In addition, Symantec's Insight has access to the world's largest intelligence network to provide reputation ratings for nearly every file on the Internet. This advanced data mining technology creates reputation-protection that is able to separate at-risk files from those that are safe based on their context. By computing highly accurate reputation ratings on every file, Symantec's Insight can deliver effective protection not just against popular malware, but also identify the most arcane threats.
Symantec recommends security professionals to consider these five areas when evaluating protection technologies to ensure they cover all the bases:
- File-based protection. A modern anti-virus solution should go beyond simple pattern matching to determine a good or bad file and provide multiple methods, including both generic and heuristic techniques, to identify both known and unknown threats. While there are other means of attack, having infected files on a target machine remains an on-going problem. This means that filed-based protection is still necessary in detecting, neutralising and removing threats from individual machines.
- Network-based protection. Block malicious attacks before they can introduce malware onto a system. Network-based protection analyses incoming data streams arriving via network connections, and blocks threats before they hit the system.
- Behaviour-based protection. To push security to the next level, behaviour-based protection is required. This technique examines the dynamic behaviour of malicious activity as opposed to static characteristics. In addition, this approach provides protection no matter what the end user does or how the malware ends up on a machine.
- Reputation-based protection. Among the newest forms of protection, reputation-based technology considers the meta-information of a file to provide context. The context of a particular file - for example, its origin, its age, where it exists, and where it travels - is used to determine whether the file is safe or a threat, and then, if necessary, initiate the proper course of remediation.
- Optimised for virtualisation. Virtualisation is a strategic business imperative for an increasing number of organisations-one designed to deliver value by facilitating more agile IT infrastructures and creating a path to the cloud. Next-generation security technologies need to be optimised for virtualisation, not impede the technology by getting in the way of performance.
- Symantec Endpoint Protection Ecosystem. Symantec's Security Response is aggressively pursuing new protection technologies. These technologies are part of an eco-system of five layers of security that protect endpoints against everything from social engineering attacks to bots, botnets and targeted attacks. This level of protection is also effective against advanced persistent threats (APT), trojans and general malware zero-day threats. In today's complex threat landscape, a single data breach can cost from as much as US$5.5 million between both direct and hidden costs. While the days of relying solely on signature-based antivirus are over, Symantec will continue to help organisations push the limits of endpoint protection to its maximum. Based on our longstanding expertise in threat evolution, we foresee the following five developments in cyber security for the coming year. These predictions are generally trends that have impacted enterprises in previous years but the stakes will be higher than ever owing to the growing sophistication of the threat landscape and exponential level of data growth.
- Cyber conflict becomes the norm - In 2013 and beyond, conflicts between nations, organisations and individuals will predominantly take place in the cyber world. Espionage can be successful and also easily deniable when conducted online, demonstrated by many examples in the last two years. Nations or organised groups of individuals will continue to use cyber tactics in an attempt to damage or destroy the secure information or funds of its targets. In 2013, we will see the cyber equivalent of saber rattling, where nation states, organisations, and even groups of individuals use cyber attacks to show their strength and to relay a message. Additionally, Symantec expects more attacks taking place on individuals and non-government organisations, such as supporters of political issues and members of minority groups in conflict. This type of targeting is currently seen when hacktivist groups are aggravated by an individual or a company. Someone who has a different and strongly-held opinion on an issue might join the group in order to access the group's members. He or she might then distribute malware to infect their computers and post confusing, abusing or disruptive messages using their accounts as a platform. The cyber criminal might even steal their credit cards and make donations 'in their name' to the opposing side.
- Ransomware is the new scareware - New research from Symantec sheds light on a rapidly growing class of cyber attack known as ransomware. Symantec's conservative estimate is that cyber criminals are extorting over US$5 million a year from victims as a result of this scam, and that number is likely to grow. The scam works by using malware to disable victims' computers until they pay a ransom, usually via online payment methods, to restore access. Cyber criminals often use social engineering tricks, such as displaying phony messages purporting to be from local law enforcement, to convince victims to pay up. Such messages often include warnings such as, "You have browsed illicit materials and must pay a fine." Symantec's research shows that up to 2.9 percent of victims end up paying ransoms. That number is significant given fees range up to US$460 and one gang was observed attempting to infect 495,000 computers over the course of just 18 days. In 2013, attackers will use more professional ransom screens, up the emotional stakes to motivate their victims, and use methods that make it harder for one to recover once compromised. The best defence against this rapidly evolving threat is for users to keep their computers, including their operating systems and applications, up-to-date with the latest updates from manufacturers. Using security software to block infections is also a necessary step to prevent falling victim to this scam.
- Madware adds to the insanity. Mobile adware, or "madware", is a nuisance that disrupts the user experience and can potentially expose location details, contact information, and device identifiers to cyber criminals. Madware - which sneaks onto a user device when one downloads an app - often sends pop-up alerts to the notification bar, adds icons, changes browser settings, and gathers personal information. In just the past nine months, the number of apps with the most aggressive forms of madware has increased by 210 percent. Because location and device information can be legitimately collected by advertising networks (as it helps them target users with appropriate advertising), we expect increased use in madware as more companies seek to drive mobile ad revenue.
- Monetisation of social networks introduces new dangers. As consumers, we place a high level of trust in social media - from the sharing of personal details, to spending money on game credits, to gifting items to friends. As social networks start to find new ways to monetise their platforms by enabling members to spend real money, cyber criminals will now also have new avenues to lay the groundwork for attack. Take for instance a recent spam tactic that Symantec discovered on Instagram, a photosharing mobile application. Spammers were found to gather personal details and persuade users to sign up for premium-rate mobile services, among other things, generally by creating fake accounts. The scams take on a number of forms, from spam comments, to fake followers, to liking photos in the hopes people will check out their profiles, which in turn often contain more spam links. Symantec also anticipates an increase in malware attacks that steal payment credentials and trick users into providing payment details, and other personal and potentially valuable information, to fake social networks. This may include fake gift notifications and email messages requesting home addresses and other personal information. While providing non-financial information might seem innocuous, cyber criminals sell and trade this information with one another to combine with information they already have about you, helping them create a profile of you they can use to gain access to your other accounts.
- As users shift to mobile and cloud, so will attackers. Attackers will go where users go, and this continues to be on mobile devices and the cloud. Mobile platforms and cloud services will be likely targets for attacks and breaches in 2013. The rapid rise of Android malware in 2012 confirms this, with the most recent example discussed in Symantec's September 2012 Intelligence Report. The report looks at an Android application that attempts to trick the user into thinking that they can charge their device with nothing but the rays of the sun. The Android application Android.Sumzand claims to convert one's conventional smartphone screen into a solar panel that extends battery life. Rather, the app steals personal contact data from the phone and sends it to the app creator. In addition, there will be increased risk of breaches and targeted attacks on mobile data as unmanaged mobile devices continue to pass through corporate networks and retrieve company data that might end up getting stored on other clouds. As mobile carriers and retail stores transition to mobile payments, we expect to see criminals use malware to hijack payment information from people in retail environments. Some payment systems are widely used by technical novices and may have vulnerabilities that allow information to be stolen. 2013 will also press the limits of the SSL mobile infrastructure. The increase in mobile computing will strain the SSL mobile infrastructure in 2013 and reveal that Internet activity on mobile browsers is not subject to proper SSL certificate handling. To exacerbate the problem, much of this mobile Internet usage is being handled by unsecure mobile applications, which brings additional risk to the table, such as man-in-the-middle attacks.
Sign up for CIO Asia eNewsletters.