Symantec expected attacks on those platforms to increase.

Last year, most malware attacks against mobile devices took the form of Trojan Horse programs posing as legitimate applications. While attackers generated some of the malware from scratch, in many cases they infected users by inserting malicious logic into existing legitimate applications. The attack then distributed the tainted applications via public app stores, he said.

In the first few months of 2011, attacks had already leveraged flaws to infect hundreds of thousands of devices.

According to published data, it was no surprise that 47% of organisations did not believe they could adequately manage the risks introduced by mobile devices.

More than 45% of organisations said security concerns were one of the biggest obstacles to rolling out more smart devices, Mr Scroggie said.